akin13

Je vais potasser ca et je ferai remonter le topic s'il j'ai des questions. Merci encore à toi et à tes collègues

Rebooting fait (pas de rapports ) Pour compléter, saurais tu me dire parmi les elements qui se lancent au démarrage lesquels je peux désactiver sans soucis ? Daemon pour le citer que lui ... beh je ne sais pas de quoi il s'agit, l'ami qui m'a monté la bécane à la base m'avait mis ca mais l'utilité ... :$ Merci encore

ComboFix désinstallé, Pas de Qooboo dans C:\ Rapport HijackThis (Rapport OTC dans la réponse suivante pour plus de lisibilité) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:24:31, on 28/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Akin\Mes documents\Akin2010.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 7724 bytes

Ca a l'air arrangé; j'ai passé search and destroy, antivir et quelques autres soft que j'avais tout est négatif. ComboFix a fait le ménage ? Merci en tout cas pour ton invervention "très" rapide. De très bonnes fêtes à toi !! Akin

Rapport MBR Rootkit detector Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

Rapport TDSSKiller 18:42:11:625 10036 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 18:42:11:625 10036 ================================================================================ 18:42:11:625 10036 SystemInfo: 18:42:11:625 10036 OS Version: 5.1.2600 ServicePack: 3.0 18:42:11:625 10036 Product type: Workstation 18:42:11:625 10036 ComputerName: KIKOULOL 18:42:11:625 10036 UserName: Akin2010 18:42:11:625 10036 Windows directory: C:\WINDOWS 18:42:11:625 10036 Processor architecture: Intel x86 18:42:11:625 10036 Number of processors: 2 18:42:11:625 10036 Page size: 0x1000 18:42:11:625 10036 Boot type: Normal boot 18:42:11:625 10036 ================================================================================ 18:42:11:625 10036 ForceUnloadDriver: NtUnloadDriver error 2 18:42:11:625 10036 ForceUnloadDriver: NtUnloadDriver error 2 18:42:11:625 10036 ForceUnloadDriver: NtUnloadDriver error 2 18:42:11:625 10036 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 18:42:11:625 10036 main: Driver KLMD successfully dropped 18:42:11:625 10036 main: Driver KLMD successfully loaded 18:42:11:625 10036 Scanning Registry ... 18:42:11:625 10036 ScanServices: Searching service UACd.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service TDSSserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service gaopdxserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service gxvxcserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service MSIVXserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 18:42:11:625 10036 UnhookRegistry: Kernel local addr: A40000 18:42:11:625 10036 UnhookRegistry: KeServiceDescriptorTable addr: AC5700 18:42:11:625 10036 UnhookRegistry: KiServiceTable addr: A6D460 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey service number (local): 47 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey local addr: B8CFF2 18:42:11:625 10036 KLMD_OpenDevice: Trying to open KLMD device 18:42:11:625 10036 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 18:42:11:625 10036 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 18:42:11:625 10036 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4] 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey service number (kernel): 47 18:42:11:625 10036 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4] 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey real addr: 80623FF2 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2 18:42:11:625 10036 UnhookRegistry: No SDT hooks found on NtEnumerateKey 18:42:11:625 10036 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA] 18:42:11:625 10036 UnhookRegistry: No splicing found on NtEnumerateKey 18:42:11:640 10036 Scanning Kernel memory ... 18:42:11:640 10036 KLMD_OpenDevice: Trying to open KLMD device 18:42:11:640 10036 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 18:42:11:640 10036 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 18:42:11:640 10036 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A5E6940 18:42:11:640 10036 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects 18:42:11:640 10036 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A5ECC68 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5ECC68 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5ECC68[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A5E6940 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E6940[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE1003438[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 18:42:11:640 10036 KLMD_ReadMem: DeviceIoControl error 1 18:42:11:640 10036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 18:42:11:640 10036 TDL3_FileDetect: Processing driver: Disk 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A647C68 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A647C68 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A647C68[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A5E6940 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E6940[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE1003438[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 18:42:11:640 10036 KLMD_ReadMem: DeviceIoControl error 1 18:42:11:640 10036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 18:42:11:640 10036 TDL3_FileDetect: Processing driver: Disk 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A5E39F0 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5E39F0 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E39F0[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A5E6940 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E6940[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE1003438[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 18:42:11:640 10036 KLMD_ReadMem: DeviceIoControl error 1 18:42:11:640 10036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 18:42:11:640 10036 TDL3_FileDetect: Processing driver: Disk 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A649AB8 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A649AB8 18:42:11:640 10036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A6509E8 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6509E8 18:42:11:640 10036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A662D98 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A662D98 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A662D98[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A65BF38 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A65BF38[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE176B840[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: All IRP handlers pointed to one addr: 8A5E2EA0 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E2EA0[0x400] 18:42:11:640 10036 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xB9F11864[0x400] 18:42:11:640 10036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 18:42:11:640 10036 TDL3_FileDetect: Processing driver: atapi 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:671 10036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A5E5AB8 18:42:11:671 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5E5AB8 18:42:11:671 10036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A5ED9E8 18:42:11:671 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5ED9E8 18:42:11:671 10036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A651D98 18:42:11:671 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A651D98 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A651D98[0x38] 18:42:11:671 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A65BF38 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A65BF38[0xA8] 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0xE176B840[0x208] 18:42:11:671 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 18:42:11:671 10036 DetectCureTDL3: IrpHandler (0) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (1) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (2) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (3) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (4) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (5) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (6) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (7) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler ( addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (9) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (10) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (11) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (12) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (13) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (14) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (15) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (16) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (17) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (18) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (19) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (20) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (21) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (22) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (23) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (24) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (25) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (26) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: All IRP handlers pointed to one addr: 8A5E2EA0 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E2EA0[0x400] 18:42:11:671 10036 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0xB9F11864[0x400] 18:42:11:671 10036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 18:42:11:671 10036 TDL3_FileDetect: Processing driver: atapi 18:42:11:671 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 18:42:11:671 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:671 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:671 10036 Completed Results: 18:42:11:671 10036 Infected objects in memory: 0 18:42:11:671 10036 Cured objects in memory: 0 18:42:11:671 10036 Infected objects on disk: 0 18:42:11:671 10036 Objects on disk cured on reboot: 0 18:42:11:671 10036 Objects on disk deleted on reboot: 0 18:42:11:671 10036 Registry nodes deleted on reboot: 0 18:42:11:671 10036 Je reboot comme demandé dans ton dernier message.

Après une lutte sans merci (et sans s'il vous plait) j'y suis arrivé ... Rapport ComboFix ComboFix 09-12-26.05 - Akin2010 27/12/2009 18:26:05.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1683 [GMT 1:00] Lancé depuis: c:\documents and settings\Akin2010\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\H8SRTvtlonlkiqu.sys c:\windows\system32\H8SRTjdbqlxfelt.dat c:\windows\system32\H8SRTjgnpxbivkf.dll c:\windows\system32\H8SRTwbimovcxxk.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\srcr.dat . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 )))))))))))))))))))))))))))))))))))) . 2009-12-27 16:06 . 2009-12-27 16:06 -------- d-sh--w- c:\documents and settings\Akin2010\IECompatCache 2009-12-27 16:00 . 2009-12-27 16:00 -------- d-----w- c:\documents and settings\Akin2010\Application Data\TeamViewer 2009-12-27 16:00 . 2009-12-27 16:00 -------- d-----w- c:\documents and settings\Akin2010\temp 2009-12-27 15:20 . 2009-12-27 15:23 -------- d-----w- C:\rsit 2009-12-27 14:51 . 2009-12-27 14:51 -------- d-----w- c:\documents and settings\Akin2010\Local Settings\Application Data\Mozilla 2009-12-27 14:30 . 2009-12-27 14:30 29672 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 14:29 . 2009-12-27 14:29 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-12-27 07:02 . 2009-12-27 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\documents and settings\Akin\Application Data\Mozilla\plugins\npgoogletalk.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-27 16:40 . 2009-01-11 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-27 16:30 . 2009-01-11 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-27 15:42 . 2009-12-27 14:50 -------- d-----w- c:\documents and settings\Akin2010\Application Data\Skype 2009-12-27 14:50 . 2009-12-27 14:50 -------- d-----w- c:\documents and settings\Akin2010\Application Data\Camfrog 2009-12-27 14:50 . 2009-12-27 14:50 29672 ----a-w- c:\documents and settings\Akin2010\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 14:50 . 2009-12-27 14:50 -------- d-----w- c:\documents and settings\Akin2010\Application Data\ATI 2009-12-22 08:08 . 2002-08-30 12:00 72968 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-22 08:08 . 2002-08-30 12:00 464480 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-21 21:21 . 2009-02-02 19:30 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-10 15:18 . 2009-04-30 12:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 08:34 . 2009-01-18 15:54 -------- d-----w- c:\documents and settings\Akin\Application Data\Camfrog 2009-12-01 08:57 . 2009-10-19 08:55 -------- d-----w- c:\program files\Reference Manager 11 2009-11-26 19:09 . 2009-05-10 13:20 -------- d-----w- c:\documents and settings\Akin\Application Data\dvdcss 2009-11-19 19:44 . 2009-11-19 19:39 -------- d-----w- c:\program files\JDownloader 2009-11-13 14:26 . 2009-05-31 13:42 -------- d-----w- c:\program files\Ê¢´óÍøÂç 2009-11-02 15:27 . 2009-01-11 19:23 -------- d-----w- c:\documents and settings\Akin\Application Data\teamspeak2 2009-10-29 07:42 . 2008-04-13 17:33 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2008-04-13 17:33 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2008-04-13 17:33 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2008-04-13 09:53 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2008-04-13 17:33 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2008-04-13 17:33 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2008-04-13 17:33 150528 ----a-w- c:\windows\system32\rastls.dll 2009-10-04 16:15 . 2009-01-11 17:40 29672 ----a-w- c:\documents and settings\Akin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-10-27 08:37 . 2008-10-27 08:37 699488 -c--a-w- c:\program files\JUN2007_d3dx10_34_x86.cab 2008-10-27 08:36 . 2008-10-27 08:36 526160 -c--a-w- c:\program files\DXSETUP.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432] "CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2009-05-07 19:05 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog] 2009-06-16 07:20 41800 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-13 17:34 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] 2009-07-24 16:46 1935360 ----a-w- c:\program files\Curse\CurseClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-17 22:23 135664 ----atw- c:\documents and settings\Akin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-12-20 06:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] 2009-04-27 15:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-04-27 18:41 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-03-11 11:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "g:\\World of Warcraft sur Lioetlinou\\Launcher.exe"= "g:\\World of Warcraft Public Test\\Launcher.exe"= "g:\\World of Warcraft sur Lioetlinou\\BackgroundDownloader.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"= "c:\\Program Files\\eMule\\emule.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10522-frFR-ptr-downloader.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-frFR-ptr-downloader.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-frFR-ptr-downloader.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-frFR-ptr-downloader.exe"= "c:\\Documents and Settings\\Akin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Akin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Documents and Settings\\Akin2010\\temp\\TeamViewer\\Version5\\TeamViewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/01/2009 19:38 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/01/2009 19:38 5248] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/09/09 18:42];c:\program files\CyberLink\PowerDVD9\000.fcl [07/05/2009 20:05 87536] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/11/2008 19:47 476416] S3 SaiH80C1;SaiH80C1;c:\windows\system32\drivers\SaiH80C1.sys [05/10/2007 09:19 136320] . ------- Examen supplémentaire ------- . DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe FF - ProfilePath - c:\documents and settings\Akin2010\Application Data\Mozilla\Firefox\Profiles\qqqrrzle.default\ FF - prefs.js: browser.search.selectedEngine - xeoo.com FF - prefs.js: browser.startup.homepage - gmail.com FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com"); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k="); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox"); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe MSConfigStartUp-Malware Defense - c:\program files\Malware Defense\mdefense.exe MSConfigStartUp-richtx64 - c:\docume~1\Akin\LOCALS~1\Temp\richtx64.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-27 18:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5E2EA0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 \Driver\ACPI -> ACPI.sys @ 0xb9f58cb8 \Driver\atapi -> 0x8a5e2ea0 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xb9e04bb0 PacketIndicateHandler -> NDIS.sys @ 0xb9df3a0d SendHandler -> NDIS.sys @ 0xb9e07b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(956) c:\windows\system32\Ati2evxx.dll c:\windows\system32\MPRAPI.dll - - - - - - - > 'explorer.exe'(7240) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Heure de fin: 2009-12-27 18:33:40 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-27 17:33 Avant-CF: 17 769 992 192 octets libres Après-CF: 18 456 748 032 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 6BE0B135FEB7FA3568C3561DD3005E79 Edit: Antivir --> je ne trouvais pas l'option. Le poste va me reservir a partir de demain donc j'ai fait au plus rapide (j'ai deja antivir pret a etre réinstallé dès que le systeme sera opérationnel)

Antivirus effacé pour le moment J'ai lancé ComboFix Il m'ouvre une boite ressemblant a MSDOS (blanc sur fond bleu) Voilà le message: 'SWSC' n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de commandes. edit: je viens de relancer, ca semble fonctionner, je réditerai avec le rapport

J'ai la version de Antivir sur mon DD sauvegardé, ca craint pas trop (au point où j'en suis) si je l'efface totalement ?

question bête: j'ai antivir, comment le désactiver? (le cliq droit sur l'icône de barre de tâche ne semble pas suffire car combofix le détecte toujours)

Log ci-dessous Par contre chose étrange, il a rebooté deux fois ... (mais bon il a rebooté c'est deja ca) Merci Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "H8SRTd.sys" found! ImagePath: \systemroot\system32\drivers\H8SRTvtlonlkiqu.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "H8SRTd.sys" disabled successfully. Driver "H8SRTd.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate.

Re Désolé du temps de réponse. La machine bug de plus en plus. l'indicateur de l'UC est a 100% et j'ai souvent de gros freeze pendant lesquels je ne peux plus ouvrir ni fermer quoique ce soit) Je réponds d'une autre machine d'un autre temps ... mais qui se log ... J'ai refait la manip comme demandé, en générant un autre fichier aléatoire. Au même stade que précédemment j'ai une jolie fenetre me disant que le programme en question a rencontré un soucis et qu'il doit etre fermé

J'ai telechargé GMER, obtenu le fichier téléchargé au nom aéatoire. lorsque je lance le scan (apres avoir décoché comme demandé), il me lance le debut du scan avant de me faire une erreur (envoyer ou pas le rapport d'erreur ...) J'ai sauvé le debut du scan du coup mais bon ... il est très largement incomplet (ca se coupe au bou de a sec max) GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-27 17:14:25 Windows 5.1.2600 Service Pack 3 Running: nq92pk9s.exe; Driver: C:\DOCUME~1\Akin2010\LOCALS~1\Temp\pwriqpog.sys ---- System - GMER 1.0.15 ---- Code 8A2C2998 ZwEnumerateKey Code 8A2C1760 ZwFlushInstructionCache Code 8A2C330E IofCallDriver Code 8A2C35BE IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A653B58 Device \Driver\Cdrom \Device\CdRom0 8A278C40 Device \FileSystem\Rdbss \Device\FsWrap 8A29F848 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A278D48 Device \Driver\atapi \Device\Ide\IdePort0 8A278D48 Device \Driver\atapi \Device\Ide\IdePort1 8A278D48 Device \Driver\atapi \Device\Ide\IdePort2 8A278D48 Device \Driver\atapi \Device\Ide\IdePort3 8A278D48 Device \Driver\atapi \Device\Ide\IdePort4 8A278D48 Device \Driver\atapi \Device\Ide\IdePort5 8A278D48 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1b 8A278D48 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 8A278D48 Device \FileSystem\Srv \Device\LanmanServer 8A37B858 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A27AA78 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A27AA78 Device \FileSystem\Npfs \Device\NamedPipe 8A2B4790 Device \FileSystem\Msfs \Device\Mailslot 8A4A5AB0 Device \Driver\d347prt \Device\Scsi\d347prt1Port6Path0Target0Lun0 8A291458 Device \Driver\d347prt \Device\Scsi\d347prt1 8A291458 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A4B6888 Device \FileSystem\Cdfs \Cdfs 8A4E1E88

oui, il m'a généré deux ou trois elements sur le bureau avant de les faire disparaitre. edit: je viens de retest MBAM qui ne reagit toujours pas

Malwarebytes' Anti-Malware (MBAM) s'est téléchargé correctement mais ne se lance pas lorsque je double clic (comme la plupart des search and destroy ou autre que j'ai tenté de lancer précédemment. Merci de la réponse :$

Bonjour, Je suis également victime de Malware defense et me suit fait berner comme la personne sur le topic créé hier apparemment (http://forum.zebulon.fr/malware-defense-windows-security-alert-pop-up-bis-t171709.html) De mon côté, lancer search and destroy, antivirus, ou autre ne fonctionne pas pour le moment. La machine arrive rapidement à saturation et mouline dans le vide ... J'ai du coup créé une nouvelle session sur laquelle j'arrive encore à lancer internet pour poster ici ... Afin de faire gagner du temps aux gentil bonhomme habillé en Père Noel, je reprends le début de ce que vous aviez demandé à la personne dont je parle au dessus. Comme demandé par Falkra dans le post en question, je fais deux post "reponses" avec successivement les deux rapports: log.txt info.txt Merci de votre aide Akin Logfile of random's system information tool 1.06 (written by random/random) Run by Akin2010 at 2009-12-27 16:20:27 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 17 GB (33%) free of 51 GB Total RAM: 2047 MB (69% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1960408961-1801674531-1004Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1960408961-1801674531-1004UA.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job C:\WINDOWS\tasks\User_Feed_Synchronization-{BA4D45AD-CEE8-4D21-9DC1-8C6D0C76ECFF}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-26 809864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-26 809864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088] "Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2007-09-06 1426432] "CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176] "Cpu Level Up help"=C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-09-11 880640] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2007-10-02 233472] "SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2007-10-02 131072] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "Launch LgDevAgt"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2008-11-06 358920] "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2008-11-06 2816520] "Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2008-11-06 1548296] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "Camfrog"=C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe [2009-06-16 41800] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog] C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe [2009-06-16 41800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] C:\Program Files\Curse\CurseClient.exe [2009-07-24 1935360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\Akin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-17 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Defense] C:\Program Files\Malware Defense\mdefense.exe -noscan [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-04-27 87336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\richtx64.exe] C:\DOCUME~1\Akin\LOCALS~1\Temp\richtx64.exe [2009-12-27 716800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"="C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module" "C:\Documents and Settings\Akin\Local Settings\Temp\Blizzard Launcher Temporary - 842d4f90\Launcher.exe"="C:\Documents and Settings\Akin\Local Settings\Temp\Blizzard Launcher Temporary - 842d4f90\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv" "G:\World of Warcraft sur Lioetlinou\Launcher.exe"="G:\World of Warcraft sur Lioetlinou\Launcher.exe:*:Enabled:Blizzard Launcher" "G:\World of Warcraft Public Test\Launcher.exe"="G:\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher" "G:\World of Warcraft sur Lioetlinou\BackgroundDownloader.exe"="G:\World of Warcraft sur Lioetlinou\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client" "G:\World of Warcraft sur Lioetlinou\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"="G:\World of Warcraft sur Lioetlinou\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "G:\World of Warcraft sur Lioetlinou\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"="G:\World of Warcraft sur Lioetlinou\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "G:\World of Warcraft sur Lioetlinou\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"="G:\World of Warcraft sur Lioetlinou\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "G:\World of Warcraft sur Lioetlinou\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"="G:\World of Warcraft sur Lioetlinou\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "G:\World of Warcraft Public Test\WoW-0.3.0.10522-frFR-ptr-downloader.exe"="G:\World of Warcraft Public Test\WoW-0.3.0.10522-frFR-ptr-downloader.exe:*:Enabled:Blizzard Downloader" "G:\World of Warcraft Public Test\WoW-0.3.0.10522-to-0.3.0.10554-frFR-ptr-downloader.exe"="G:\World of Warcraft Public Test\WoW-0.3.0.10522-to-0.3.0.10554-frFR-ptr-downloader.exe:*:Enabled:Blizzard Downloader" "G:\World of Warcraft Public Test\WoW-0.3.0.10554-to-0.3.0.10571-frFR-ptr-downloader.exe"="G:\World of Warcraft Public Test\WoW-0.3.0.10554-to-0.3.0.10571-frFR-ptr-downloader.exe:*:Enabled:Blizzard Downloader" "G:\World of Warcraft Public Test\WoW-0.3.0.10571-to-0.3.0.10596-frFR-ptr-downloader.exe"="G:\World of Warcraft Public Test\WoW-0.3.0.10571-to-0.3.0.10596-frFR-ptr-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\Akin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Akin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin" "C:\Documents and Settings\Akin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Akin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296f464f-e009-11dd-9cdd-806d6172696f}] shell\AutoRun\command - D:\setup.exe ======List of files/folders created in the last 1 months====== 2009-12-27 16:20:27 ----D---- C:\rsit 2009-12-27 15:55:28 ----D---- C:\Documents and Settings\Akin2010\Application Data\Sun 2009-12-27 15:51:19 ----D---- C:\Documents and Settings\Akin2010\Application Data\Macromedia 2009-12-27 15:51:07 ----D---- C:\Documents and Settings\Akin2010\Application Data\Mozilla 2009-12-27 15:50:45 ----D---- C:\Documents and Settings\Akin2010\Application Data\Adobe 2009-12-27 15:50:32 ----D---- C:\Documents and Settings\Akin2010\Application Data\Camfrog 2009-12-27 15:50:28 ----D---- C:\Documents and Settings\Akin2010\Application Data\Skype 2009-12-27 15:50:26 ----D---- C:\Documents and Settings\Akin2010\Application Data\ATI 2009-12-27 15:50:20 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-12-27 15:50:17 ----D---- C:\Documents and Settings\Akin2010\Application Data\Identities 2009-12-27 15:50:17 ----A---- C:\WINDOWS\OEWABLog.txt 2009-12-27 15:50:01 ----SD---- C:\Documents and Settings\Akin2010\Application Data\Microsoft 2009-12-27 15:50:01 ----ASH---- C:\Documents and Settings\Akin2010\Application Data\desktop.ini 2009-12-27 14:53:02 ----A---- C:\WINDOWS\ntbtlog.txt 2009-12-27 08:03:58 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2009-12-27 08:01:57 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini 2009-12-10 00:53:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-10 00:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-10 00:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-10 00:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-10 00:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ ======List of files/folders modified in the last 1 months====== 2009-12-27 16:07:02 ----D---- C:\Program Files\Mozilla Firefox 2009-12-27 16:03:48 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-12-27 16:02:04 ----D---- C:\WINDOWS\Temp 2009-12-27 16:02:04 ----D---- C:\WINDOWS\system32 2009-12-27 15:50:24 ----SHD---- C:\WINDOWS\Installer 2009-12-27 15:50:20 ----D---- C:\WINDOWS 2009-12-27 15:50:18 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-27 15:50:01 ----D---- C:\Documents and Settings 2009-12-27 15:41:13 ----SH---- C:\boot.ini 2009-12-27 15:41:13 ----A---- C:\WINDOWS\win.ini 2009-12-27 15:41:13 ----A---- C:\WINDOWS\system.ini 2009-12-27 14:19:47 ----RD---- C:\Program Files 2009-12-27 14:13:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-27 08:02:40 ----D---- C:\WINDOWS\system32\drivers 2009-12-27 08:02:28 ----D---- C:\WINDOWS\Prefetch 2009-12-22 09:08:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-21 22:21:51 ----D---- C:\Program Files\Windows Live Safety Center 2009-12-21 22:21:50 ----HD---- C:\WINDOWS\inf 2009-12-10 00:53:30 ----A---- C:\WINDOWS\imsins.BAK 2009-12-10 00:53:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-10 00:52:55 ----D---- C:\Program Files\Internet Explorer 2009-12-10 00:52:47 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe 2009-12-01 09:57:10 ----D---- C:\Program Files\Reference Manager 11 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/09/09 18:42:20]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624] R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-08-30 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-12-17 13848] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104] R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2007-10-05 14080] R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2007-10-05 35200] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-06-08 262912] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 476416] S3 SaiH80C1;SaiH80C1; C:\WINDOWS\system32\DRIVERS\SaiH80C1.sys [2007-10-05 136320] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760] S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289] S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-03-31 250616] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-15 2722845] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-12-27 16:23:08 ======Uninstall list====== -->"C:\Program Files\WildGames\FATE\Uninstall.exe" -->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001} Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe adsl TV-->C:\Program Files\adslTV\Uninstal.exe AI Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x40c Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3} ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe" ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Camfrog Video Chat 5.3-->"C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe" CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Curse Client-->C:\Program Files\Curse\uninstall.exe CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} eMule-->"C:\Program Files\eMule\Uninstall.exe" Free PDF to Word Converter 1.5-->"C:\Program Files\Free PDF to Word Converter\unins000.exe" G15_TeamSpeak (NSIS)-->"C:\Program Files\Schmads Inc\G15_TeamSpeak\uninstall.exe" Google Talk Plugin-->MsiExec.exe /I{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015} HijackThis 2.0.2-->"C:\Documents and Settings\Akin\Bureau\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} ISI ResearchSoft - Export Helper-->C:\PROGRA~1\FICHIE~1\Risxtd\_UNINST.EXE Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} JDownloader-->C:\Program Files\JDownloader\uninstall.exe Jeux WildTangent-->"C:\Program Files\WildGames\Uninstall.exe" Logitech GamePanel Software 3.01-->MsiExec.exe /X{9B5B156B-9A4B-48FB-AA59-47B221495A7B} Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14} Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Reference Manager 11.0.1-->MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398} Saitek SD6 Programming Software 6.0.10.7-->MsiExec.exe /X{28B8BEE3-1F62-4FCC-A5A7-7641AAFC3BB5} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Malware Defense (outdated) AV: AntiVir Desktop ======System event log====== Computer Name: KIKOULOL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness). Record Number: 14514 Source Name: Service Control Manager Time Written: 20091119120648.000000+060 Event Type: Informations User: KIKOULOL\Akin Computer Name: KIKOULOL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant. Record Number: 14513 Source Name: Service Control Manager Time Written: 20091119120648.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: KIKOULOL Event Code: 7036 Message: Le service Téléphonie est entré dans l'état : en cours d'exécution. Record Number: 14512 Source Name: Service Control Manager Time Written: 20091119120648.000000+060 Event Type: Informations User: Computer Name: KIKOULOL Event Code: 7036 Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution. Record Number: 14511 Source Name: Service Control Manager Time Written: 20091119120648.000000+060 Event Type: Informations User: Computer Name: KIKOULOL Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur. Record Number: 14510 Source Name: Service Control Manager Time Written: 20091119120647.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: KIKOULOL Event Code: 105 Message: The service was started. Record Number: 5 Source Name: ATI Smart Time Written: 20091227144157.000000+060 Event Type: Informations User: Computer Name: KIKOULOL Event Code: 0 Message: Record Number: 4 Source Name: RichVideo Time Written: 20091227143655.000000+060 Event Type: Informations User: Computer Name: KIKOULOL Event Code: 105 Message: The service was started. Record Number: 3 Source Name: ATI Smart Time Written: 20091227143651.000000+060 Event Type: Informations User: Computer Name: KIKOULOL Event Code: 0 Message: Record Number: 2 Source Name: RichVideo Time Written: 20091227143141.000000+060 Event Type: Informations User: Computer Name: KIKOULOL Event Code: 105 Message: The service was started. Record Number: 1 Source Name: ATI Smart Time Written: 20091227143136.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------