ady

Membres

Afficher le profil Afficher son activité

Compteur de contenus
9
Inscription
le 15 décembre 2009
Dernière visite
le 6 janvier 2010

Autres informations

Mes langues
Français , Allemand

ady's Achievements

Junior Member (3/12)

Réputation sur la communauté

Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonsoir Le Sioux , j'ai installé Toolscleaner , mais le programme ne répond pas ( j'ai désinstallé et réinstallé pareil ) et mon ordi surchauffe , il fait un bruit pas possible quand je le lance ... est ce normal , je laisse tourner quand même? Bonne journée ( je suppose que tu liras le message dans la journée lol )
- le 5 janvier 2010
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonjour, Voici le rapport ! Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3491 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 04/01/2010 13:29:29 mbam-log-2010-01-04 (13-29-29).txt Type de recherche: Examen rapide Eléments examinés: 96764 Temps écoulé: 7 minute(s), 39 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Bonne journée !
- le 4 janvier 2010
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonjour Le Sioux , Désolée de ne pas avoir répondu avant , j'ai eu un problème avec internet à cause de la neige et ensuite je suis partie dans de la famille en Allemagne :-$ Je fais ça demain , excuse-moi encore. Bon réveillon et Bonne année en avance ! =)
- le 31 décembre 2009
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonjour Le Sioux, Désolée du retard , la connexion internet était coupé à cause de la neige =/ Voici le Rapport OTM , mais je pense qu'il y a eu un bug , non? All processes killed Error: Unable to interpret <[emptytemp]> in the current context! Error: Unable to interpret <[reboot]> in the current context! OTM by OldTimer - Version 3.1.2.2 log created on 12202009_144057 Le rapport RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by sylvie at 2009-12-20 14:49:02 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 11 GB (11%) free of 95 GB Total RAM: 3070 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:49:18, on 20/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\sylvie\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\sylvie.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Windows\TEMP\E_SE927.tmp" /EF "HKCU" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\sylvie\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1ca10695e4c07e0) (gupdate1ca10695e4c07e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 10120 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388151536-27031529-2942691933-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388151536-27031529-2942691933-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-05 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-19 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-05 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192] "NPCTray"=C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD [] "Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-05 136600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440] "Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "recinfo"=c:\recinfo\recinfo.exe [2008-02-13 52224] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "EPSON Stylus Photo RX585 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE [2007-03-30 182272] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-19 39408] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "Google Update"=C:\Users\sylvie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 135664] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Notification de cadeaux MSN.lnk - C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=128 "NoDriveAutoRun"=128 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-12-17 20:45:26 ----D---- C:\Users\sylvie\AppData\Roaming\LimeWire 2009-12-17 15:07:35 ----D---- C:\_OTM 2009-12-17 15:02:06 ----RASHD---- C:\autorun.inf 2009-12-17 14:56:40 ----D---- C:\UsbFix 2009-12-16 13:53:40 ----D---- C:\rsit 2009-12-15 16:32:35 ----D---- C:\Program Files\Trend Micro 2009-12-15 16:31:58 ----D---- C:\HJT 2009-12-15 16:31:53 ----A---- C:\HJTInstall.exe 2009-12-15 13:00:07 ----D---- C:\Users\sylvie\AppData\Roaming\IDM 2009-12-15 00:25:22 ----D---- C:\Users\sylvie\AppData\Roaming\Malwarebytes 2009-12-15 00:24:51 ----D---- C:\ProgramData\Malwarebytes 2009-12-15 00:24:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-15 00:17:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-13 15:07:52 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-13 15:07:50 ----A---- C:\Windows\system32\httpapi.dll 2009-12-11 12:36:00 ----D---- C:\Users\sylvie\AppData\Roaming\dvdcss 2009-12-10 01:02:42 ----A---- C:\Windows\system32\mshtml.dll 2009-12-10 01:02:40 ----A---- C:\Windows\system32\ieframe.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\wininet.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\urlmon.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\iertutil.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\occache.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\ieui.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-10 01:02:37 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iesetup.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iernonce.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iepeers.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-10 01:02:29 ----A---- C:\Windows\system32\rastls.dll 2009-11-27 08:13:18 ----A---- C:\Windows\system32\tzres.dll 2009-11-25 08:26:21 ----A---- C:\Windows\system32\msxml6.dll 2009-11-25 08:26:21 ----A---- C:\Windows\system32\msxml3.dll 2009-11-23 22:57:51 ----D---- C:\Program Files\Microsoft 2009-11-21 11:34:16 ----D---- C:\ProgramData\WindowsSearch ======List of files/folders modified in the last 1 months====== 2009-12-20 14:49:01 ----D---- C:\Windows\Temp 2009-12-20 14:47:30 ----D---- C:\Windows\Prefetch 2009-12-20 14:46:22 ----D---- C:\Windows\System32 2009-12-20 14:46:22 ----D---- C:\Windows\inf 2009-12-20 14:46:22 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-20 14:44:18 ----D---- C:\Windows\Tasks 2009-12-19 18:14:13 ----D---- C:\Users\sylvie\AppData\Roaming\Skype 2009-12-19 15:03:31 ----D---- C:\Users\sylvie\AppData\Roaming\vlc 2009-12-19 11:00:52 ----AD---- C:\ProgramData\TEMP 2009-12-18 21:26:32 ----SHD---- C:\System Volume Information 2009-12-17 15:08:16 ----D---- C:\Windows 2009-12-17 15:07:39 ----RD---- C:\Program Files 2009-12-17 15:07:36 ----HD---- C:\ProgramData 2009-12-17 15:04:30 ----D---- C:\Program Files\Mozilla Firefox 2009-12-17 15:00:23 ----SHD---- C:\$Recycle.Bin 2009-12-15 13:01:04 ----D---- C:\Users\sylvie\AppData\Roaming\DMCache 2009-12-15 13:00:13 ----D---- C:\Program Files\Internet Download Manager 2009-12-15 12:27:03 ----D---- C:\Windows\Debug 2009-12-15 08:58:11 ----D---- C:\Windows\system32\drivers 2009-12-15 08:58:11 ----D---- C:\Windows\nap 2009-12-15 00:17:56 ----D---- C:\Program Files\Common Files 2009-12-14 23:37:19 ----D---- C:\Windows\system32\Tasks 2009-12-14 18:38:27 ----D---- C:\Windows\system32\catroot2 2009-12-13 15:08:48 ----D---- C:\Windows\winsxs 2009-12-13 15:08:37 ----D---- C:\Windows\system32\catroot 2009-12-11 08:13:38 ----D---- C:\Windows\system32\migration 2009-12-11 08:13:37 ----D---- C:\Program Files\Internet Explorer 2009-12-10 11:38:50 ----SHD---- C:\Windows\Installer 2009-12-10 11:38:43 ----D---- C:\ProgramData\Microsoft Help 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-12-01 16:29:49 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-27 08:23:49 ----D---- C:\Windows\rescache 2009-11-27 08:14:05 ----D---- C:\Windows\system32\fr-FR 2009-11-26 18:55:12 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-09-15 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-09-15 52368] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 3155456] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-11 610304] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680] S2 gupdate1ca10695e4c07e0;Service Google Update (gupdate1ca10695e4c07e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 194032] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------
- le 20 décembre 2009
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonjour , Désolé pour le codebox , c'était pour ne pas prendre trop de place , pour le prochain , je le metterais normalement J'essayerais de le poster dans l'après-midi. Bonne journée Ady
- le 18 décembre 2009
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonjour Le Sioux, * Le rapport d'USBFix ############################## | UsbFix V6.064 | User : sylvie (Administrateurs) # PC-DE-SYLVIE Update on 16/12/2009 by Chiquitine29, C_XX & Chimay8 Start at: 14:59:16 | 17/12/2009 Website : [url="http://pagesperso-orange.fr/NosTools/index.html"]http://pagesperso-orange.fr/NosTools/index.html[/url] Contact : FindyKill.Contact@gmail.com Intel® Pentium® Dual CPU T2390 @ 1.86GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18865 Windows Firewall Status : Enabled AV : Norman Security Suite ver. 7.00 7.00 [ (!) Disabled | Updated ] C:\ -> Disque fixe local # 92,7 Go (13,72 Go free) [system] # NTFS D:\ -> Disque fixe local # 47,56 Go (47,47 Go free) [Data] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque amovible # 1,89 Go (1,48 Go free) # FAT ############################## | Processus actifs | C:\Windows\System32\smss.exe 444 C:\Windows\system32\csrss.exe 512 C:\Windows\system32\wininit.exe 568 C:\Windows\system32\csrss.exe 576 C:\Windows\system32\services.exe 620 C:\Windows\system32\lsass.exe 640 C:\Windows\system32\lsm.exe 648 C:\Windows\system32\winlogon.exe 684 C:\Windows\system32\svchost.exe 840 C:\Windows\system32\svchost.exe 924 C:\Windows\System32\svchost.exe 972 C:\Windows\system32\Ati2evxx.exe 1028 C:\Windows\System32\svchost.exe 1056 C:\Windows\System32\svchost.exe 1088 C:\Windows\system32\svchost.exe 1108 C:\Windows\system32\svchost.exe 1224 C:\Windows\system32\SLsvc.exe 1244 C:\Windows\system32\svchost.exe 1264 C:\Windows\system32\svchost.exe 1496 C:\Windows\system32\Ati2evxx.exe 1632 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1728 C:\Windows\System32\spoolsv.exe 1960 C:\Windows\system32\taskeng.exe 2020 C:\Windows\system32\svchost.exe 2028 C:\Windows\system32\taskeng.exe 700 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 1836 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1892 C:\Program Files\Bonjour\mDNSResponder.exe 2036 C:\Program Files\Google\Update\GoogleUpdate.exe 560 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 1844 C:\Windows\system32\IoctlSvc.exe 2216 C:\Windows\system32\svchost.exe 2248 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2320 C:\Windows\system32\svchost.exe 2348 C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe 2380 C:\Windows\System32\svchost.exe 2412 C:\Windows\system32\SearchIndexer.exe 2464 C:\Windows\system32\WUDFHost.exe 2740 C:\Windows\system32\PresentationSettings.exe 2968 C:\Windows\system32\userinit.exe 3060 C:\Windows\system32\Dwm.exe 3084 C:\Windows\Explorer.EXE 3112 C:\Windows\system32\DllHost.exe 3160 C:\Windows\system32\runonce.exe 3208 C:\Windows\system32\conime.exe 3240 C:\Windows\system32\wbem\wmiprvse.exe 3460 ################## | Fichiers # Dossiers infectieux | Supprimé ! C:\Users\sylvie\AppData\Local\Temp\a.dat Supprimé ! C:\$Recycle.Bin\S-1-5-21-2321917482-3939196293-955204087-500 Supprimé ! C:\$Recycle.Bin\S-1-5-21-388151536-27031529-2942691933-1000 Supprimé ! D:\$Recycle.Bin\S-1-5-21-388151536-27031529-2942691933-1000 F:\autorun.inf -> fichier appelé : "F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usb.exe" ( Présent ! ) Supprimé ! F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usb.exe Supprimé ! F:\autorun.inf Supprimé ! F:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213 ################## | Registre # Clés infectieuses | ################## | Registre # Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{60ba9c3b-658a-11de-83d4-00030da54ef0}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [18/09/2006 22:43|--a------|24] C:\autoexec.bat [11/04/2009 07:36|-rahs----|333257] C:\bootmgr [15/07/2008 12:10|-ra-s----|8192] C:\BOOTSECT.BAK [18/09/2006 22:43|--a------|10] C:\config.sys [15/12/2009 16:31|--a------|812344] C:\HJTInstall.exe [?|?|?] C:\pagefile.sys [14/07/2008 10:59|--a------|1385] C:\Prodlog.txt [17/12/2009 15:02|--a------|4077] C:\UsbFix.txt [13/12/2009 14:51|--a------|1622] F:\BOOTEX.LOG ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix. # D:\autorun.inf -> Dossier créé par UsbFix. # F:\autorun.inf -> Dossier créé par UsbFix. ################## | Cracks / Keygens / Serials | ################## | Upload | * Le rapport de OTM All processes killed Error: Unable to interpret <:registry> in the current context! Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]> in the current context! Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]> in the current context! Error: Unable to interpret <"Proxy Cdrom"=-> in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]> in the current context! Error: Unable to interpret <"P2Pcontrol"=-> in the current context! Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68590028]> in the current context! ========== FILES ========== C:\ProgramData\Blah Chic Chic.lrunadh moved successfully. File/Folder C:\ProgramData\68590028 not found. C:\ProgramData\7c429c1\WSDDSys folder moved successfully. C:\ProgramData\7c429c1\Quarantine Items folder moved successfully. C:\ProgramData\7c429c1\BackUp folder moved successfully. C:\ProgramData\7c429c1 folder moved successfully. C:\Program Files\P2Pcontrol\webserver folder moved successfully. C:\Program Files\P2Pcontrol\lang folder moved successfully. C:\Program Files\P2Pcontrol\config folder moved successfully. C:\Program Files\P2Pcontrol folder moved successfully. C:\ProgramData\WSOFCUHFCD_APDM folder moved successfully. C:\Program Files\GamesBar folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\xml\data folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\xml folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\promotion folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\certificate folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\browser folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully. C:\Users\sylvie\AppData\Roaming\LimeWire folder moved successfully. C:\Program Files\LimeWire\root\magnet10 folder moved successfully. C:\Program Files\LimeWire\root folder moved successfully. C:\Program Files\LimeWire\lib folder moved successfully. C:\Program Files\LimeWire\.NetworkShare folder moved successfully. C:\Program Files\LimeWire folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Public User: sylvie ->Temp folder emptied: 5668495 bytes ->Temporary Internet Files folder emptied: 1354211 bytes ->Java cache emptied: 4309382 bytes ->FireFox cache emptied: 66102053 bytes ->Google Chrome cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 4242 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2810743 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 76,56 mb OTM by OldTimer - Version 3.1.2.2 log created on 12172009_150735 Files moved on Reboot... Registry entries deleted on Reboot... * Un nouveau rapport RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by sylvie at 2009-12-17 15:11:15 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 14 GB (15%) free of 95 GB Total RAM: 3070 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:11:32, on 17/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\notepad.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre6\bin\jusched.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\sylvie\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\sylvie.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://fr.msn.com/"]http://fr.msn.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [P2Pcontrol] C:\Program Files\P2Pcontrol\p2control.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Windows\TEMP\E_SE927.tmp" /EF "HKCU" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Proxy Cdrom] "C:\ProgramData\Blah Chic Chic.lrunadh" O4 - HKCU\..\Run: [Google Update] "C:\Users\sylvie\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1ca10695e4c07e0) (gupdate1ca10695e4c07e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 10450 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388151536-27031529-2942691933-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388151536-27031529-2942691933-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-05 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-19 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-05 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192] "NPCTray"=C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD [] "Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-05 136600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440] "P2Pcontrol"=C:\Program Files\P2Pcontrol\p2control.exe [] "Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "recinfo"=c:\recinfo\recinfo.exe [2008-02-13 52224] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "EPSON Stylus Photo RX585 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE [2007-03-30 182272] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-19 39408] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "Proxy Cdrom"=C:\ProgramData\Blah Chic Chic.lrunadh [] "Google Update"=C:\Users\sylvie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68590028] C:\ProgramData\68590028\68590028.exe [] C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Notification de cadeaux MSN.lnk - C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=128 "NoDriveAutoRun"=128 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-12-17 15:07:35 ----D---- C:\_OTM 2009-12-17 15:02:06 ----RASHD---- C:\autorun.inf 2009-12-17 14:59:13 ----A---- C:\UsbFix.txt 2009-12-17 14:56:40 ----D---- C:\UsbFix 2009-12-16 13:53:40 ----D---- C:\rsit 2009-12-15 16:32:35 ----D---- C:\Program Files\Trend Micro 2009-12-15 16:31:58 ----D---- C:\HJT 2009-12-15 16:31:53 ----A---- C:\HJTInstall.exe 2009-12-15 13:00:07 ----D---- C:\Users\sylvie\AppData\Roaming\IDM 2009-12-15 00:25:22 ----D---- C:\Users\sylvie\AppData\Roaming\Malwarebytes 2009-12-15 00:24:51 ----D---- C:\ProgramData\Malwarebytes 2009-12-15 00:24:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-15 00:17:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-13 15:07:52 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-13 15:07:50 ----A---- C:\Windows\system32\httpapi.dll 2009-12-11 12:36:00 ----D---- C:\Users\sylvie\AppData\Roaming\dvdcss 2009-12-10 01:02:42 ----A---- C:\Windows\system32\mshtml.dll 2009-12-10 01:02:40 ----A---- C:\Windows\system32\ieframe.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\wininet.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\urlmon.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\iertutil.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\occache.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\ieui.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-10 01:02:37 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iesetup.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iernonce.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iepeers.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-10 01:02:29 ----A---- C:\Windows\system32\rastls.dll 2009-11-27 08:13:18 ----A---- C:\Windows\system32\tzres.dll 2009-11-25 08:26:21 ----A---- C:\Windows\system32\msxml6.dll 2009-11-25 08:26:21 ----A---- C:\Windows\system32\msxml3.dll 2009-11-23 22:57:51 ----D---- C:\Program Files\Microsoft 2009-11-21 11:34:16 ----D---- C:\ProgramData\WindowsSearch ======List of files/folders modified in the last 1 months====== 2009-12-17 15:11:15 ----D---- C:\Windows\Temp 2009-12-17 15:09:39 ----D---- C:\Users\sylvie\AppData\Roaming\Skype 2009-12-17 15:08:16 ----D---- C:\Windows 2009-12-17 15:07:39 ----RD---- C:\Program Files 2009-12-17 15:07:36 ----HD---- C:\ProgramData 2009-12-17 15:07:16 ----D---- C:\Windows\Prefetch 2009-12-17 15:05:27 ----D---- C:\Windows\System32 2009-12-17 15:05:27 ----D---- C:\Windows\inf 2009-12-17 15:05:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-17 15:04:30 ----D---- C:\Program Files\Mozilla Firefox 2009-12-17 15:01:17 ----D---- C:\Windows\Tasks 2009-12-17 15:00:23 ----SHD---- C:\$Recycle.Bin 2009-12-17 09:36:35 ----SHD---- C:\System Volume Information 2009-12-15 13:01:04 ----D---- C:\Users\sylvie\AppData\Roaming\DMCache 2009-12-15 13:00:13 ----D---- C:\Program Files\Internet Download Manager 2009-12-15 12:27:03 ----D---- C:\Windows\Debug 2009-12-15 08:58:11 ----D---- C:\Windows\system32\drivers 2009-12-15 08:58:11 ----D---- C:\Windows\nap 2009-12-15 02:05:38 ----D---- C:\Users\sylvie\AppData\Roaming\vlc 2009-12-15 00:17:56 ----D---- C:\Program Files\Common Files 2009-12-14 23:37:19 ----D---- C:\Windows\system32\Tasks 2009-12-14 18:38:27 ----D---- C:\Windows\system32\catroot2 2009-12-13 15:08:48 ----D---- C:\Windows\winsxs 2009-12-13 15:08:37 ----D---- C:\Windows\system32\catroot 2009-12-11 08:13:38 ----D---- C:\Windows\system32\migration 2009-12-11 08:13:37 ----D---- C:\Program Files\Internet Explorer 2009-12-10 11:38:50 ----SHD---- C:\Windows\Installer 2009-12-10 11:38:43 ----D---- C:\ProgramData\Microsoft Help 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-12-01 16:29:49 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-27 08:23:49 ----D---- C:\Windows\rescache 2009-11-27 08:14:05 ----D---- C:\Windows\system32\fr-FR 2009-11-26 18:55:12 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-09-15 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-09-15 52368] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 3155456] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-11 610304] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 194032] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680] S2 gupdate1ca10695e4c07e0;Service Google Update (gupdate1ca10695e4c07e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- J'avais compris
- le 17 décembre 2009
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Bonsoir, Merci pour ta réponse , j'attaquerais tout cela demain dans l'après-midi. C'est super gentil de m'aider , de tout expliquer ( moi qui ne suit pas experte en informatique , je comprends tout ^^ ) Puis , je fais faire le grand ménage pour avoir plus de place car c'est sur que cela fait juste =/ Bonne soirée ( nuit )
- le 16 décembre 2009
- 17 réponses
Virus security Tool

ady a répondu à un(e) sujet de ady dans Analyses et éradication malwares

Merci pour ta réponse Mon Pc est un peu plus lent , je ne sais pas si cela à un rapport Voici les 2 rapports : Logfile of random's system information tool 1.06 (written by random/random) Run by sylvie at 2009-12-16 13:53:40 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 8 GB (9%) free of 95 GB Total RAM: 3070 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:43, on 16/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\P2Pcontrol\p2control.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SLUI.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\sylvie\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\sylvie.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [P2Pcontrol] C:\Program Files\P2Pcontrol\p2control.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\Windows\TEMP\E_SE927.tmp" /EF "HKCU" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Proxy Cdrom] "C:\ProgramData\Blah Chic Chic.lrunadh" O4 - HKCU\..\Run: [Google Update] "C:\Users\sylvie\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1ca10695e4c07e0) (gupdate1ca10695e4c07e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 10405 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388151536-27031529-2942691933-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388151536-27031529-2942691933-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-05 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-19 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-05 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192] "NPCTray"=C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD [] "Google EULA Launcher"=c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [2008-05-28 20480] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-05 136600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440] "P2Pcontrol"=C:\Program Files\P2Pcontrol\p2control.exe [2009-09-14 241664] "Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "recinfo"=c:\recinfo\recinfo.exe [2008-02-13 52224] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "EPSON Stylus Photo RX585 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE [2007-03-30 182272] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-19 39408] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "Proxy Cdrom"=C:\ProgramData\Blah Chic Chic.lrunadh [2009-09-26 65552] "Google Update"=C:\Users\sylvie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68590028] C:\ProgramData\68590028\68590028.exe [] C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Notification de cadeaux MSN.lnk - C:\Users\sylvie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\SYSTEM32\DMDSKRES32.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60ba9c3b-658a-11de-83d4-00030da54ef0}] shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usb.exe shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usb.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-12-16 13:53:40 ----D---- C:\rsit 2009-12-15 16:32:35 ----D---- C:\Program Files\Trend Micro 2009-12-15 16:31:58 ----D---- C:\HJT 2009-12-15 16:31:53 ----A---- C:\HJTInstall.exe 2009-12-15 13:00:07 ----D---- C:\Users\sylvie\AppData\Roaming\IDM 2009-12-15 00:25:22 ----D---- C:\Users\sylvie\AppData\Roaming\Malwarebytes 2009-12-15 00:24:51 ----D---- C:\ProgramData\Malwarebytes 2009-12-15 00:24:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-15 00:17:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-14 23:36:46 ----SHD---- C:\ProgramData\WSOFCUHFCD_APDM 2009-12-14 23:36:28 ----SHD---- C:\ProgramData\7c429c1 2009-12-13 15:07:52 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-13 15:07:50 ----A---- C:\Windows\system32\httpapi.dll 2009-12-11 12:36:00 ----D---- C:\Users\sylvie\AppData\Roaming\dvdcss 2009-12-10 01:02:42 ----A---- C:\Windows\system32\mshtml.dll 2009-12-10 01:02:40 ----A---- C:\Windows\system32\ieframe.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\wininet.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\urlmon.dll 2009-12-10 01:02:39 ----A---- C:\Windows\system32\iertutil.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\occache.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\msfeeds.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\ieui.dll 2009-12-10 01:02:38 ----A---- C:\Windows\system32\iedkcs32.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\msfeedssync.exe 2009-12-10 01:02:37 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\jsproxy.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\ieUnatt.exe 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iesysprep.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iesetup.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iernonce.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\iepeers.dll 2009-12-10 01:02:37 ----A---- C:\Windows\system32\ie4uinit.exe 2009-12-10 01:02:29 ----A---- C:\Windows\system32\rastls.dll 2009-11-27 08:13:18 ----A---- C:\Windows\system32\tzres.dll 2009-11-25 08:26:21 ----A---- C:\Windows\system32\msxml6.dll 2009-11-25 08:26:21 ----A---- C:\Windows\system32\msxml3.dll 2009-11-23 22:57:51 ----D---- C:\Program Files\Microsoft 2009-11-21 11:34:16 ----D---- C:\ProgramData\WindowsSearch 2009-11-17 15:00:02 ----D---- C:\Users\sylvie\AppData\Roaming\Nero ======List of files/folders modified in the last 1 months====== 2009-12-16 13:53:43 ----D---- C:\Windows\Prefetch 2009-12-16 13:53:42 ----D---- C:\Windows\Temp 2009-12-16 13:24:10 ----D---- C:\Windows\Tasks 2009-12-16 12:40:02 ----SHD---- C:\System Volume Information 2009-12-15 16:32:35 ----RD---- C:\Program Files 2009-12-15 16:16:42 ----D---- C:\Users\sylvie\AppData\Roaming\Skype 2009-12-15 13:01:04 ----D---- C:\Users\sylvie\AppData\Roaming\DMCache 2009-12-15 13:00:13 ----D---- C:\Program Files\Internet Download Manager 2009-12-15 13:00:04 ----D---- C:\Windows\System32 2009-12-15 12:27:03 ----D---- C:\Windows\Debug 2009-12-15 12:27:03 ----D---- C:\Windows 2009-12-15 09:02:57 ----D---- C:\Windows\inf 2009-12-15 09:02:57 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-15 08:58:11 ----D---- C:\Windows\system32\drivers 2009-12-15 08:58:11 ----D---- C:\Windows\nap 2009-12-15 02:05:38 ----D---- C:\Users\sylvie\AppData\Roaming\vlc 2009-12-15 00:36:59 ----HD---- C:\ProgramData 2009-12-15 00:36:59 ----D---- C:\Program Files\GamesBar 2009-12-15 00:17:56 ----D---- C:\Program Files\Common Files 2009-12-14 23:37:19 ----D---- C:\Windows\system32\Tasks 2009-12-14 18:38:27 ----D---- C:\Windows\system32\catroot2 2009-12-14 15:49:57 ----D---- C:\Users\sylvie\AppData\Roaming\LimeWire 2009-12-13 15:08:48 ----D---- C:\Windows\winsxs 2009-12-13 15:08:37 ----D---- C:\Windows\system32\catroot 2009-12-11 08:13:38 ----D---- C:\Windows\system32\migration 2009-12-11 08:13:37 ----D---- C:\Program Files\Internet Explorer 2009-12-10 11:38:50 ----SHD---- C:\Windows\Installer 2009-12-10 11:38:43 ----D---- C:\ProgramData\Microsoft Help 2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe 2009-12-01 16:29:49 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-27 08:23:49 ----D---- C:\Windows\rescache 2009-11-27 08:14:05 ----D---- C:\Windows\system32\fr-FR 2009-11-26 18:55:12 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-09-15 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-09-15 52368] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 3155456] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960] R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592] R3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] R3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-11 610304] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-29 877864] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680] S2 gupdate1ca10695e4c07e0;Service Google Update (gupdate1ca10695e4c07e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-29 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 194032] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-12-16 13:53:47 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R GamesBar 2.0.1.12-->C:\Program Files\GamesBar\uninst.exe Go-Go Gourmet-->"C:\Program Files\Gamenext\Go-Go Gourmet\Uninstall.exe" "C:\Program Files\Gamenext\Go-Go Gourmet\install.log" Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466} Guitare Tuner-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Jld SoftWare\Guitare Tuner\Uninst.isu" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761} Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4646CC8-905B-4E6D-A094-4C9FB1621042}\Setup.exe" -l0x40c Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Métronome - Version Démo - version 2.1-->"C:\Program Files\Métronome - Version Démo\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 8 Essentials-->MsiExec.exe /X{854C47D1-C2A0-4492-8655-C3F8D49C1036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} P2Pcontrol 1.0-->C:\Program Files\P2Pcontrol\uninst.exe PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe" PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Réussir son Code de la Route-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6183FB3A-9BF2-405C-B3CD-86154BE2BC95}\SETUP.EXE" -l0x40c -removeonly Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 SystemDiagnostics-->MsiExec.exe /X{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5} VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Wendy`s Wellness-->"C:\Program Files\Gamenext\Wendys Wellness\Uninstall.exe" "C:\Program Files\Gamenext\Wendys Wellness\install.log" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" ======Security center information====== AV: Norman Security Suite ver. 7.00 (disabled) AS: Windows Defender ======System event log====== Computer Name: PC-de-sylvie Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB970238(Security Update) à l’état Installation demandée(Install Requested) Record Number: 39512 Source Name: Microsoft-Windows-Servicing Time Written: 20090618075337.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-sylvie Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB970238(Security Update) à l’état Installation demandée(Install Requested) Record Number: 39510 Source Name: Microsoft-Windows-Servicing Time Written: 20090618075337.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-sylvie Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB970238(Security Update) à l’état Intermédiaire(Staged) Record Number: 39509 Source Name: Microsoft-Windows-Servicing Time Written: 20090618075337.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-sylvie Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB970238(Security Update) à l’état Intermédiaire(Staged) Record Number: 39508 Source Name: Microsoft-Windows-Servicing Time Written: 20090618075337.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-sylvie Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB970238(Security Update) à l’état Installation demandée(Install Requested) Record Number: 39506 Source Name: Microsoft-Windows-Servicing Time Written: 20090618075337.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: PC-de-sylvie Event Code: 1 Message: Record Number: 1013 Source Name: NormanNPT Time Written: 20090403111814.000000-000 Event Type: Erreur User: Computer Name: PC-de-sylvie Event Code: 1 Message: Record Number: 1009 Source Name: NormanNPT Time Written: 20090403101751.000000-000 Event Type: Erreur User: Computer Name: PC-de-sylvie Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 1003 Source Name: Microsoft-Windows-WMI Time Written: 20090403071740.000000-000 Event Type: Erreur User: Computer Name: PC-de-sylvie Event Code: 1000 Message: Application défaillante fscreg.exe, version 1.1.0.0, horodatage 0x47331391, module défaillant urlmon.dll, version 8.0.6001.18702, horodatage 0x49b3ad4e, code d’exception 0xc0000005, décalage d’erreur 0x00001a8c, ID du processus 0xd2c, heure de début de l’application 0x01c9b42c183bb4c7. Record Number: 1000 Source Name: Application Error Time Written: 20090403071642.000000-000 Event Type: Erreur User: Computer Name: PC-de-sylvie Event Code: 1000 Message: Application défaillante fscreg.exe, version 1.1.0.0, horodatage 0x47331391, module défaillant urlmon.dll, version 8.0.6001.18702, horodatage 0x49b3ad4e, code d’exception 0xc0000005, décalage d’erreur 0x00001a8c, ID du processus 0x5ac, heure de début de l’application 0x01c9b3cc018feb6f. Record Number: 972 Source Name: Application Error Time Written: 20090402194849.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: PC-de-sylvie Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SYLVIE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 2 Nouvelle ouverture de session : ID de sécurité : S-1-5-21-388151536-27031529-2942691933-1000 Nom du compte : sylvie Domaine du compte : PC-de-sylvie ID d’ouverture de session : 0x1b733 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2e8 Nom du processus : C:\Windows\System32\winlogon.exe Informations sur le réseau : Nom de la station de travail : PC-DE-SYLVIE Adresse du réseau source : 127.0.0.1 Port source : 0 Informations détaillées sur l’authentification : Processus d’ouverture de session : User32 Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 7248 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090524115804.556874-000 Event Type: Succès de l'audit User: Computer Name: PC-de-sylvie Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SYLVIE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 2 Nouvelle ouverture de session : ID de sécurité : S-1-5-21-388151536-27031529-2942691933-1000 Nom du compte : sylvie Domaine du compte : PC-de-sylvie ID d’ouverture de session : 0x1b6de GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2e8 Nom du processus : C:\Windows\System32\winlogon.exe Informations sur le réseau : Nom de la station de travail : PC-DE-SYLVIE Adresse du réseau source : 127.0.0.1 Port source : 0 Informations détaillées sur l’authentification : Processus d’ouverture de session : User32 Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 7247 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090524115804.556874-000 Event Type: Succès de l'audit User: Computer Name: PC-de-sylvie Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SYLVIE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : sylvie Domaine du compte : PC-de-sylvie GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x2e8 Nom du processus : C:\Windows\System32\winlogon.exe Informations sur le réseau : Adresse du réseau : 127.0.0.1 Port : 0 Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 7246 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090524115804.556874-000 Event Type: Succès de l'audit User: Computer Name: PC-de-sylvie Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 7245 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090524115802.404074-000 Event Type: Succès de l'audit User: Computer Name: PC-de-sylvie Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SYLVIE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2a4 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 7244 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090524115802.404074-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%NpmLib%;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "NpmLib"=C:\Program Files\Norman\Npm\Bin "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- PS: J'ai fais ce que tu m'as dis pour les notifications par mail
- le 16 décembre 2009
- 17 réponses
Virus security Tool

ady a posté un sujet dans Analyses et éradication malwares

Bonjour, Hier soir moi aussi j'ai été infecté par ce virus J'ai installé Malwarebytes' Anti-Malware , j'ai fais l'analyse voici le rapport : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3361 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 15/12/2009 00:37:01 mbam-log-2009-12-15 (00-37-01).txt Type de recherche: Examen rapide Eléments examinés: 95844 Temps écoulé: 9 minute(s), 46 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 19 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 29 Processus mémoire infecté(s): C:\ProgramData\7c429c1\WS7c42.exe (Rogue.WindowsEnterpriseDefender) -> Unloaded process successfully. C:\Users\sylvie\AppData\Local\Temp\dbrbbr_94ac07ebd1.exe (Trojan.Dropper) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{773b1aad-a8dd-4010-a903-cdb32938f595} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\divocodec (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DivoCodec.exe (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system defender (Rogue.WindowsEnterpriseDefender) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\curb tool help dart (Trojan.Swizzor) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\ProgramData\68590028 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\DivoCodec (Trojan.Downloader) -> Delete on reboot. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\System Defender (Rogue.SystemDefender) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\ProgramData\7c429c1\WS7c42.exe (Rogue.WindowsEnterpriseDefender) -> Quarantined and deleted successfully. C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully. C:\Program Files\DivoCodec\WakeSplitter.ax (Trojan.Agent) -> Delete on reboot. C:\Users\sylvie\AppData\Local\Temp\cmsxenoawr.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\F97B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\waenxmrcos.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\F0F4.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\Setup.tmp (Adware.Agent) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\A21.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\roecxaswmn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\rxeowacnms.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\mnsocawxre.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\nmwecsarxo.exe (Trojan.Vilsel) -> Quarantined and deleted successfully. C:\ProgramData\68590028\68590028.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\DivoCodec\DivoCodec.url (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\DivoCodec\uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivoCodec\DivoCodec.lnk (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivoCodec\HomePage.lnk (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivoCodec\Uninstall.lnk (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\System Defender\cookies.sqlite (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\System Defender\Instructions.ini (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Users\sylvie\Desktop\System Defender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Defender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\System Defender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Defender.lnk (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Users\sylvie\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\sylvie\AppData\Local\Temp\dbrbbr_94ac07ebd1.exe (Trojan.Dropper) -> Quarantined and deleted successfully. Par contre , je ne mis connais pas de trop en pc , donc je ne sais pas ce qu'il vous faut d'autre , j'ai fais aussi HJT , voulez vous le rapport? Merci
- le 15 décembre 2009
- 17 réponses

Connexion

ady

Compteur de contenus

Inscription

Dernière visite

Autres informations

ady's Achievements

Junior Member (3/12)

Réputation sur la communauté

Virus security Tool

Virus security Tool

Virus security Tool

Virus security Tool

Virus security Tool

Virus security Tool

Virus security Tool

Virus security Tool

Virus security Tool

Zebulon

Outils en ligne

Naviguer