Aller au contenu

st22026

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    73

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par st22026

  1. st22026
    Bonjour,lorsque je navigue sur firefox,parfois en cliquant sur un site je tombe sur une page blanche avec le nom d'un autre site du genre "cheapmedecine". Et aussi des fois sans rien faire un onglet apparait tout seul avec un site douteux. J'ai fait des analyses avec antivir,spybot,secuser et MBAM mais le problème n'est pas résolu.
  2. st22026
    J'y suis allé de façon manuelle et comme je l'ai écrit dans mon message,ca ne fonctionne pas.
  3. st22026
    Bonjour, je suis en mode sans échec mais en haute définition et avec mon fond d'écran habituel,et je n'arrive pas à revenir en mode normal en tapant F5 au démarrage puis en sélectionnant démarrage normal,SVP comment faire? Merci.
  4. st22026
    XP Antispyware 2010 a disparu seulement maintenant je dois choisir dans une liste pour ouvrir chaque programme, msconfig n'est plus accessible, quand je veux ouvrir un mp3, WMP me dit qu'il ne lit pas les fichiers .exe, l'antivirus ne fonctionne plus et quasiment tous les programmes du panneau de configuration sont inaccessibles il me dit "C:\Windows\system 32\rundll32.exe Application introuvable". J'ai pu faire une analyse avec MBAM mais il n'a rien trouvé.
  5. st22026
    Après avoir appuyé sur une touche lorsque load_tdsskiller me le demande,il ne se passe rien,la fenêtre noir se ferme ou alors il affiche un rapport vide. Voici le rapport de Rkill Processes terminated by Rkill or while it was running: C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Adrien\Local Settings\Application Data\av.exe C:\Documents and Settings\Adrien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Adrien\Mes documents\Downloads\rkill.com Rkill completed on 09/02/2010 at 18:40:20. Concernant MBAM il ne s'ouvre pas comme je l'ai expliqué.
  6. st22026
    Bonjour, comment faire pour supprimer cette saloperie? J'ai essayé avec smitfraudfix mais ca ne marche pas et Malwaresbytes anti malware ne peut pas se lancer. Merci.
  7. st22026
    Ben je suis allé dans le menu boot en appuyant sur F12,c'est tout,j'ai le son et j'ai pu activer l'antivirus.
  8. st22026
    Je suis allé dans le boot menu ca a reglé les problèmes.
  9. st22026
    J'essaye d'installer javara mais à la fin ca me met : "impossible d'acceder au service windows installer.Ceci peut se produire si windows est en mode sans echec,ou si le programme d'installation de windows n'est pas bien installé.Contactez votre support technique pour assistance".
  10. st22026
    Oui c'est 1084 pardon.Le rapport : SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 13:11 on 06/09/2009 by A (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option] "OptionValue"= 0x0000000002 (2) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "ComSpec"="%SystemRoot%\system32\cmd.exe" "FP_NO_HOST_CHECK"="NO" "NUMBER_OF_PROCESSORS"="1" "OS"="Windows_NT" "Path"="%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\ALZip" "PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH" "PROCESSOR_ARCHITECTURE"="x86" "PROCESSOR_IDENTIFIER"="x86 Family 15 Model 79 Stepping 2, AuthenticAMD" "PROCESSOR_LEVEL"="15" "PROCESSOR_REVISION"="4f02" "SAFEBOOT_OPTION"="NETWORK" "TEMP"="%SystemRoot%\TEMP" "TMP"="%SystemRoot%\TEMP" "windir"="%SystemRoot%" ========== file ========== ========== regfind ========== Searching for "eBay" No data found. -=End Of File=-
  11. st22026
    SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 00:14 on 06/09/2009 by Adrien (Administrator - Elevation successful) ========== reg ========== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] (No values found) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveAutoRun"= 0x0003ffffff (67108863) "NoDrives"= 0000000000 (0) "NoDriveTypeAutoRun"= 0x0000000143 (323) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] -=End Of File=-
  12. st22026
    Ca, c'est plus haut, la procédure pour réparer le son.C'est donc le périphérique audio->La carte son ou le pilote si la carte son est intégrée dans la carte mère. Ou est la carte son dans ajout/suppression de programmes? Recommencez la copie dans le bloc notelorsque vous cliquez sur "enregister sous" dans la fenêtre nom, effacez tout et inscrivez repare.vbs dans la fenêtre en dessous choisissez "Tous les fichiers" A gauche cliquez sur Bureau. Validez Lancez le script. C'est bien ce que je fais mais ca ne marche pas.
  13. st22026
    ... Enregistrer ce fichier avec un nom comme "repare.vbs" (n'oubliez pas les guillemets dans notepad, sinon il vous rajoutera une extension .txt !!!),et le lancer en double-cliquant dessus. Je clique dessus et il ne se passe rien. Procédez à une désinstallation complète du périphérique en vous servant du programme présent dans le module Ajout/Suppression de programmes du Panneau de configuration. De quel peripherique sagit-il?
  14. st22026
    Quand je veux installer java il y a une fenêtre qui me dit "l'administrateur systeme a configuré la politique de votre système pour interdire cette installation". Qu'est ce que je dois désinstaller dans Ajout/Suppression de programmes du Panneau de configuration?
  15. st22026
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:50, on 05/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE D:\Folder Lockbox\flockbox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\NetXfer\NXIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [flockbox] D:\Folder Lockbox\flockbox.exe /a O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Tout télécharger avec NetXfer - D:\NetXfer\NXAddList.html O8 - Extra context menu item: Télécharger avec NetXfer - D:\NetXfer\NXAddLink.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) -- End of file - 8766 bytes Lorsque je vais dans panneau de configuration/outils d'administration/services et que je clique sur audio windows puis démarrer il me dit "impossible de démarrer le service audio sur ordinateur loca.Erreur 1804 : ce service ne peut pas être démarré en mode sans echéc" Pourquoi? D'ou ca vient?
  16. st22026
    ComboFix 09-09-03.02 - A 04/09/2009 19:32.8.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.541 [GMT 2:00] Running from: c:\documents and settings\Adrien\Bureau\ComboFix.exe Command switches used :: c:\documents and settings\Adrien\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 ))))))))))))))))))))))))))))))) . 2009-09-04 16:49 . 2009-09-04 16:49 -------- d-----w- c:\windows\LastGood.Tmp 2009-09-04 16:49 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-04 16:49 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-04 16:49 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-04 16:49 . 2009-09-04 16:49 -------- d-----w- c:\program files\Avira 2009-09-04 16:49 . 2009-09-04 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-04 15:59 . 2009-09-04 16:10 -------- d-----w- C:\ToolBar SD 2009-09-03 15:36 . 2009-09-03 16:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-03 12:20 . 2009-09-03 22:15 -------- d-----w- c:\documents and settings\Adrien\Application Data\Gmail 2009-08-24 15:35 . 2009-08-24 15:35 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-08-22 16:39 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe 2009-08-21 20:58 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-20 13:38 . 2004-08-10 20:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-20 13:38 . 2004-08-10 20:00 4224 ------w- c:\windows\system32\drivers\beep.sys 2009-08-20 13:09 . 2009-08-20 13:09 19879 ----a-w- c:\program files\Fichiers communs\urezol.dat 2009-08-20 13:09 . 2009-08-20 13:09 10517 ----a-w- c:\windows\system32\hakaderem.dat 2009-08-20 12:59 . 2009-08-24 15:01 -------- d-----w- C:\_OTM 2009-08-19 15:47 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 15:47 . 2009-08-19 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 15:47 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 21:20 . 2009-08-18 17:02 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-17 13:57 . 2009-08-17 13:57 12543 ----a-w- c:\program files\Fichiers communs\zuduhenajy.dat 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\Adrien\Application Data\Malwarebytes 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-16 21:16 . 2009-08-16 21:16 -------- d-----w- C:\WinFileReplace 2009-08-16 11:33 . 2004-08-10 20:00 2944 ------w- c:\windows\system32\drivers\null.sys 2009-08-15 22:43 . 2009-08-15 22:43 -------- d-s---w- C:\scan 2009-08-15 12:37 . 2009-09-04 15:26 -------- d-----w- C:\rsit 2009-08-15 09:02 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-15 09:01 . 2009-09-04 14:00 -------- d-----w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6 2009-08-14 15:19 . 2009-08-14 15:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-14 11:33 . 2009-08-14 11:33 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-08-12 01:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 22:15 . 2007-04-06 16:56 -------- d-----w- c:\documents and settings\Adrien\Application Data\AVG7 2009-09-03 18:56 . 2009-03-25 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-03 12:21 . 2007-06-10 14:51 -------- d-----w- c:\documents and settings\Adrien\Application Data\ABF software 2009-09-03 12:21 . 2007-03-12 16:35 -------- d-----w- c:\documents and settings\Adrien\Application Data\Apple Computer 2009-09-02 14:20 . 2008-03-21 11:22 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-09-02 14:17 . 2009-01-09 16:06 -------- d-----w- c:\documents and settings\Adrien\Application Data\Orbit 2009-08-22 08:33 . 2009-04-18 08:55 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-08-19 16:18 . 2009-08-19 16:18 13603 ----a-w- c:\documents and settings\All Users\Application Data\qelugyku.dat 2009-08-17 13:57 . 2009-08-17 13:57 13100 ----a-w- c:\documents and settings\LocalService\Application Data\uhyg.dat 2009-08-13 21:53 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\DNA 2009-08-13 07:42 . 2009-03-16 18:47 -------- d-----w- c:\program files\DNA 2009-08-09 16:33 . 2006-12-23 21:15 58616 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-08-09 01:18 . 2006-08-11 17:43 85636 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-09 01:18 . 2006-08-11 17:43 512292 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-05 09:00 . 2004-08-10 20:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 08:43 . 2008-12-17 10:35 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-24 15:04 . 2009-01-10 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-17 19:03 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 20:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 22:20 . 2006-12-24 17:25 -------- d-----w- c:\program files\Fichiers communs\Real 2009-07-03 16:57 . 2006-03-04 04:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 15:32 . 2009-06-25 15:32 287 ----a-w- c:\windows\EReg072.dat 2009-06-25 08:26 . 2004-10-28 01:24 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-10 20:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-10 20:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-10 20:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-10 20:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 20:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2005-05-11 02:30 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-10 20:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-10 20:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-10 20:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-10 20:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-08 13:33 . 2009-07-13 14:05 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2008-12-28 18:05 . 2008-12-28 18:05 2402832 -c--a-w- c:\program files\WLinstaller.exe 2006-05-03 10:06 . 2009-01-09 22:07 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-01-09 22:07 31232 -csh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-01-09 22:07 216064 -csh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-04_16.34.30 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-04 16:49 . 2009-02-13 10:49 28376 c:\windows\system32\drivers\ssmdrv.sys + 2009-09-04 16:49 . 2009-08-22 23:38 55656 c:\windows\LastGood.Tmp\system32\DRIVERS\avgntflt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "flockbox"="d:\folder lockbox\flockbox.exe" [2006-11-10 1065984] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472] BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-5-12 581693] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Adrien^Mes documents^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk] path=c:\documents and settings\Adrien\Mes documents\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk backup=c:\windows\pss\Free Music Zilla.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Regedit32"=c:\windows\system32\regedit.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "d:\\Orbitdownloader\\orbitdm.exe"= "d:\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Free Music Zilla\\FMZilla.exe"= "d:\\SopCast\\adv\\SopAdver.exe"= "d:\\NetXfer\\NetTransport.exe"= "d:\\StationRipper\\StationRipperConsole.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "d:\\SopCast\\SopCast.exe"= "d:\\Program Files\\TVAnts\\Tvants.exe"= "d:\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "%windir%\\system32\\drivers\\svchost.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [07/01/2007 13:02 13824] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 1029456] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [04/09/2009 18:49 108289] S2 BroadCamService;BroadCam Service;"c:\program files\NCH Software\BroadCam\broadCam.exe" -service --> c:\program files\NCH Software\BroadCam\broadCam.exe [?] S2 EyelineService;Eyeline Service;"c:\program files\NCH Software\Eyeline\eyeline.exe" -service --> c:\program files\NCH Software\Eyeline\eyeline.exe [?] S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320] . Contents of the 'Scheduled Tasks' folder 2009-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:33] 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006Core.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006UA.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{5E39FACB-FF9D-4260-963F-CCB597CFD3B7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Supplementary Scan ------- . mWindow Title = uInternet Connection Wizard,ShellNext = iexplore IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204 IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202 IE: Download with &Shareaza - c:\program files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Tout télécharger avec NetXfer - d:\netxfer\NXAddList.html IE: Télécharger avec NetXfer - d:\netxfer\NXAddLink.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html FF - ProfilePath - c:\documents and settings\Adrien\Application Data\Mozilla\Firefox\Profiles\hjj3vx4k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q= FF - plugin: c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: d:\divx content uploader\npUpload.dll FF - plugin: d:\divx player\npDivxPlayerPlugin.dll FF - plugin: d:\divx web player\npdivx32.dll FF - plugin: d:\real alternative\browser\plugins\nppl3260.dll FF - plugin: d:\real alternative\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-04 19:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(256) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2009-09-04 19:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-04 17:40 ComboFix2.txt 2009-09-04 16:36 ComboFix3.txt 2009-08-21 15:59 Pre-Run: 32 251 060 224 octets libres Post-Run: 32 195 743 744 octets libres 248 --- E O F --- 2009-08-26 15:44
  17. st22026
    Rapport Toolbar-S&D : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon 64 Processor 3500+ ) BIOS : )Phoenix - Award WorkstationBIOS v6.00PG USER : Adrien ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:71 Go (Free:30 Go) D:\ (Local Disk) - FAT32 - Total:71 Go (Free:58 Go) E:\ (CD or DVD) G:\ (USB) H:\ (USB) I:\ (USB) J:\ (USB) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 04/09/2009|18:09 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\Adrien\APPLIC~1\Search Settings\kb127 Supprime! - C:\WINDOWS\iun6002.exe Supprime! - C:\DOCUME~1\Adrien\APPLIC~1\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (Adrien) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (Adrien) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 04/09/2009|18:07 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 04/09/2009|18:10 - Option : [2] -----------\\ Fin du rapport a 18:10:06,07 Rapport combofix : ComboFix 09-09-03.02 - Adrien 04/09/2009 18:29.7.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.552 [GMT 2:00] Running from: c:\documents and settings\Adrien\Bureau\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Adrien\Application Data\qawyfa.inf c:\documents and settings\Adrien\Application Data\ratyrinu.vbs c:\documents and settings\All Users\Application Data\ivymi.dl c:\documents and settings\All Users\Application Data\kogajihede.ban c:\documents and settings\All Users\Application Data\lyta.lib c:\documents and settings\All Users\Application Data\mihadyme._sy c:\documents and settings\All Users\Application Data\ycenoki.ban c:\documents and settings\All Users\Documents\abegemiseg.dl c:\documents and settings\All Users\Documents\ecowevi.bat c:\documents and settings\All Users\Documents\etylewido.inf c:\documents and settings\All Users\Documents\gafop.reg c:\documents and settings\All Users\Documents\idary.sys c:\documents and settings\All Users\Documents\ikyra.dll c:\documents and settings\All Users\Documents\letobome.bin c:\documents and settings\All Users\Documents\mumokopym.bin c:\documents and settings\All Users\Documents\otityqosig.inf c:\documents and settings\All Users\Documents\qanavuzu.bat c:\documents and settings\All Users\Documents\ravivot.ban c:\documents and settings\All Users\Documents\rixot.bat c:\documents and settings\All Users\Documents\sedek.ban c:\documents and settings\All Users\Documents\usihy.bin c:\documents and settings\All Users\Documents\uvysi.vbs c:\documents and settings\All Users\Documents\yfepipu.vbs c:\documents and settings\All Users\Documents\ymunaza.exe c:\documents and settings\All Users\Documents\zufoka.com c:\documents and settings\All Users\Documents\zyqowot.bat c:\documents and settings\LocalService\Application Data\atonijewy._sy c:\documents and settings\LocalService\Application Data\buge.inf c:\documents and settings\LocalService\Application Data\ixevudida.dl c:\documents and settings\LocalService\Application Data\izul.ban c:\documents and settings\LocalService\Application Data\niju.ban c:\documents and settings\LocalService\Application Data\xosuzed._dl c:\documents and settings\LocalService\Local Settings\Application Data\coby.dl c:\documents and settings\LocalService\Local Settings\Application Data\hatyto.ban c:\documents and settings\LocalService\Local Settings\Application Data\zoquvis.dl c:\windows\azusavum.dl c:\windows\bybaluhyw.inf c:\windows\fujazim.inf c:\windows\huzybumef._dl c:\windows\nizo.ban c:\windows\remezuw.ban c:\windows\rubux.dl c:\windows\run.log c:\windows\system32\dehimejiv.inf c:\windows\system32\drivers\kbiwkmqroyinbl.sys c:\windows\system32\olojanyrow.ban c:\windows\utipurit.dl . ((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 ))))))))))))))))))))))))))))))) . 2009-09-04 15:59 . 2009-09-04 16:10 -------- d-----w- C:\ToolBar SD 2009-09-03 15:36 . 2009-09-03 16:33 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-03 12:20 . 2009-09-03 22:15 -------- d-----w- c:\documents and settings\Adrien\Application Data\Gmail 2009-08-24 15:35 . 2009-08-24 15:35 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-08-22 16:39 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe 2009-08-21 20:58 . 2009-08-22 23:38 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-20 13:38 . 2004-08-10 20:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-20 13:38 . 2004-08-10 20:00 4224 ------w- c:\windows\system32\drivers\beep.sys 2009-08-20 13:09 . 2009-08-20 13:09 19879 ----a-w- c:\program files\Fichiers communs\urezol.dat 2009-08-20 13:09 . 2009-08-20 13:09 10517 ----a-w- c:\windows\system32\hakaderem.dat 2009-08-20 12:59 . 2009-08-24 15:01 -------- d-----w- C:\_OTM 2009-08-19 15:47 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 15:47 . 2009-08-19 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 15:47 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 21:20 . 2009-08-18 17:02 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-17 13:57 . 2009-08-17 13:57 12543 ----a-w- c:\program files\Fichiers communs\zuduhenajy.dat 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\Adrien\Application Data\Malwarebytes 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-16 21:16 . 2009-08-16 21:16 -------- d-----w- C:\WinFileReplace 2009-08-16 11:33 . 2004-08-10 20:00 2944 ------w- c:\windows\system32\drivers\null.sys 2009-08-15 22:43 . 2009-08-15 22:43 -------- d-s---w- C:\scan 2009-08-15 12:37 . 2009-09-04 15:26 -------- d-----w- C:\rsit 2009-08-15 09:02 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-15 09:01 . 2009-09-04 14:00 -------- d-----w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6 2009-08-14 15:19 . 2009-08-14 15:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-14 11:33 . 2009-08-14 11:33 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-08-12 01:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 22:15 . 2007-04-06 16:56 -------- d-----w- c:\documents and settings\Adrien\Application Data\AVG7 2009-09-03 18:56 . 2009-03-25 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-03 12:21 . 2007-06-10 14:51 -------- d-----w- c:\documents and settings\Adrien\Application Data\ABF software 2009-09-03 12:21 . 2007-03-12 16:35 -------- d-----w- c:\documents and settings\Adrien\Application Data\Apple Computer 2009-09-02 14:20 . 2008-03-21 11:22 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-09-02 14:17 . 2009-01-09 16:06 -------- d-----w- c:\documents and settings\Adrien\Application Data\Orbit 2009-08-22 08:33 . 2009-04-18 08:55 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-08-19 16:18 . 2009-08-19 16:18 13603 ----a-w- c:\documents and settings\All Users\Application Data\qelugyku.dat 2009-08-17 13:57 . 2009-08-17 13:57 13100 ----a-w- c:\documents and settings\LocalService\Application Data\uhyg.dat 2009-08-13 21:53 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\DNA 2009-08-13 07:42 . 2009-03-16 18:47 -------- d-----w- c:\program files\DNA 2009-08-09 16:33 . 2006-12-23 21:15 58616 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-08-09 01:18 . 2006-08-11 17:43 85636 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-09 01:18 . 2006-08-11 17:43 512292 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-05 09:00 . 2004-08-10 20:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 08:43 . 2008-12-17 10:35 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-24 15:04 . 2009-01-10 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-17 19:03 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 20:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 22:20 . 2006-12-24 17:25 -------- d-----w- c:\program files\Fichiers communs\Real 2009-07-03 16:57 . 2006-03-04 04:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 15:32 . 2009-06-25 15:32 287 ----a-w- c:\windows\EReg072.dat 2009-06-25 08:26 . 2004-10-28 01:24 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-10 20:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-10 20:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-10 20:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-10 20:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 20:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2005-05-11 02:30 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-10 20:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-10 20:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-10 20:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-10 20:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-08 13:33 . 2009-07-13 14:05 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2008-12-28 18:05 . 2008-12-28 18:05 2402832 -c--a-w- c:\program files\WLinstaller.exe 2006-05-03 10:06 . 2009-01-09 22:07 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-01-09 22:07 31232 -csh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-01-09 22:07 216064 -csh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "flockbox"="d:\folder lockbox\flockbox.exe" [2006-11-10 1065984] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384] c:\documents and settings\Adrien\Mes documents\Menu D‚marrer\Programmes\D‚marrage\ avguard.exe [2009-8-23 185089] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472] BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-5-12 581693] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Adrien^Mes documents^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk] path=c:\documents and settings\Adrien\Mes documents\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk backup=c:\windows\pss\Free Music Zilla.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Regedit32"=c:\windows\system32\regedit.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "d:\\Orbitdownloader\\orbitdm.exe"= "d:\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Free Music Zilla\\FMZilla.exe"= "d:\\SopCast\\adv\\SopAdver.exe"= "d:\\NetXfer\\NetTransport.exe"= "d:\\StationRipper\\StationRipperConsole.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "d:\\SopCast\\SopCast.exe"= "d:\\Program Files\\TVAnts\\Tvants.exe"= "d:\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "%windir%\\system32\\drivers\\svchost.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [07/01/2007 13:02 13824] S2 BroadCamService;BroadCam Service;"c:\program files\NCH Software\BroadCam\broadCam.exe" -service --> c:\program files\NCH Software\BroadCam\broadCam.exe [?] S2 EyelineService;Eyeline Service;"c:\program files\NCH Software\Eyeline\eyeline.exe" -service --> c:\program files\NCH Software\Eyeline\eyeline.exe [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 1029456] S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320] . Contents of the 'Scheduled Tasks' folder 2009-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:33] 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006Core.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006UA.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-09-03 c:\windows\Tasks\User_Feed_Synchronization-{5E39FACB-FF9D-4260-963F-CCB597CFD3B7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Supplementary Scan ------- . mWindow Title = uInternet Connection Wizard,ShellNext = iexplore IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204 IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202 IE: Download with &Shareaza - c:\program files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Tout télécharger avec NetXfer - d:\netxfer\NXAddList.html IE: Télécharger avec NetXfer - d:\netxfer\NXAddLink.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html FF - ProfilePath - c:\documents and settings\Adrien\Application Data\Mozilla\Firefox\Profiles\hjj3vx4k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q= FF - plugin: c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: d:\divx content uploader\npUpload.dll FF - plugin: d:\divx player\npDivxPlayerPlugin.dll FF - plugin: d:\divx web player\npdivx32.dll FF - plugin: d:\real alternative\browser\plugins\nppl3260.dll FF - plugin: d:\real alternative\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-04 18:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-09-04 18:36 ComboFix-quarantined-files.txt 2009-09-04 16:35 ComboFix2.txt 2009-08-21 15:59 Pre-Run: 32 373 030 912 octets libres Post-Run: 32 354 390 016 octets libres 267 --- E O F --- 2009-08-26 15:44 Il y a un problème bizarre,quand je démarre le mode sans echec et que je vais ensuite en mode normal,Internet ne marche pas,je suis obligé d'aller en mode sans echec avec reseau puis de redemarrer pour l'avoir en mode normal. De plus,maintenant je dois choisir entre le compte administrateur et mon comte habituel(comme quand je démarre en mode sans echec)alors que d'habitude je me connecte directement sur mon compte habituel.
  18. st22026
    info.txt logfile of random's system information tool 1.06 2009-09-04 17:26:58 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79B4539B-F3F8-4239-885E-025F12DBC86B}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79B4539B-F3F8-4239-885E-025F12DBC86B}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8325E66-E1C8-43C1-AA6A-F99C024A8C96}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8325E66-E1C8-43C1-AA6A-F99C024A8C96}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} AbiWord 2.4.6 (remove only)-->D:\AbiSuite2\UninstallAbiWord2.exe Acer eDataSecurity Management 2.0.3077-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036 Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1 Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly Acer WLAN 11g USB Dongle-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1036 Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} ALZip-->D:\ALZip\unins000.exe AoA Audio Extractor 1.0-->"D:\AoA Audio Extractor\unins000.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AssaultCube v1.0-->"D:\AssaultCube_v1.0\uninstall.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Audacity 1.2.6-->"D:\Audacity\unins000.exe" Avidemux 2.4-->D:\Avidemux 2.4\uninstall.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45} Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C} Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST CCleaner (remove only)-->"D:\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CloneDVDmobile-->"D:\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="D:\CloneDVDmobile" commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39} Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} DJ show-->C:\WINDOWS\st6unst.exe -n "d:\ST6UNST.000" DOOM Collector's Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM Collector's Edition\DC.isu" DSS DJ 5.6-->"D:\DSS DJ\unins000.exe" EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D} FLV Player 1.0.3-->C:\Program Files\FLV Player\uninst.exe Folder Lockbox 1.1 for Windows 2000/XP-->"D:\Folder Lockbox\unins000.exe" Free Mp3 Wma Converter V 1.6.3-->"D:\Free Audio Pack\unins000.exe" Free Music Zilla-->"D:\Free Music Zilla\unins000.exe" Free Sound Recorder v5.8.5-->"D:\Free Sound Recorder\unins000.exe" Free Video Converter V 2.1-->"D:\Free Video Converter\unins000.exe" Free Video Dub version 1.5-->"D:\Free Video Dub\unins000.exe" Free Video Joiner 1.0-->"D:\Free Video Joiner\unins000.exe" Free Video to Mp3 Converter version 2.8-->"D:\Free Video to Mp3 Converter\unins000.exe" Free YouTube to Mp3 Converter version 3.1-->"D:\Free YouTube to Mp3 Converter\unins000.exe" Freez FLV to MP3 Converter-->"D:\Freez FLV to MP3 Converter\unins000.exe" Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HijackThis 2.0.2-->"D:\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HouseCall 6.6-->"C:\Documents and Settings\Adrien\Application Data\HouseCall 6.6\uninstaller.exe" IZArc 4.0 beta 1-->"D:\IZArc\unins000.exe" J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kit de connexion ADSL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F628098-2E02-42B8-9B0F-C9087E1BDD5C}\setup.exe" -l0x40c -usb K-Lite Codec Pack 4.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Magic Video Converter 8.0.8.24-->"D:\Magic Video Converter\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaInfo 0.7.4.3-->D:\MediaInfo\uninst.exe Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Modem ADSL-->C:\Program Files\ModemAdsl\uninstall.exe Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MPEG Joiner version 2.22-->"D:\MPEGJOINER\unins000.exe" MPEG-VCR 3.14.7.1 (03/2009)-->"D:\MPEG-VCR\unins000.exe" MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe NetXfer 2.82.450-->"D:\NetXfer\unins000.exe" NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4 NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7 NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U Orbit Downloader-->"D:\Orbitdownloader\unins000.exe" Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf Package de pilotes Windows - AMD System (04/06/2006 1.0.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdaway_6BBB63755B7B133065E435E51557E416289081C4\amdaway.inf PerfectLameXP (d:\)-->C:\WINDOWS\st6unst.exe -n "D:\ST6UNST.000" PerfectLameXP-->C:\WINDOWS\st6unst.exe -n "D:\ST6UNST.LOG" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Real Alternative 1.9.0-->"D:\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SnagIt 8-->MsiExec.exe /I{93699C3E-005E-4294-87CA-F5B7DE2CD687} Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} SopCast 3.0.1-->D:\SopCast\uninst.exe Spybot - Search & Destroy-->"D:\Spybot - Search & Destroy\unins000.exe" StationRipper 2.87-->D:\StationRipper\uninstall-StationRipper.exe SUPER © Version 2009.bld.35 (Jan 5, 2009)-->D:\SUPER\Setup.exe /remove /q0 Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic TVAnts 1.0-->D:\PROGRA~1\TVANTS\UNWISE.EXE D:\PROGRA~1\TVANTS\INSTALL.LOG Ulead GIF Animator 5 Evaluation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" UltraISO Premium V8.66-->"D:\UltraISO\unins000.exe" Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe" Unlocker 1.8.7-->D:\Unlocker\uninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VideoLAN VLC media player 0.8.6c-->D:\VLC\uninstall.exe Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Virtual Machine Network Services Driver-->MsiExec.exe /I{A1795AC0-9B6A-40D9-8E07-A82662268D9F} VirtualDubMOD 1.5.10.3 Fr-->"D:\VirtualDubMOD\unins000.exe" Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Winamp-->"D:\Winamp\UninstWA.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WM Recorder 9.1-->C:\WINDOWS\iun6002.exe "D:\WM Recorder\irunin.ini" Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe YouTUBE movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500} ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: ACER-7989E0343A Event Code: 10005 Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39957 Source Name: DCOM Time Written: 20090818225213.000000+120 Event Type: erreur User: ACER-7989E0343A\Adrien Computer Name: ACER-7989E0343A Event Code: 10005 Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39956 Source Name: DCOM Time Written: 20090818224807.000000+120 Event Type: erreur User: ACER-7989E0343A\Adrien Computer Name: ACER-7989E0343A Event Code: 10005 Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811} Record Number: 39955 Source Name: DCOM Time Written: 20090818224610.000000+120 Event Type: erreur User: ACER-7989E0343A\Adrien Computer Name: ACER-7989E0343A Event Code: 10005 Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Record Number: 39954 Source Name: DCOM Time Written: 20090818224520.000000+120 Event Type: erreur User: ACER-7989E0343A\Adrien Computer Name: ACER-7989E0343A Event Code: 10005 Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} Record Number: 39953 Source Name: DCOM Time Written: 20090818224433.000000+120 Event Type: erreur User: ACER-7989E0343A\Adrien =====Application event log===== Computer Name: ACER-7989E0343A Event Code: 1001 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 3124 Source Name: LoadPerf Time Written: 20090707125308.000000+120 Event Type: Informations User: Computer Name: ACER-7989E0343A Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 3123 Source Name: SecurityCenter Time Written: 20090707124913.000000+120 Event Type: Informations User: Computer Name: ACER-7989E0343A Event Code: 32068 Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Record Number: 3122 Source Name: Microsoft Fax Time Written: 20090707124912.000000+120 Event Type: Avertissement User: Computer Name: ACER-7989E0343A Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 3121 Source Name: Microsoft Fax Time Written: 20090707124912.000000+120 Event Type: Avertissement User: Computer Name: ACER-7989E0343A Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 3120 Source Name: LightScribeService Time Written: 20090707124907.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\ALZip "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SAFEBOOT_OPTION"=NETWORK -----------------EOF-----------------
  19. st22026
    Logfile of random's system information tool 1.06 (written by random/random) Run by A at 2009-09-04 16:02:39 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 31 GB (42%) free of 73 GB Total RAM: 767 MB (64% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:02:48, on 04/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE D:\Folder Lockbox\flockbox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Adrien\Bureau\RSIT.exe D:\Adrien.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\NetXfer\NXIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [flockbox] D:\Folder Lockbox\flockbox.exe /a O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: avguard.exe O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Tout télécharger avec NetXfer - D:\NetXfer\NXAddList.html O8 - Extra context menu item: Télécharger avec NetXfer - D:\NetXfer\NXAddLink.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) -- End of file - 9003 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\avguard.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006UA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{5E39FACB-FF9D-4260-963F-CCB597CFD3B7}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - D:\Orbitdownloader\orbitcth.dll [2008-12-19 134344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}] Shareaza Web Download Hook - C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}] DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}] NXIECatcher Class - D:\NetXfer\NXIEHelper.dll [2007-08-15 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-05-10 131072] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2436160] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - NetXfer - D:\NetXfer\NXToolBar.dll [2007-07-11 57344] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "flockbox"=D:\Folder Lockbox\flockbox.exe [2006-11-10 1065984] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=D:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe] C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe [2003-05-06 72192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe [2006-04-18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-22 520024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au] C:\Program Files\Dealio\DealioAU.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] D:\QUARAN~1\ashDisp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [2009-03-16 342848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk] C:\WINDOWS\system32\brastk.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax] braviax.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun] C:\Program Files\NCH Software\BroadCam\broadCam.exe -logon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] D:\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE] dslagent.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyelineRun] C:\Program Files\NCH Software\Eyeline\eyeline.exe -logon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] D:\iTunesHelper.exe [2007-03-02 257088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] Alaunch [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98] C:\WINDOWS\system32\msword98.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-12-19 8720384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe /hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realtekc] C:\Documents and Settings\Adrien\Application Data\Gmail\exiap6415386.exe 2 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32] C:\WINDOWS\system32\regedit.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] SkyTel.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox] D:\SRSSSC.exe /hideme [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] D:\Unlocker\UnlockerAssistant.exe [2008-05-02 15872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateWin] C:\WINDOWS\system32\adsmsexth.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit] C:\WINDOWS\system32\ntos.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adrien^Mes documents^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk] D:\FREEMU~1\FMZilla.exe [2009-02-10 732352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk] C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-06-01 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe C:\Documents and Settings\Adrien\Mes documents\Menu Démarrer\Programmes\Démarrage avguard.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\iTunes.exe"="D:\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM" "D:\Orbitdownloader\orbitdm.exe"="D:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "D:\Orbitdownloader\orbitnet.exe"="D:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "D:\Free Music Zilla\FMZilla.exe"="D:\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla" "D:\SopCast\adv\SopAdver.exe"="D:\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "D:\NetXfer\NetTransport.exe"="D:\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager" "D:\StationRipper\StationRipperConsole.exe"="D:\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger" "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java Platform SE binary" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "D:\Real Alternative\Media Player Classic\mplayerc.exe"="D:\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic" "D:\SopCast\SopCast.exe"="D:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application" "D:\Program Files\TVAnts\Tvants.exe"="D:\Program Files\TVAnts\Tvants.exe:*:Disabled:TVAnts" "D:\VLC\vlc.exe"="D:\VLC\vlc.exe:*:Disabled:VLC media player" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player" "C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (20)\eMule\emule.exe"="C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (20)\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (18)\BitTorrent\bittorrent.exe"="C:\Program Files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (18)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:WinRAR archiver" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332131b9-2a55-11de-b264-00192148152f}] shell\AutoRun\command - K:\Menu.exe ======List of files/folders created in the last 1 months====== 2009-09-03 14:20:36 ----D---- C:\Documents and Settings\Adrien\Application Data\Gmail 2009-08-29 10:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-26 17:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-22 18:39:38 ----N---- C:\WINDOWS\Ctregrun.exe 2009-08-21 22:58:25 ----D---- C:\Program Files\Avira 2009-08-21 22:58:25 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-08-21 22:55:14 ----SHD---- C:\RECYCLER 2009-08-21 17:59:56 ----D---- C:\WINDOWS\temp 2009-08-21 17:59:55 ----A---- C:\ComboFix.txt 2009-08-21 14:45:56 ----A---- C:\WINDOWS\zip.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\SWSC.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\SWREG.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\sed.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\PEV.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-21 14:45:56 ----A---- C:\WINDOWS\grep.exe 2009-08-20 14:59:00 ----D---- C:\_OTM 2009-08-19 17:47:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-17 15:25:10 ----D---- C:\Documents and Settings\Adrien\Application Data\Malwarebytes 2009-08-17 15:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-17 13:08:50 ----A---- C:\WINDOWS\system32\tmp.txt 2009-08-17 13:08:41 ----A---- C:\rapport.txt 2009-08-16 23:16:36 ----D---- C:\WinFileReplace 2009-08-16 00:43:35 ----SD---- C:\scan 2009-08-15 19:40:43 ----D---- C:\WINDOWS\ERDNT 2009-08-15 14:37:08 ----D---- C:\rsit 2009-08-15 11:01:47 ----D---- C:\Documents and Settings\Adrien\Application Data\HouseCall 6.6 2009-08-14 16:49:51 ----SHD---- C:\WINDOWS\CSC 2009-08-14 01:50:57 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-12 04:24:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 04:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 04:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 04:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 04:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 04:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 04:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 04:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-12 04:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-09 10:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-09 03:10:38 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-09 03:10:27 ----D---- C:\Program Files\MSBuild 2009-08-09 03:10:22 ----D---- C:\WINDOWS\system32\en-US 2009-08-09 03:10:09 ----D---- C:\Program Files\Reference Assemblies 2009-08-09 03:09:11 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-09 03:09:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-09 03:09:11 ----N---- C:\WINDOWS\system32\prntvpt.dll ======List of files/folders modified in the last 1 months====== 2009-09-04 15:59:44 ----D---- C:\Program Files\Mozilla Firefox 2009-09-04 13:30:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-04 00:16:14 ----D---- C:\Documents and Settings\Adrien\Application Data\Adobe 2009-09-04 00:15:15 ----D---- C:\Documents and Settings\Adrien\Application Data\AVG7 2009-09-03 22:43:17 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-03 21:53:46 ----D---- C:\WINDOWS\Prefetch 2009-09-03 20:56:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-03 19:17:22 ----N---- C:\WINDOWS\system.ini 2009-09-03 19:17:22 ----ASH---- C:\boot.ini 2009-09-03 19:17:22 ----A---- C:\WINDOWS\win.ini 2009-09-03 18:33:48 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-03 18:21:33 ----D---- C:\WINDOWS\Registration 2009-09-03 18:21:24 ----AD---- C:\WINDOWS 2009-09-03 17:37:33 ----AD---- C:\WINDOWS\system32 2009-09-03 14:21:38 ----D---- C:\Documents and Settings\Adrien\Application Data\Apple Computer 2009-09-03 14:21:38 ----D---- C:\Documents and Settings\Adrien\Application Data\ABF software 2009-09-02 16:20:16 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft 2009-09-02 16:17:56 ----D---- C:\Documents and Settings\Adrien\Application Data\Orbit 2009-08-31 15:03:19 ----AC---- C:\WINDOWS\ModemLog_Modem Bluetooth.txt 2009-08-31 12:32:59 ----D---- C:\downloads 2009-08-30 13:34:56 ----SD---- C:\WINDOWS\Tasks 2009-08-29 10:44:21 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-29 10:05:06 ----HD---- C:\WINDOWS\inf 2009-08-29 10:04:55 ----AD---- C:\WINDOWS\system32\drivers 2009-08-29 10:03:57 ----SHD---- C:\WINDOWS\Installer 2009-08-29 10:03:21 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-27 20:18:22 ----D---- C:\WINDOWS\Minidump 2009-08-26 17:44:43 ----A---- C:\WINDOWS\imsins.BAK 2009-08-25 21:44:16 ----RD---- C:\Program Files 2009-08-22 13:50:22 ----D---- C:\WINDOWS\WinSxS 2009-08-22 10:33:57 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-08-21 17:53:56 ----D---- C:\Program Files\Fichiers communs 2009-08-21 17:52:18 ----D---- C:\WINDOWS\AppPatch 2009-08-21 14:45:56 ----SHD---- C:\System Volume Information 2009-08-21 14:45:56 ----D---- C:\WINDOWS\system32\Restore 2009-08-21 01:15:21 ----D---- C:\WINDOWS\pss 2009-08-20 18:38:30 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-20 14:27:02 ----D---- C:\WINDOWS\ERUNT 2009-08-16 13:33:58 ----D---- C:\WINDOWS\system32\config 2009-08-15 17:09:19 ----AC---- C:\WINDOWS\wininit.ini 2009-08-14 03:06:42 ----D---- C:\WINDOWS\network diagnostic 2009-08-13 23:53:30 ----D---- C:\Documents and Settings\Adrien\Application Data\DNA 2009-08-13 09:42:04 ----D---- C:\Program Files\DNA 2009-08-12 04:23:40 ----D---- C:\Program Files\Outlook Express 2009-08-11 18:19:56 ----SD---- C:\Documents and Settings\Adrien\Application Data\Microsoft 2009-08-09 09:28:47 ----RSD---- C:\WINDOWS\assembly 2009-08-09 08:58:54 ----D---- C:\WINDOWS\SxsCaPendDel 2009-08-09 03:18:04 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-09 03:10:16 ----RSD---- C:\WINDOWS\Fonts 2009-08-09 03:09:44 ----D---- C:\WINDOWS\system32\spool 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520] R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-23 28520] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-04-30 47360] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-29 244864] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-23 55656] S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys [] S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] S3 ahdb04p4;ahdb04p4; C:\WINDOWS\system32\drivers\ahdb04p4.sys [] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664] S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363] S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168] S3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-12 30189] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320] S3 catchme;catchme; \??\C:\37237-CF\catchme.sys [] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [] S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288] S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 104375] S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys [] S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-05-03 39552] S3 tapavpn;Steganos Anonym VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapavpn.sys [2007-10-19 24320] S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432] S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064] S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-22 1029456] S2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672] S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-23 108289] S2 BroadCamService;BroadCam Service; C:\Program Files\NCH Software\BroadCam\broadCam.exe -service [] S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103] S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] S2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424] S2 EyelineService;Eyeline Service; C:\Program Files\NCH Software\Eyeline\eyeline.exe -service [] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728] S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715] S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-23 185089] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-09 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini [] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  20. st22026
    Bonsoir, vous devez parler de Conflicker.C mais je pense que le vrai problème est Win32trojanspy qui simulait une attaque d'un quelconque virus pour que je clique sur un truc qui doit faire je ne sais quel dégât. J'ai lancé malwarebytes en mode sans echéc et il n'a rien trouvé,j'ai décoché un fichier suspect dans msconfig(exiap6415386). J'ai redémarré en mode normal,je n'ai plus cette fenêtre similaire au pare feu windows qui m'indique que Conflicker.C est présent et je peux aller dans msconfig. Le problème c'est que je ne peux plus activer l'antivirus et le son ne marche pas. J'ai fait une analyse ad-aware, il n'a rien trouvé. Que dois-je faire?
  21. st22026
    Ad-aware detecte win32trojanspy et il revient à chaque analyse.
  22. st22026
    Bonjour,j'ai régulierement un rectangle identique au pare feu windows qui s'affiche,sauf qu'il est en anglais,en me disant qu'il y a win32.Conflicker.C,que je dois cliquer sur "enable protection" pour l'éradiquer. Malwarebyte's anti malware ne se lance plus,msconfig se bloque à chaque fois et quand je lance firefox on me dit en anglais que mon PC est infecté. Antivir a detécté 2 virus mais apparement il en manque. Que faire? Merci.
  23. st22026
    Mbam n'a rien trouvé.
  24. st22026
    Ok c'est bon j'ai pu activer le pare feu. Le rapport combofix : ComboFix 09-08-10.06 - Adrien 17/08/2009 17:34.4.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.478 [GMT 2:00] Running from: c:\documents and settings\Adrien\Bureau\65026-CF.exe AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\azyxosim.dat c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\coboxike.dll c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\fusyjygyt.db c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\odawufota.pif c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ojynen._dl c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\sivajamove.sys c:\windows\system32\_scui.cpl c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\braviax.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\ahonywu.vbs c:\documents and settings\All Users\Application Data\butofaqoc.scr c:\documents and settings\All Users\Application Data\firi.dat c:\documents and settings\All Users\Application Data\gydybyj.com c:\documents and settings\All Users\Application Data\oboroxyt.bin c:\documents and settings\All Users\Application Data\ziredowot.bat c:\documents and settings\LocalService\Application Data\caxepuhaw.bat c:\documents and settings\LocalService\Application Data\ilamajeje.dat c:\documents and settings\LocalService\Application Data\unuhiha.bat c:\documents and settings\LocalService\Application Data\ygal.exe c:\documents and settings\LocalService\Local Settings\Application Data\daqud.bat c:\documents and settings\LocalService\Local Settings\Application Data\zaqota.bat c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\program files\configmm.ini c:\program files\Fichiers communs\datoteky.bat c:\program files\Fichiers communs\evadamafi.inf c:\program files\Fichiers communs\guzuvizil.db c:\program files\Fichiers communs\laheviqi.lib c:\program files\Fichiers communs\sejibuhelu.reg c:\program files\PC_Antispyware2010\AVEngn.dll c:\program files\PC_Antispyware2010\data\daily.cvd c:\program files\PC_Antispyware2010\htmlayout.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe c:\program files\PC_Antispyware2010\pthreadVC2.dll c:\program files\PC_Antispyware2010\Uninstall.exe c:\program files\PC_Antispyware2010\wscui.cpl c:\windows\dulav.dll c:\windows\duxibesoga.bin c:\windows\evugo.dll c:\windows\gyzomygib.dat c:\windows\obive.sys c:\windows\system32\1220883340.dat c:\windows\uxoras.com c:\windows\xemuzyji.sys . ((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))))))) . 2009-08-17 13:57 . 2009-08-17 13:57 19476 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ixosigajez.exe 2009-08-17 13:57 . 2009-08-17 13:57 18972 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\lasuvu.scr 2009-08-17 13:57 . 2009-08-17 13:57 18799 ----a-w- c:\windows\ocazosyg.dll 2009-08-17 13:57 . 2009-08-17 13:57 17626 ----a-w- c:\program files\Fichiers communs\ejenytazof.scr 2009-08-17 13:57 . 2009-08-17 13:57 15168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ozacuh.pif 2009-08-17 13:57 . 2009-08-17 13:57 13805 ----a-w- c:\documents and settings\All Users\Application Data\epiqyby.bat 2009-08-17 13:57 . 2009-08-17 13:57 13718 ----a-w- c:\windows\system32\vilowor.sys 2009-08-17 13:57 . 2009-08-17 13:57 13390 ----a-w- c:\documents and settings\All Users\Application Data\odoz.scr 2009-08-17 13:57 . 2009-08-17 13:57 12543 ----a-w- c:\program files\Fichiers communs\zuduhenajy.dat 2009-08-17 13:57 . 2009-08-17 13:57 10449 ----a-w- c:\documents and settings\LocalService\Application Data\gezexolo.dll 2009-08-17 13:57 . 2009-08-17 15:33 -------- d-----w- c:\program files\PC_Antispyware2010 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\Adrien\Application Data\Malwarebytes 2009-08-17 13:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-17 13:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-16 21:16 . 2009-08-16 21:16 -------- d-----w- C:\WinFileReplace 2009-08-16 19:19 . 2009-08-16 19:19 19376 ----a-w- c:\windows\system32\zyxecu.scr 2009-08-16 19:19 . 2009-08-16 19:19 17889 ----a-w- c:\windows\wemequtaha.pif 2009-08-16 19:19 . 2009-08-16 19:19 16627 ----a-w- c:\documents and settings\All Users\Application Data\axixime.sys 2009-08-16 19:19 . 2009-08-16 19:19 15444 ----a-w- c:\windows\system32\zemyzy.sys 2009-08-16 19:19 . 2009-08-16 19:19 14737 ----a-w- c:\documents and settings\LocalService\Application Data\bygipozir.dll 2009-08-16 19:19 . 2009-08-16 19:19 13745 ----a-w- c:\documents and settings\LocalService\Application Data\suxogojogu.sys 2009-08-16 19:19 . 2009-08-16 19:19 12161 ----a-w- c:\windows\ogysepujaw.dll 2009-08-16 19:19 . 2009-08-16 19:19 11038 ----a-w- c:\windows\dexapizojo.dll 2009-08-16 19:19 . 2009-08-16 19:19 -------- d-----w- C:\PC_Antispyware2010 2009-08-16 11:33 . 2004-08-10 20:00 2944 ----a-w- c:\windows\system32\drivers\null.sys 2009-08-15 22:43 . 2009-08-15 22:43 -------- d-s---w- C:\scan 2009-08-15 12:37 . 2009-08-15 12:37 -------- d-----w- C:\rsit 2009-08-15 09:01 . 2009-08-15 09:01 61440 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-15 09:01 . 2009-08-15 09:01 832776 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\lea.dll 2009-08-15 09:01 . 2009-08-15 09:01 439560 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\jlea.dll 2009-08-15 09:01 . 2009-08-15 09:01 42320 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\dsvout.dll 2009-08-15 09:01 . 2009-08-15 09:01 183356 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-15 09:01 . 2009-08-15 11:03 -------- d-----w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6 2009-08-14 15:19 . 2009-08-14 15:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-14 15:11 . 2009-08-14 15:11 18818 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\suwymugynu.reg 2009-08-14 15:11 . 2009-08-14 15:11 17234 ----a-w- c:\documents and settings\All Users\Application Data\gemoputecy.bat 2009-08-14 15:11 . 2009-08-14 15:11 14688 ----a-w- c:\windows\calusexav.vbs 2009-08-14 11:33 . 2009-08-14 11:33 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-08-13 21:51 . 2009-08-13 21:51 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-12 01:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 16:20 . 2009-08-11 16:20 15240 ----a-w- c:\documents and settings\Adrien\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-05 21:08 . 2009-08-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-08-05 17:38 . 2009-08-05 17:38 -------- d-----w- c:\program files\Messenger Plus! Live 2009-07-21 11:17 . 2009-01-22 13:28 290816 ----a-w- c:\windows\system32\decdll.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-17 13:57 . 2009-08-17 13:57 18382 ----a-w- c:\program files\Fichiers communs\ikyjek.db 2009-08-17 13:57 . 2009-08-17 13:57 16807 ----a-w- c:\program files\Fichiers communs\fyneqehuca._sy 2009-08-17 13:57 . 2009-08-17 13:57 13100 ----a-w- c:\documents and settings\LocalService\Application Data\uhyg.dat 2009-08-14 16:49 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\BitTorrent 2009-08-13 21:53 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\DNA 2009-08-13 21:51 . 2004-08-10 20:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-13 07:42 . 2009-03-16 18:47 -------- d-----w- c:\program files\DNA 2009-08-13 06:23 . 2007-12-26 21:42 12 ----a-w- c:\windows\bthservsdp.dat 2009-08-12 02:21 . 2009-01-09 16:06 -------- d-----w- c:\documents and settings\Adrien\Application Data\Orbit 2009-08-09 16:33 . 2006-12-23 21:15 58616 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-08-09 01:18 . 2006-08-11 17:43 85636 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-09 01:18 . 2006-08-11 17:43 512292 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-05 09:00 . 2004-08-10 20:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 08:43 . 2008-12-17 10:35 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-24 15:04 . 2009-01-10 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-17 19:03 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 20:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 22:20 . 2006-12-24 17:25 -------- d-----w- c:\program files\Fichiers communs\Real 2009-07-03 16:57 . 2006-03-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 15:32 . 2009-06-25 15:32 287 ----a-w- c:\windows\EReg072.dat 2009-06-25 09:22 . 2009-06-24 06:41 -------- d-----w- c:\documents and settings\Adrien\Application Data\Wuala 2009-06-25 09:20 . 2009-06-25 09:20 335872 ------w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\swt-win32-3448.dll 2009-06-24 06:54 . 2009-06-24 06:54 53248 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\Win32Utils.dll 2009-06-24 06:41 . 2009-06-24 06:41 592175 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\orangevolt-4n-1.0.7.dll 2009-06-24 06:41 . 2009-06-24 06:41 184336 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Roaming\Wuala.exe 2009-06-24 06:40 . 2009-06-24 06:40 69632 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\Win32NetBIOS.dll 2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2005-05-11 02:30 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-10 20:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-10 20:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-10 20:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-10 20:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-08 13:33 . 2009-07-13 14:05 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2009-06-03 19:10 . 2005-08-30 04:16 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-28 09:46 . 2009-05-28 09:46 318904 ----a-w- C:\wmpfirefoxplugin.exe 2008-12-28 18:05 . 2008-12-28 18:05 2402832 -c--a-w- c:\program files\WLinstaller.exe 2006-05-03 10:06 . 2009-01-09 22:07 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-01-09 22:07 31232 -csh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-01-09 22:07 216064 -csh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys [7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2009-08-13 21:51 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-13 21:51 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2009-08-16_14.03.09 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-17 13:57 . 2009-08-17 13:57 16384 c:\windows\temp\Perflib_Perfdata_8c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-02-03 240544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544] "flockbox"="d:\folder lockbox\flockbox.exe" [2006-11-10 1065984] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Adrien^Mes documents^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk] path=c:\documents and settings\Adrien\Mes documents\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk backup=c:\windows\pss\Free Music Zilla.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer WLAN 11g USB Dongle.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Regedit32"=c:\windows\system32\regedit.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "d:\\Orbitdownloader\\orbitdm.exe"= "d:\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Free Music Zilla\\FMZilla.exe"= "d:\\SopCast\\adv\\SopAdver.exe"= "d:\\NetXfer\\NetTransport.exe"= "d:\\StationRipper\\StationRipperConsole.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "d:\\SopCast\\SopCast.exe"= "d:\\Program Files\\TVAnts\\Tvants.exe"= "d:\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server "7000:UDP"= 7000:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) "7001:UDP"= 7001:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) "7002:UDP"= 7002:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [07/01/2007 13:02 13824] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/04/2008 22:14 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2008 22:14 20560] S2 BroadCamService;BroadCam Service;"c:\program files\NCH Software\BroadCam\broadCam.exe" -service --> c:\program files\NCH Software\BroadCam\broadCam.exe [?] S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320] . Contents of the 'Scheduled Tasks' folder 2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006Core.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006UA.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{5E39FACB-FF9D-4260-963F-CCB597CFD3B7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204 IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202 IE: Download with &Shareaza - c:\program files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Tout télécharger avec NetXfer - d:\netxfer\NXAddList.html IE: Télécharger avec NetXfer - d:\netxfer\NXAddLink.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html FF - ProfilePath - c:\documents and settings\Adrien\Application Data\Mozilla\Firefox\Profiles\hjj3vx4k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q= FF - plugin: c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: d:\divx content uploader\npUpload.dll FF - plugin: d:\divx player\npDivxPlayerPlugin.dll FF - plugin: d:\divx web player\npdivx32.dll FF - plugin: d:\real alternative\browser\plugins\nppl3260.dll FF - plugin: d:\real alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-17 17:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-17 17:41 ComboFix-quarantined-files.txt 2009-08-17 15:40 ComboFix2.txt 2009-08-16 14:04 ComboFix3.txt 2009-08-16 11:38 Pre-Run: 35 769 335 808 octets libres Post-Run: 35 760 971 776 octets libres 328 --- E O F --- 2009-08-12 02:24 Je pense que tout est fini. Merci.
  25. st22026
    Le rapport combofix : ComboFix 09-08-20.07 - Adrien 21/08/2009 14:46.5.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.485 [GMT 2:00] Running from: c:\documents and settings\Adrien\Bureau\37237-CF.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ihuvo._dl c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\vivo.sys c:\windows\dexapizojo.dll c:\windows\ibodasipu.scr c:\windows\kulyvipoto.dll c:\windows\ocazosyg.dll c:\windows\ogysepujaw.dll c:\windows\pvc11.dll c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\yhevasuvy.scr c:\windows\yvuvot.dll . ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-20 13:38 . 2004-08-10 20:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-08-20 13:38 . 2004-08-10 20:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-20 13:09 . 2009-08-20 13:09 19879 ----a-w- c:\program files\Fichiers communs\urezol.dat 2009-08-20 13:09 . 2009-08-20 13:09 19324 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\yrap.pif 2009-08-20 13:09 . 2009-08-20 13:09 18003 ----a-w- c:\documents and settings\All Users\Application Data\homivogada.pif 2009-08-20 13:09 . 2009-08-20 13:09 16767 ----a-w- c:\windows\system32\eqyhotyso.dll 2009-08-20 13:09 . 2009-08-20 13:09 14730 ----a-w- c:\documents and settings\LocalService\Application Data\wuxydu.scr 2009-08-20 13:09 . 2009-08-20 13:09 10517 ----a-w- c:\windows\system32\hakaderem.dat 2009-08-20 12:59 . 2009-08-20 12:59 -------- d-----w- C:\_OTM 2009-08-19 16:18 . 2009-08-19 16:18 19941 ----a-w- c:\documents and settings\LocalService\Application Data\ihacuzawiq.sys 2009-08-19 16:18 . 2009-08-19 16:18 18282 ----a-w- c:\windows\hesewov.pif 2009-08-19 16:18 . 2009-08-19 16:18 17957 ----a-w- c:\program files\Fichiers communs\anatagona.bin 2009-08-19 16:18 . 2009-08-19 16:18 14337 ----a-w- c:\windows\isereju.sys 2009-08-19 16:18 . 2009-08-19 16:18 14193 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ogosezujil.scr 2009-08-19 16:18 . 2009-08-19 16:18 13429 ----a-w- c:\windows\zezig.sys 2009-08-19 16:18 . 2009-08-19 16:18 13307 ----a-w- c:\windows\system32\xybexi.pif 2009-08-19 16:18 . 2009-08-19 16:18 11198 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\mimeru.vbs 2009-08-19 15:47 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 15:47 . 2009-08-19 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 15:47 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-17 21:20 . 2009-08-18 17:02 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-17 13:57 . 2009-08-17 13:57 19476 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ixosigajez.exe 2009-08-17 13:57 . 2009-08-17 13:57 18972 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\lasuvu.scr 2009-08-17 13:57 . 2009-08-17 13:57 17626 ----a-w- c:\program files\Fichiers communs\ejenytazof.scr 2009-08-17 13:57 . 2009-08-17 13:57 15168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ozacuh.pif 2009-08-17 13:57 . 2009-08-17 13:57 13805 ----a-w- c:\documents and settings\All Users\Application Data\epiqyby.bat 2009-08-17 13:57 . 2009-08-17 13:57 13718 ----a-w- c:\windows\system32\vilowor.sys 2009-08-17 13:57 . 2009-08-17 13:57 13390 ----a-w- c:\documents and settings\All Users\Application Data\odoz.scr 2009-08-17 13:57 . 2009-08-17 13:57 12543 ----a-w- c:\program files\Fichiers communs\zuduhenajy.dat 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\Adrien\Application Data\Malwarebytes 2009-08-17 13:25 . 2009-08-17 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-16 21:16 . 2009-08-16 21:16 -------- d-----w- C:\WinFileReplace 2009-08-16 19:19 . 2009-08-16 19:19 19376 ----a-w- c:\windows\system32\zyxecu.scr 2009-08-16 19:19 . 2009-08-16 19:19 17889 ----a-w- c:\windows\wemequtaha.pif 2009-08-16 19:19 . 2009-08-16 19:19 16627 ----a-w- c:\documents and settings\All Users\Application Data\axixime.sys 2009-08-16 19:19 . 2009-08-16 19:19 15444 ----a-w- c:\windows\system32\zemyzy.sys 2009-08-16 19:19 . 2009-08-16 19:19 14737 ----a-w- c:\documents and settings\LocalService\Application Data\bygipozir.dll 2009-08-16 19:19 . 2009-08-16 19:19 13745 ----a-w- c:\documents and settings\LocalService\Application Data\suxogojogu.sys 2009-08-16 11:33 . 2004-08-10 20:00 2944 ----a-w- c:\windows\system32\drivers\null.sys 2009-08-15 22:43 . 2009-08-15 22:43 -------- d-s---w- C:\scan 2009-08-15 12:37 . 2009-08-15 12:37 -------- d-----w- C:\rsit 2009-08-15 09:01 . 2009-08-15 09:01 61440 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\Toolkit.dll 2009-08-15 09:01 . 2009-08-15 09:01 832776 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\lea.dll 2009-08-15 09:01 . 2009-08-15 09:01 439560 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\jlea.dll 2009-08-15 09:01 . 2009-08-15 09:01 42320 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\dsvout.dll 2009-08-15 09:01 . 2009-08-15 09:01 183356 ----a-w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6\Uninstaller.exe 2009-08-15 09:01 . 2009-08-15 11:03 -------- d-----w- c:\documents and settings\Adrien\Application Data\HouseCall 6.6 2009-08-14 15:19 . 2009-08-14 15:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-14 15:11 . 2009-08-14 15:11 18818 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\suwymugynu.reg 2009-08-14 15:11 . 2009-08-14 15:11 17234 ----a-w- c:\documents and settings\All Users\Application Data\gemoputecy.bat 2009-08-14 15:11 . 2009-08-14 15:11 14688 ----a-w- c:\windows\calusexav.vbs 2009-08-14 11:33 . 2009-08-14 11:33 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-08-13 21:51 . 2009-08-13 21:51 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys 2009-08-12 01:11 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 16:20 . 2009-08-11 16:20 15240 ----a-w- c:\documents and settings\Adrien\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\MSBuild 2009-08-09 01:10 . 2009-08-09 01:10 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 01:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 01:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 01:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-05 21:08 . 2009-08-10 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-08-05 17:38 . 2009-08-05 17:38 -------- d-----w- c:\program files\Messenger Plus! Live . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 11:44 . 2007-12-26 21:42 12 ----a-w- c:\windows\bthservsdp.dat 2009-08-20 13:09 . 2009-08-20 13:09 11059 ----a-w- c:\documents and settings\LocalService\Application Data\lojebiloda.reg 2009-08-19 16:18 . 2009-08-19 16:18 15106 ----a-w- c:\documents and settings\All Users\Application Data\umecodi.bin 2009-08-19 16:18 . 2009-08-19 16:18 13603 ----a-w- c:\documents and settings\All Users\Application Data\qelugyku.dat 2009-08-17 13:57 . 2009-08-17 13:57 18382 ----a-w- c:\program files\Fichiers communs\ikyjek.db 2009-08-17 13:57 . 2009-08-17 13:57 16807 ----a-w- c:\program files\Fichiers communs\fyneqehuca._sy 2009-08-17 13:57 . 2009-08-17 13:57 13100 ----a-w- c:\documents and settings\LocalService\Application Data\uhyg.dat 2009-08-14 16:49 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\BitTorrent 2009-08-13 21:53 . 2009-03-16 18:47 -------- d-----w- c:\documents and settings\Adrien\Application Data\DNA 2009-08-13 07:42 . 2009-03-16 18:47 -------- d-----w- c:\program files\DNA 2009-08-12 02:21 . 2009-01-09 16:06 -------- d-----w- c:\documents and settings\Adrien\Application Data\Orbit 2009-08-09 16:33 . 2006-12-23 21:15 58616 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-08-09 01:18 . 2006-08-11 17:43 85636 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-09 01:18 . 2006-08-11 17:43 512292 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-05 09:00 . 2004-08-10 20:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 08:43 . 2008-12-17 10:35 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-24 15:04 . 2009-01-10 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-17 19:03 . 2004-08-10 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 20:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 22:20 . 2006-12-24 17:25 -------- d-----w- c:\program files\Fichiers communs\Real 2009-07-03 16:57 . 2006-03-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 15:32 . 2009-06-25 15:32 287 ----a-w- c:\windows\EReg072.dat 2009-06-25 09:22 . 2009-06-24 06:41 -------- d-----w- c:\documents and settings\Adrien\Application Data\Wuala 2009-06-25 09:20 . 2009-06-25 09:20 335872 ------w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\swt-win32-3448.dll 2009-06-24 06:54 . 2009-06-24 06:54 53248 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\Win32Utils.dll 2009-06-24 06:41 . 2009-06-24 06:41 592175 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\orangevolt-4n-1.0.7.dll 2009-06-24 06:41 . 2009-06-24 06:41 184336 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Roaming\Wuala.exe 2009-06-24 06:40 . 2009-06-24 06:40 69632 ----a-w- c:\documents and settings\Adrien\Application Data\Wuala\Program0\Win32NetBIOS.dll 2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2005-05-11 02:30 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-10 20:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-10 20:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-10 20:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-10 20:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-08 13:33 . 2009-07-13 14:05 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2009-06-03 19:10 . 2005-08-30 04:16 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-28 09:46 . 2009-05-28 09:46 318904 ----a-w- C:\wmpfirefoxplugin.exe 2008-12-28 18:05 . 2008-12-28 18:05 2402832 -c--a-w- c:\program files\WLinstaller.exe 2006-05-03 10:06 . 2009-01-09 22:07 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-01-09 22:07 31232 -csh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-01-09 22:07 216064 -csh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "flockbox"="d:\folder lockbox\flockbox.exe" [2006-11-10 1065984] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472] BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-5-12 581693] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^Adrien^Mes documents^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk] path=c:\documents and settings\Adrien\Mes documents\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk backup=c:\windows\pss\Free Music Zilla.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Regedit32"=c:\windows\system32\regedit.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\iTunes.exe"= "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"= "d:\\Orbitdownloader\\orbitdm.exe"= "d:\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "d:\\Free Music Zilla\\FMZilla.exe"= "d:\\SopCast\\adv\\SopAdver.exe"= "d:\\NetXfer\\NetTransport.exe"= "d:\\StationRipper\\StationRipperConsole.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "d:\\Real Alternative\\Media Player Classic\\mplayerc.exe"= "d:\\SopCast\\SopCast.exe"= "d:\\Program Files\\TVAnts\\Tvants.exe"= "d:\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "86:TCP"= 86:TCP:BroadCam Web Server "7000:UDP"= 7000:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) "7001:UDP"= 7001:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) "7002:UDP"= 7002:UDP:*:Disabled:Windows Media Format SDK (chrome.exe) R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [07/01/2007 13:02 13824] S2 BroadCamService;BroadCam Service;"c:\program files\NCH Software\BroadCam\broadCam.exe" -service --> c:\program files\NCH Software\BroadCam\broadCam.exe [?] S2 EyelineService;Eyeline Service;"c:\program files\NCH Software\Eyeline\eyeline.exe" -service --> c:\program files\NCH Software\Eyeline\eyeline.exe [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 951632] S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [19/10/2007 10:50 24320] . Contents of the 'Scheduled Tasks' folder 2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006Core.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3874232922-622592756-1272493053-1006UA.job - c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-28 11:25] 2009-08-20 c:\windows\Tasks\User_Feed_Synchronization-{5E39FACB-FF9D-4260-963F-CCB597CFD3B7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204 IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202 IE: Download with &Shareaza - c:\program files\MediaInfo\Nouveau dossier (18)\Nouveau dossier (21)\P2P Rocket\Plugins\RazaWebHook.dll/3000 IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Tout télécharger avec NetXfer - d:\netxfer\NXAddList.html IE: Télécharger avec NetXfer - d:\netxfer\NXAddLink.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html FF - ProfilePath - c:\documents and settings\Adrien\Application Data\Mozilla\Firefox\Profiles\hjj3vx4k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q= FF - plugin: c:\documents and settings\Adrien\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: d:\divx content uploader\npUpload.dll FF - plugin: d:\divx player\npDivxPlayerPlugin.dll FF - plugin: d:\divx web player\npdivx32.dll FF - plugin: d:\real alternative\browser\plugins\nppl3260.dll FF - plugin: d:\real alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 14:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-21 14:53 ComboFix-quarantined-files.txt 2009-08-21 12:53 ComboFix2.txt 2009-08-17 15:41 Pre-Run: 34 835 644 416 octets libres Post-Run: 34 931 322 880 octets libres 268 --- E O F --- 2009-08-20 16:38 C'est braviax qui a désactivé le pare feu et l'antivirus mais maintenant qu'il n'est plus la je devrais pouvoir le réactiver non?
×
×
  • Créer...