astor82

Membres

Afficher le profil Afficher son activité

Compteur de contenus
7
Inscription
le 18 janvier 2010
Dernière visite
le 24 janvier 2010

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par astor82

Comment éradiquer problème ?

astor82 a répondu à un(e) sujet de astor82 dans Analyses et éradication malwares

Un grand merci pour votre disponibilité et vos compétences partagées, mon amie Cathy (qui n'est donc pas une cliente) dont j'assure la maintenance de son ordi vous remercie à son tour. COPIE DU LOG All processes killed ========== PROCESSES ========== ========== FILES ========== C:\WINDOWS\system32\unrar.exe moved successfully. C:\Documents and Settings\cathy\Application Data\SystemProc folder moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Application Data User: cathy ->Temp folder emptied: 2823 bytes ->Temporary Internet Files folder emptied: 26080758 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 557424 bytes ->Apple Safari cache emptied: 124016 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 3234623 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 102494484 bytes User: Propriétaire %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134355 bytes %systemroot%\System32 .tmp files removed: 117460608 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23434286 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 69925 bytes RecycleBin emptied: 180 bytes Total Files Cleaned = 263,00 mb OTM by OldTimer - Version 3.1.6.0 log created on 01182010_195159 Files moved on Reboot... Registry entries deleted on Reboot...
- le 18 janvier 2010
- 12 réponses
Comment éradiquer problème ?

astor82 a répondu à un(e) sujet de astor82 dans Analyses et éradication malwares

Bon j'ai copié le texte suivant : @echo off del Google Software Updater.job del ParetoLogic Anti-Virus PLUS.job del ParetoLogic Anti-Virus PLUS_dbsummary.job del ParetoLogic Registration.job del SA.DAT Exit dans un fichier texte "clic droit poste de travail" je l'ai nommé Clop1.bat car j'avais déjà (ou encore un fichier sur le bureau nommé Clop.bat). Une fois double cliqué dessus encore très très rapide exécution (tout juste visible. Concernant les fichiers paretologic virus plus je les avais effacé manuellement avant après une recherche dans "rechercher" de Windows. RAPPORT DE RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by cathy at 2010-01-18 19:13:07 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 57 GB (60%) free of 95 GB Total RAM: 1023 MB (48% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:23, on 18/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\cathy\Bureau\RSIT.exe C:\Program Files\trend micro\cathy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124469140515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124471908906 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\fontext32.dll O20 - Winlogon Notify: 60d0b4cb724 - C:\WINDOWS\System32\fontext32.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe -- End of file - 9466 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\User_Feed_Synchronization-{41556BBF-4CB2-42CF-A381-DAB95F9EC07C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-27 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-09-22 315736] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-06 8523776] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-02 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\System32\fontext32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\60d0b4cb724] C:\WINDOWS\System32\fontext32.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-09-22 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOWS\system32\srr [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax" "C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting" "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax" "C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting" "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" ======List of files/folders created in the last 1 months====== 2010-01-18 16:38:58 ----D---- C:\Documents and Settings\cathy\Application Data\Malwarebytes 2010-01-18 16:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-01-18 16:38:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-18 16:13:56 ----A---- C:\cleannavi.txt 2010-01-18 13:51:16 ----A---- C:\lopR.txt 2010-01-18 13:50:12 ----D---- C:\Lop SD 2010-01-18 12:59:09 ----D---- C:\Program Files\trend micro 2010-01-18 12:59:08 ----D---- C:\rsit 2010-01-17 23:50:44 ----A---- C:\rollback.ini 2010-01-15 15:19:54 ----D---- C:\Program Files\Kaspersky Lab 2010-01-15 15:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2010-01-15 15:17:02 ----D---- C:\KAV 2010-01-14 21:05:50 ----A---- C:\WINDOWS\system32\MRT.INI 2009-12-27 19:54:42 ----D---- C:\Documents and Settings\cathy\Application Data\WinRAR 2009-12-27 19:52:58 ----SH---- C:\WINDOWS\system32\unrar.exe 2009-12-27 19:52:58 ----D---- C:\WINDOWS\system32\1390597036 2009-12-27 19:52:57 ----SHD---- C:\Documents and Settings\cathy\Application Data\SystemProc ======List of files/folders modified in the last 1 months====== 2010-01-18 18:50:42 ----SD---- C:\WINDOWS\Tasks 2010-01-18 18:00:08 ----D---- C:\WINDOWS\Prefetch 2010-01-18 17:32:02 ----D---- C:\WINDOWS\Temp 2010-01-18 17:29:06 ----D---- C:\WINDOWS\system32\drivers 2010-01-18 17:29:06 ----D---- C:\WINDOWS\system32 2010-01-18 17:28:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-18 17:27:22 ----D---- C:\Program Files\Fichiers communs 2010-01-18 17:27:21 ----D---- C:\WINDOWS 2010-01-18 16:38:51 ----RD---- C:\Program Files 2010-01-18 11:25:36 ----SHD---- C:\Config.Msi 2010-01-18 01:58:16 ----SHD---- C:\WINDOWS\Installer 2010-01-17 22:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2010-01-16 03:38:56 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-15 18:11:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-15 18:10:50 ----A---- C:\WINDOWS\system32\pubprn.vbs 2010-01-15 17:46:05 ----D---- C:\WINDOWS\Help 2010-01-15 17:46:04 ----D---- C:\WINDOWS\nview 2010-01-15 17:44:09 ----HD---- C:\WINDOWS\inf 2010-01-15 17:43:19 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-01-15 17:42:54 ----D---- C:\WINDOWS\system 2010-01-15 15:29:18 ----A---- C:\WINDOWS\bdagent.INI 2010-01-15 15:19:55 ----SHD---- C:\System Volume Information 2010-01-15 14:38:37 ----SHD---- C:\RECYCLER 2010-01-15 12:34:22 ----SHD---- C:\Documents and Settings\cathy\Application Data\Microsoft 2010-01-15 10:49:24 ----D---- C:\Program Files\CCleaner 2010-01-15 09:42:20 ----D---- C:\OfficeUser 2010-01-15 09:06:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-01-15 09:06:18 ----RSD---- C:\WINDOWS\assembly 2010-01-15 09:04:48 ----RSD---- C:\WINDOWS\Fonts 2010-01-15 09:04:43 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2010-01-15 09:04:15 ----D---- C:\Program Files\Microsoft Works 2010-01-15 09:02:04 ----A---- C:\WINDOWS\win.ini 2010-01-15 08:11:16 ----D---- C:\WINDOWS\Debug 2010-01-15 08:04:14 ----D---- C:\WINDOWS\AppPatch 2010-01-14 21:07:20 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe 2010-01-04 17:24:36 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-30 13:44:38 ----D---- C:\Program Files\Red Kawa 2009-12-27 22:35:31 ----D---- C:\WINDOWS\network diagnostic 2009-12-27 20:32:30 ----D---- C:\Documents and Settings\cathy\Application Data\LimeWire ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys [] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-15 223760] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-10-27 43008] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2009-09-03 24848] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-06 7429088] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 s3m;s3m; C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-09-22 315736] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-06 155716] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe [2007-05-01 131256] S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe [2007-05-01 1216704] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Quant au fichier info.txt qui est dans c:\rsit il est de 12h59 je ne l'ai donc pas copié. Quant à la fenêtre "cmd.exe absente ou manquante je ne me souviens plus exactement" on verra bien si cela est réparé ou pas ( A bientôt de vous lire
- le 18 janvier 2010
- 12 réponses
Comment éradiquer problème ?

astor82 a répondu à un(e) sujet de astor82 dans Analyses et éradication malwares

Bon j'ai enfin compris la manip concernant le lop.bat voici le rapport Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est 60D0-B4CB R‚pertoire de C:\WINDOWS\tasks 18/01/2010 17:29 <REP> . 18/01/2010 17:29 <REP> .. 25/08/2008 14:19 284 AppleSoftwareUpdate.job 05/08/2004 13:00 65 desktop.ini 18/01/2010 17:29 1ÿ000 Google Software Updater.job 18/01/2010 02:00 466 ParetoLogic Anti-Virus PLUS.job 18/01/2010 18:00 442 ParetoLogic Anti-Virus PLUS_dbsummary.job 18/01/2010 18:00 458 ParetoLogic Registration.job 18/01/2010 17:29 6 SA.DAT 18/01/2010 17:35 432 User_Feed_Synchronization-{41556BBF-4CB2-42CF-A381-DAB95F9EC07C}.job 8 fichier(s) 3ÿ153 octets R‚pertoire de C:\Documents and Settings\cathy\Bureau Concernant le rapport Clop.bat je n'arrive pas à ouvrir le fichier, en effet quand je double clique sur l'icone Clop.bat j'ai une ouverture de fenêtre type dos mais qui se ferme ultrarapidement (moins d'une seconde). A savoir avant de faire cette manip j'ai eu une fenêtre du type cmd.exe absente (ce qui m'inspire peu ((( Quant au rapport Navilog veuillez m'excuser j'ai oublier de le joindre rapport Navilog Fix Navipromo version 4.0.6 commencé le 18/01/2010 16:13:56,26 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : cathy ( Administrator ) BOOT : Normal boot Antivirus : Kaspersky Anti-Virus 6.0.4.1212 (Not Activated) Firewall : Kaspersky Anti-Virus 6.0.4.1212 (Not Activated) C:\ (Local Disk) - NTFS - Total:92 Go (Free:55 Go) D:\ (Local Disk) - NTFS - Total:86 Go (Free:85 Go) E:\ (Local Disk) - FAT32 - Total:6 Go (Free:3 Go) F:\ (CD or DVD) G:\ (USB) H:\ (USB) I:\ (USB) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur c:\docume~1\cathy\locals~1\applic~1\nmmccbhg.dat supprimé ! c:\docume~1\cathy\locals~1\applic~1\nmmccbhg_nav.dat supprimé ! c:\docume~1\cathy\locals~1\applic~1\nmmccbhg_navps.dat supprimé ! Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\cathy\locals~1\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Scan terminé 18/01/2010 16:18:26,67 *** Encore merci pour votre patience )
- le 18 janvier 2010
- 12 réponses
Comment éradiquer problème ?

astor82 a répondu à un(e) sujet de astor82 dans Analyses et éradication malwares

A l'attention de Pear, Merci pour votre aide ci-après les rapports log R --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : cathy ( Administrator ) BOOT : Normal boot Antivirus : Kaspersky Anti-Virus 6.0.4.1212 (Not Activated) Firewall : Kaspersky Anti-Virus 6.0.4.1212 (Not Activated) C:\ (Local Disk) - NTFS - Total:92 Go (Free:55 Go) D:\ (Local Disk) - NTFS - Total:86 Go (Free:85 Go) E:\ (Local Disk) - FAT32 - Total:6 Go (Free:3 Go) F:\ (CD or DVD) G:\ (USB) H:\ (USB) I:\ (USB) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 18/01/2010|16:00 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\cathy\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk Supprime! - C:\DOCUME~1\cathy\MENUDM~1\PROGRA~1\BitDownload - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Supprime! - C:\Program Files\Viewpoint Supprime! - C:\DOCUME~1\cathy\APPLIC~1\Viewpoint Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [28/03/2009|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [20/09/2009|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} [26/08/2009|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [23/03/2009|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [19/08/2005|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [06/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [01/11/2007|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [01/11/2008|23:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [15/03/2008|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [14/02/2006|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [30/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp [27/08/2009|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [17/01/2010|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater [30/10/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet Services [18/01/2010|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab [06/11/2009|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [15/01/2010|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [30/10/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon [10/11/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [13/05/2007|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [19/08/2005|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [15/03/2008|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [15/03/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [15/03/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [30/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15 [19/08/2005|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [03/09/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [31/08/2007|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller [06/03/2008|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [16/04/2007|19:52] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft [30/07/2007|11:04] C:\DOCUME~1\cathy\APPLIC~1\Adobe [14/01/2007|11:51] C:\DOCUME~1\cathy\APPLIC~1\AdobeUM [27/01/2007|20:56] C:\DOCUME~1\cathy\APPLIC~1\Ahead [06/02/2006|17:35] C:\DOCUME~1\cathy\APPLIC~1\AOL [20/09/2009|14:25] C:\DOCUME~1\cathy\APPLIC~1\Apple Computer [27/02/2006|14:11] C:\DOCUME~1\cathy\APPLIC~1\ArcSoft [22/02/2009|16:59] C:\DOCUME~1\cathy\APPLIC~1\Canon [29/01/2007|19:18] C:\DOCUME~1\cathy\APPLIC~1\Creative [14/02/2006|20:03] C:\DOCUME~1\cathy\APPLIC~1\CyberLink [02/06/2007|22:03] C:\DOCUME~1\cathy\APPLIC~1\Google [27/02/2006|14:23] C:\DOCUME~1\cathy\APPLIC~1\Help [19/08/2005|16:39] C:\DOCUME~1\cathy\APPLIC~1\Identities [14/03/2008|18:19] C:\DOCUME~1\cathy\APPLIC~1\Kptic [16/10/2007|17:10] C:\DOCUME~1\cathy\APPLIC~1\Leadertech [27/12/2009|20:32] C:\DOCUME~1\cathy\APPLIC~1\LimeWire [19/08/2005|17:22] C:\DOCUME~1\cathy\APPLIC~1\Macromedia [15/01/2010|12:34] C:\DOCUME~1\cathy\APPLIC~1\Microsoft [09/04/2006|15:06] C:\DOCUME~1\cathy\APPLIC~1\Microsoft Web Folders [21/04/2007|11:43] C:\DOCUME~1\cathy\APPLIC~1\Mozilla [21/06/2006|13:38] C:\DOCUME~1\cathy\APPLIC~1\MSNInstaller [16/04/2007|19:52] C:\DOCUME~1\cathy\APPLIC~1\MySpace [30/10/2008|18:33] C:\DOCUME~1\cathy\APPLIC~1\Nikon [19/08/2005|17:04] C:\DOCUME~1\cathy\APPLIC~1\Real [15/03/2008|13:52] C:\DOCUME~1\cathy\APPLIC~1\ScanSoft [21/04/2007|11:44] C:\DOCUME~1\cathy\APPLIC~1\SecondLife [19/08/2005|17:32] C:\DOCUME~1\cathy\APPLIC~1\Sun [15/01/2010|12:36] C:\DOCUME~1\cathy\APPLIC~1\SystemProc [12/05/2008|09:37] C:\DOCUME~1\cathy\APPLIC~1\TaoUSign [04/11/2006|11:43] C:\DOCUME~1\cathy\APPLIC~1\Teleca [07/02/2006|18:02] C:\DOCUME~1\cathy\APPLIC~1\Template [27/12/2009|19:54] C:\DOCUME~1\cathy\APPLIC~1\WinRAR [19/08/2005|17:33] C:\DOCUME~1\cathy\APPLIC~1\You've Got Pictures Screensaver [19/08/2005|18:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe [19/08/2005|17:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead [06/02/2006|17:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL [05/10/2005|08:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink [19/08/2005|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [19/08/2005|17:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [05/10/2005|08:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [19/08/2005|17:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [19/08/2005|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun [19/08/2005|17:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver [19/08/2005|16:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [19/08/2005|16:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [16/04/2007|19:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft [07/02/2007|18:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real [12/02/2006|12:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [17/01/2010 23:53][--a------] C:\WINDOWS\tasks\ParetoLogic Registration.job [17/01/2010 23:13][--a------] C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job [18/01/2010 02:00][--a------] C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job [18/01/2010 11:26][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{41556BBF-4CB2-42CF-A381-DAB95F9EC07C}.job [18/01/2010 15:58][--a------] C:\WINDOWS\tasks\Google Software Updater.job [25/08/2008 14:19][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [18/01/2010 15:32][--ah-----] C:\WINDOWS\tasks\SA.DAT --------------------\\ Listing des dossiers dans C:\Program Files [23/03/2009|21:57] C:\Program Files\Adobe [12/03/2008|16:19] C:\Program Files\Ahead [25/08/2008|14:19] C:\Program Files\Apple Software Update [15/03/2008|13:50] C:\Program Files\ArcSoft [06/06/2008|16:54] C:\Program Files\Audacity [08/02/2008|20:39] C:\Program Files\AviSynth 2.5 [13/01/2008|16:13] C:\Program Files\BitComet [28/03/2009|16:31] C:\Program Files\Bonjour [15/03/2008|13:49] C:\Program Files\Canon [15/01/2010|10:49] C:\Program Files\CCleaner [13/02/2009|21:27] C:\Program Files\Creative [05/10/2005|08:38] C:\Program Files\CyberLink [08/02/2008|19:42] C:\Program Files\EA GAMES [07/03/2009|20:23] C:\Program Files\eMule [18/01/2010|15:39] C:\Program Files\Fichiers communs [06/02/2006|18:44] C:\Program Files\Free.fr [07/08/2009|11:37] C:\Program Files\Google [19/08/2005|18:07] C:\Program Files\HighMAT CD Writing Wizard [05/10/2005|08:38] C:\Program Files\Home Cinema [12/06/2009|23:24] C:\Program Files\InstallShield Installation Information [19/08/2005|16:49] C:\Program Files\Intel [09/12/2009|23:05] C:\Program Files\Internet Explorer [20/09/2009|14:16] C:\Program Files\iPod [20/09/2009|14:17] C:\Program Files\iTunes [24/05/2009|19:34] C:\Program Files\Java [15/01/2010|15:34] C:\Program Files\Kaspersky Lab [03/06/2007|08:39] C:\Program Files\Lavalys [07/12/2005|14:40] C:\Program Files\Learn2.com [19/08/2005|16:53] C:\Program Files\Medion Tools [12/10/2008|09:39] C:\Program Files\Messenger [06/11/2009|20:50] C:\Program Files\Microsoft [09/04/2006|15:08] C:\Program Files\Microsoft Encarta [09/04/2006|15:05] C:\Program Files\microsoft frontpage [27/10/2009|21:22] C:\Program Files\Microsoft Office [27/10/2009|21:22] C:\Program Files\Microsoft Visual Studio [15/01/2010|09:04] C:\Program Files\Microsoft Works [09/04/2006|14:57] C:\Program Files\Microsoft Works Suite 2000 [27/10/2009|21:21] C:\Program Files\Microsoft.NET [12/10/2008|09:35] C:\Program Files\Movie Maker [23/08/2009|21:41] C:\Program Files\MSBuild [21/06/2006|13:38] C:\Program Files\MSN [19/08/2005|16:37] C:\Program Files\MSN Gaming Zone [25/11/2009|13:59] C:\Program Files\MSXML 4.0 [12/06/2009|23:20] C:\Program Files\Musicmatch [14/03/2008|18:18] C:\Program Files\Neonumeric [12/10/2008|09:32] C:\Program Files\NetMeeting [30/10/2008|18:25] C:\Program Files\Nikon [07/12/2005|14:22] C:\Program Files\OfficeUpdate11 [19/08/2005|16:37] C:\Program Files\Online Services [13/08/2009|06:10] C:\Program Files\Outlook Express [05/09/2006|17:34] C:\Program Files\PhotoFiltre [20/09/2009|14:10] C:\Program Files\QuickTime [19/08/2005|17:03] C:\Program Files\Real [30/12/2009|13:44] C:\Program Files\Red Kawa [23/08/2009|21:41] C:\Program Files\Reference Assemblies [26/08/2009|17:34] C:\Program Files\Safari [15/03/2008|13:51] C:\Program Files\ScanSoft [19/08/2005|16:38] C:\Program Files\Services en ligne [03/06/2007|09:27] C:\Program Files\SiSoftware [07/12/2005|14:31] C:\Program Files\StarOffice7 [18/01/2010|12:59] C:\Program Files\trend micro [20/09/2009|14:11] C:\Program Files\Utilitaire de configuration iPhone [16/01/2008|19:02] C:\Program Files\Videora [15/03/2008|19:02] C:\Program Files\VideoraiPodConverter [08/02/2008|19:38] C:\Program Files\WinAVI MP4 Converter [19/08/2005|17:13] C:\Program Files\Windows Journal Viewer [06/11/2009|20:49] C:\Program Files\Windows Live [06/11/2009|20:50] C:\Program Files\Windows Live SkyDrive [03/09/2006|18:22] C:\Program Files\Windows Live Toolbar [07/12/2005|14:06] C:\Program Files\Windows Media Connect [16/12/2006|13:03] C:\Program Files\Windows Media Connect 2 [11/03/2009|18:07] C:\Program Files\Windows Media Player [12/10/2008|09:32] C:\Program Files\Windows NT [19/08/2005|16:39] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [23/03/2009|21:57] C:\Program Files\Fichiers communs\Adobe [05/10/2005|08:41] C:\Program Files\Fichiers communs\Ahead [13/02/2009|21:26] C:\Program Files\Fichiers communs\AOL [20/09/2009|14:16] C:\Program Files\Fichiers communs\Apple [27/10/2009|21:22] C:\Program Files\Fichiers communs\DESIGNER [04/11/2006|11:38] C:\Program Files\Fichiers communs\InstallShield [07/12/2005|14:10] C:\Program Files\Fichiers communs\Java [15/01/2010|09:04] C:\Program Files\Fichiers communs\Microsoft Shared [19/08/2005|16:38] C:\Program Files\Fichiers communs\MSSoap [30/10/2008|18:23] C:\Program Files\Fichiers communs\muvee Technologies [05/10/2005|08:42] C:\Program Files\Fichiers communs\Nero [30/10/2008|18:27] C:\Program Files\Fichiers communs\Nikon [07/12/2005|14:39] C:\Program Files\Fichiers communs\Nullsoft [27/10/2009|21:21] C:\Program Files\Fichiers communs\ODBC [04/01/2010|17:25] C:\Program Files\Fichiers communs\PersonalSecUninstall [07/12/2005|14:32] C:\Program Files\Fichiers communs\Real [15/03/2008|13:52] C:\Program Files\Fichiers communs\ScanSoft Shared [19/08/2005|16:38] C:\Program Files\Fichiers communs\Services [19/08/2005|18:34] C:\Program Files\Fichiers communs\SpeechEngines [27/10/2009|21:26] C:\Program Files\Fichiers communs\System [12/06/2009|23:23] C:\Program Files\Fichiers communs\Teleca Shared [06/11/2009|20:48] C:\Program Files\Fichiers communs\Windows Live [06/03/2008|19:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller [07/12/2005|14:33] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 31 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-18 16:02:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 261 --------------------\\ Recherche d'autres infections C:\DOCUME~1\cathy\LOCALS~1\APPLIC~1\nmmccbhg.dat C:\DOCUME~1\cathy\LOCALS~1\APPLIC~1\nmmccbhg_nav.dat C:\DOCUME~1\cathy\LOCALS~1\APPLIC~1\nmmccbhg_navps.dat ==> EGDACCESS <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\cathy\Mes documents\Mes Historiques de Conversation\septembre 2009\exotikcrack@hotmail.fr.html [F:1][D:1]-> C:\DOCUME~1\cathy\LOCALS~1\Temp [F:26][D:0]-> C:\DOCUME~1\cathy\Cookies [F:481][D:4]-> C:\DOCUME~1\cathy\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 18/01/2010|13:54 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 18/01/2010|15:53 - Option : [1] 3 - "C:\Lop SD\LopR_3.txt" - 18/01/2010|16:03 - Option : [2] --------------------\\ Fin du rapport a 16:03:23 Pour info : je n'ai pas réussi et pas compris la démarche "Les tâches LOP (*.job) sont bien cachées .... ............ jusqu'à Enregistrer sous Clop.bat Double clic pour lancer" Rapport MBAM Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3590 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/01/2010 17:27:22 mbam-log-2010-01-18 (17-27-22).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 207429 Temps écoulé: 36 minute(s), 15 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 25 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fcf819d-9d92-4987-abcd-e24dbef11719} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0fcf819d-9d92-4987-abcd-e24dbef11719} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fcf819d-9d92-4987-abcd-e24dbef11719} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\local service (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully. C:\Program Files\Fichiers communs\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\ccfgnt32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\comrepl32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cards32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi982183569v4 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi982183569v4.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi982183569v6 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi982183569v6.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi982183569v7 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mi982183569v7.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu982183569v5 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\mu982183569v5.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v0 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v0.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v1.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v2 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v2.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\wu982183569v3.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_i982183569v4 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_i982183569v7 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u982183569v3 (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SysWoW32\_u982183569v5 (Worm.Archive) -> Quarantined and deleted successfully. C:\Program Files\Fichiers communs\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully. C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully. Merci pour vos prochains commentaires
- le 18 janvier 2010
- 12 réponses
Comment éradiquer problème ?

astor82 a répondu à un(e) sujet de astor82 dans Analyses et éradication malwares

A l'attention de Pear, Avant de continuer la démarche prescrite je préferais avoir votre avis j'ai copie le rapport log s&d avec option recherche 1 (voir ci dessous) et je m'aperçois que j'ai a-squared actif, avant d'aller plus loin dois-je le désactiver (le desinstaler) ou puis-je continuer ainsi ? je vois que j'ai aussi une tâche résidente de Paretologic Antivirus plus que j'avais instalé puis désinstalé hier ! L'option 2 suppression de log s&d ne s'applique que si on a un pb de bureau qui n'apparait pas ? --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : cathy ( Administrator ) BOOT : Normal boot Antivirus : a-squared Anti-Malware 4 (Activated) Firewall : Kaspersky Anti-Virus 6.0.4.1212 (Not Activated) C:\ (Local Disk) - NTFS - Total:92 Go (Free:55 Go) D:\ (Local Disk) - NTFS - Total:86 Go (Free:85 Go) E:\ (Local Disk) - FAT32 - Total:6 Go (Free:3 Go) F:\ (CD or DVD) G:\ (USB) H:\ (USB) I:\ (USB) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 18/01/2010|13:51 ) --------------------\\ Listing des dossiers dans APPLIC~1 [28/03/2009|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [20/09/2009|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} [26/08/2009|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [23/03/2009|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [19/08/2005|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [06/02/2006|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [01/11/2007|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [01/11/2008|23:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [15/03/2008|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [14/02/2006|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [30/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp [27/08/2009|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [17/01/2010|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater [30/10/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet Services [18/01/2010|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab [06/11/2009|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [15/01/2010|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [30/10/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon [10/11/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [18/01/2010|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic [13/05/2007|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [19/08/2005|17:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [15/03/2008|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [16/01/2010|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [15/03/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [15/03/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [30/10/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15 [07/12/2005|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [19/08/2005|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [03/09/2006|18:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [31/08/2007|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller [06/03/2008|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [16/04/2007|19:52] C:\DOCUME~1\APPLIC~1\APPLIC~1\Microsoft [30/07/2007|11:04] C:\DOCUME~1\cathy\APPLIC~1\Adobe [14/01/2007|11:51] C:\DOCUME~1\cathy\APPLIC~1\AdobeUM [27/01/2007|20:56] C:\DOCUME~1\cathy\APPLIC~1\Ahead [06/02/2006|17:35] C:\DOCUME~1\cathy\APPLIC~1\AOL [20/09/2009|14:25] C:\DOCUME~1\cathy\APPLIC~1\Apple Computer [27/02/2006|14:11] C:\DOCUME~1\cathy\APPLIC~1\ArcSoft [22/02/2009|16:59] C:\DOCUME~1\cathy\APPLIC~1\Canon [29/01/2007|19:18] C:\DOCUME~1\cathy\APPLIC~1\Creative [14/02/2006|20:03] C:\DOCUME~1\cathy\APPLIC~1\CyberLink [02/06/2007|22:03] C:\DOCUME~1\cathy\APPLIC~1\Google [27/02/2006|14:23] C:\DOCUME~1\cathy\APPLIC~1\Help [19/08/2005|16:39] C:\DOCUME~1\cathy\APPLIC~1\Identities [14/03/2008|18:19] C:\DOCUME~1\cathy\APPLIC~1\Kptic [16/10/2007|17:10] C:\DOCUME~1\cathy\APPLIC~1\Leadertech [27/12/2009|20:32] C:\DOCUME~1\cathy\APPLIC~1\LimeWire [19/08/2005|17:22] C:\DOCUME~1\cathy\APPLIC~1\Macromedia [15/01/2010|12:34] C:\DOCUME~1\cathy\APPLIC~1\Microsoft [09/04/2006|15:06] C:\DOCUME~1\cathy\APPLIC~1\Microsoft Web Folders [21/04/2007|11:43] C:\DOCUME~1\cathy\APPLIC~1\Mozilla [21/06/2006|13:38] C:\DOCUME~1\cathy\APPLIC~1\MSNInstaller [16/04/2007|19:52] C:\DOCUME~1\cathy\APPLIC~1\MySpace [30/10/2008|18:33] C:\DOCUME~1\cathy\APPLIC~1\Nikon [19/08/2005|17:04] C:\DOCUME~1\cathy\APPLIC~1\Real [15/03/2008|13:52] C:\DOCUME~1\cathy\APPLIC~1\ScanSoft [21/04/2007|11:44] C:\DOCUME~1\cathy\APPLIC~1\SecondLife [19/08/2005|17:32] C:\DOCUME~1\cathy\APPLIC~1\Sun [15/01/2010|12:36] C:\DOCUME~1\cathy\APPLIC~1\SystemProc [12/05/2008|09:37] C:\DOCUME~1\cathy\APPLIC~1\TaoUSign [04/11/2006|11:43] C:\DOCUME~1\cathy\APPLIC~1\Teleca [07/02/2006|18:02] C:\DOCUME~1\cathy\APPLIC~1\Template [18/06/2008|06:28] C:\DOCUME~1\cathy\APPLIC~1\Viewpoint [27/12/2009|19:54] C:\DOCUME~1\cathy\APPLIC~1\WinRAR [19/08/2005|17:33] C:\DOCUME~1\cathy\APPLIC~1\You've Got Pictures Screensaver [19/08/2005|18:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe [19/08/2005|17:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead [06/02/2006|17:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL [05/10/2005|08:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink [19/08/2005|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [19/08/2005|17:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [05/10/2005|08:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [19/08/2005|17:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [19/08/2005|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun [19/08/2005|17:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver [19/08/2005|16:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [19/08/2005|16:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [16/04/2007|19:52] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft [07/02/2007|18:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real [12/02/2006|12:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [17/01/2010 23:53][--a------] C:\WINDOWS\tasks\ParetoLogic Registration.job [17/01/2010 23:13][--a------] C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job [18/01/2010 02:00][--a------] C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job [18/01/2010 11:26][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{41556BBF-4CB2-42CF-A381-DAB95F9EC07C}.job [18/01/2010 12:41][--a------] C:\WINDOWS\tasks\Google Software Updater.job [25/08/2008 14:19][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [18/01/2010 11:25][--ah-----] C:\WINDOWS\tasks\SA.DAT --------------------\\ Listing des dossiers dans C:\Program Files [23/03/2009|21:57] C:\Program Files\Adobe [12/03/2008|16:19] C:\Program Files\Ahead [25/08/2008|14:19] C:\Program Files\Apple Software Update [15/03/2008|13:50] C:\Program Files\ArcSoft [15/01/2010|23:44] C:\Program Files\a-squared Anti-Malware [06/06/2008|16:54] C:\Program Files\Audacity [08/02/2008|20:39] C:\Program Files\AviSynth 2.5 [13/01/2008|16:13] C:\Program Files\BitComet [08/02/2008|17:59] C:\Program Files\BitDefender [28/03/2009|16:31] C:\Program Files\Bonjour [15/03/2008|13:49] C:\Program Files\Canon [15/01/2010|10:49] C:\Program Files\CCleaner [13/02/2009|21:27] C:\Program Files\Creative [05/10/2005|08:38] C:\Program Files\CyberLink [08/02/2008|19:42] C:\Program Files\EA GAMES [07/03/2009|20:23] C:\Program Files\eMule [17/01/2010|23:09] C:\Program Files\Fichiers communs [06/02/2006|18:44] C:\Program Files\Free.fr [07/08/2009|11:37] C:\Program Files\Google [19/08/2005|18:07] C:\Program Files\HighMAT CD Writing Wizard [05/10/2005|08:38] C:\Program Files\Home Cinema [12/06/2009|23:24] C:\Program Files\InstallShield Installation Information [19/08/2005|16:49] C:\Program Files\Intel [09/12/2009|23:05] C:\Program Files\Internet Explorer [20/09/2009|14:16] C:\Program Files\iPod [20/09/2009|14:17] C:\Program Files\iTunes [24/05/2009|19:34] C:\Program Files\Java [15/01/2010|15:34] C:\Program Files\Kaspersky Lab [03/06/2007|08:39] C:\Program Files\Lavalys [07/12/2005|14:40] C:\Program Files\Learn2.com [19/08/2005|16:53] C:\Program Files\Medion Tools [12/10/2008|09:39] C:\Program Files\Messenger [06/11/2009|20:50] C:\Program Files\Microsoft [09/04/2006|15:08] C:\Program Files\Microsoft Encarta [09/04/2006|15:05] C:\Program Files\microsoft frontpage [27/10/2009|21:22] C:\Program Files\Microsoft Office [27/10/2009|21:22] C:\Program Files\Microsoft Visual Studio [15/01/2010|09:04] C:\Program Files\Microsoft Works [09/04/2006|14:57] C:\Program Files\Microsoft Works Suite 2000 [27/10/2009|21:21] C:\Program Files\Microsoft.NET [12/10/2008|09:35] C:\Program Files\Movie Maker [23/08/2009|21:41] C:\Program Files\MSBuild [21/06/2006|13:38] C:\Program Files\MSN [19/08/2005|16:37] C:\Program Files\MSN Gaming Zone [25/11/2009|13:59] C:\Program Files\MSXML 4.0 [12/06/2009|23:20] C:\Program Files\Musicmatch [14/03/2008|18:18] C:\Program Files\Neonumeric [12/10/2008|09:32] C:\Program Files\NetMeeting [30/10/2008|18:25] C:\Program Files\Nikon [07/12/2005|14:22] C:\Program Files\OfficeUpdate11 [19/08/2005|16:37] C:\Program Files\Online Services [13/08/2009|06:10] C:\Program Files\Outlook Express [05/09/2006|17:34] C:\Program Files\PhotoFiltre [20/09/2009|14:10] C:\Program Files\QuickTime [19/08/2005|17:03] C:\Program Files\Real [30/12/2009|13:44] C:\Program Files\Red Kawa [23/08/2009|21:41] C:\Program Files\Reference Assemblies [26/08/2009|17:34] C:\Program Files\Safari [15/03/2008|13:51] C:\Program Files\ScanSoft [19/08/2005|16:38] C:\Program Files\Services en ligne [03/06/2007|09:27] C:\Program Files\SiSoftware [06/02/2006|17:39] C:\Program Files\Softwin [16/01/2010|10:54] C:\Program Files\Spybot - Search & Destroy [07/12/2005|14:31] C:\Program Files\StarOffice7 [18/01/2010|12:59] C:\Program Files\trend micro [20/09/2009|14:11] C:\Program Files\Utilitaire de configuration iPhone [16/01/2008|19:02] C:\Program Files\Videora [15/03/2008|19:02] C:\Program Files\VideoraiPodConverter [07/12/2005|14:40] C:\Program Files\Viewpoint [08/02/2008|19:38] C:\Program Files\WinAVI MP4 Converter [19/08/2005|17:13] C:\Program Files\Windows Journal Viewer [06/11/2009|20:49] C:\Program Files\Windows Live [06/11/2009|20:50] C:\Program Files\Windows Live SkyDrive [03/09/2006|18:22] C:\Program Files\Windows Live Toolbar [07/12/2005|14:06] C:\Program Files\Windows Media Connect [16/12/2006|13:03] C:\Program Files\Windows Media Connect 2 [11/03/2009|18:07] C:\Program Files\Windows Media Player [12/10/2008|09:32] C:\Program Files\Windows NT [19/08/2005|16:39] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [23/03/2009|21:57] C:\Program Files\Fichiers communs\Adobe [05/10/2005|08:41] C:\Program Files\Fichiers communs\Ahead [13/02/2009|21:26] C:\Program Files\Fichiers communs\AOL [20/09/2009|14:16] C:\Program Files\Fichiers communs\Apple [08/02/2008|17:59] C:\Program Files\Fichiers communs\BitDefender [27/10/2009|21:22] C:\Program Files\Fichiers communs\DESIGNER [04/11/2006|11:38] C:\Program Files\Fichiers communs\InstallShield [07/12/2005|14:10] C:\Program Files\Fichiers communs\Java [15/01/2010|09:04] C:\Program Files\Fichiers communs\Microsoft Shared [19/08/2005|16:38] C:\Program Files\Fichiers communs\MSSoap [30/10/2008|18:23] C:\Program Files\Fichiers communs\muvee Technologies [05/10/2005|08:42] C:\Program Files\Fichiers communs\Nero [30/10/2008|18:27] C:\Program Files\Fichiers communs\Nikon [07/12/2005|14:39] C:\Program Files\Fichiers communs\Nullsoft [27/10/2009|21:21] C:\Program Files\Fichiers communs\ODBC [18/01/2010|01:57] C:\Program Files\Fichiers communs\ParetoLogic [04/01/2010|17:25] C:\Program Files\Fichiers communs\PersonalSecUninstall [07/12/2005|14:32] C:\Program Files\Fichiers communs\Real [15/03/2008|13:52] C:\Program Files\Fichiers communs\ScanSoft Shared [19/08/2005|16:38] C:\Program Files\Fichiers communs\Services [13/02/2009|21:27] C:\Program Files\Fichiers communs\Softwin [19/08/2005|18:34] C:\Program Files\Fichiers communs\SpeechEngines [27/10/2009|21:26] C:\Program Files\Fichiers communs\System [12/06/2009|23:23] C:\Program Files\Fichiers communs\Teleca Shared [06/11/2009|20:48] C:\Program Files\Fichiers communs\Windows Live [06/03/2008|19:10] C:\Program Files\Fichiers communs\WindowsLiveInstaller [07/12/2005|14:33] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 34 Processes ) iexplore.exe ~ [PID:720] iexplore.exe ~ [PID:1824] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\cathy\MENUDM~1\PROGRA~1\BitDownload C:\DOCUME~1\cathy\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-18 13:53:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 261 --------------------\\ Recherche d'autres infections C:\DOCUME~1\cathy\LOCALS~1\APPLIC~1\nmmccbhg.dat C:\DOCUME~1\cathy\LOCALS~1\APPLIC~1\nmmccbhg_nav.dat C:\DOCUME~1\cathy\LOCALS~1\APPLIC~1\nmmccbhg_navps.dat ==> EGDACCESS <== --------------------\\ Cracks & Keygens .. C:\DOCUME~1\cathy\Mes documents\Mes Historiques de Conversation\septembre 2009\exotikcrack@hotmail.fr.html [F:12][D:3]-> C:\DOCUME~1\cathy\LOCALS~1\Temp [F:40][D:0]-> C:\DOCUME~1\cathy\Cookies [F:360][D:4]-> C:\DOCUME~1\cathy\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 18/01/2010|13:54 - Option : [1] --------------------\\ Fin du rapport a 13:54:41
- le 18 janvier 2010
- 12 réponses
Comment éradiquer problème ?

astor82 a répondu à un(e) sujet de astor82 dans Analyses et éradication malwares

Tout d'abord merci à Pear pour sa réponse ultra rapide voici le fichier log Logfile of random's system information tool 1.06 (written by random/random) Run by cathy at 2010-01-18 12:59:08 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 57 GB (60%) free of 95 GB Total RAM: 1023 MB (53% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:36, on 18/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\cathy\Bureau\RSIT.exe C:\Program Files\trend micro\cathy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {0FCF819D-9D92-4987-ABCD-E24DBEF11719} - C:\WINDOWS\System32\ccfgnt32.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\cathy\Application Data\SystemProc\lsass.exe O4 - HKLM\..\Policies\Explorer\Run: [Local Service] C:\Documents and Settings\cathy\Application Data\Microsoft\smss.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124469140515 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124471908906 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\fontext32.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll O20 - Winlogon Notify: 60d0b4cb724 - C:\WINDOWS\System32\fontext32.dll (file missing) O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe -- End of file - 10339 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS.job C:\WINDOWS\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job C:\WINDOWS\tasks\ParetoLogic Registration.job C:\WINDOWS\tasks\User_Feed_Synchronization-{41556BBF-4CB2-42CF-A381-DAB95F9EC07C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FCF819D-9D92-4987-ABCD-E24DBEF11719}] C:\WINDOWS\System32\ccfgnt32.dll [2010-01-15 192000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-27 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-09-22 315736] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-06 8523776] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "RTHDBPL"=C:\Documents and Settings\cathy\Application Data\SystemProc\lsass.exe [] "Local Service"=C:\Documents and Settings\cathy\Application Data\Microsoft\smss.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-02 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\System32\fontext32.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\60d0b4cb724] C:\WINDOWS\System32\fontext32.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-09-22 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOWS\system32\srr [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun_KL_notset"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax" "C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting" "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax" "C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "C:\Program Files\NetMeeting\Conf.exe"="C:\Program Files\NetMeeting\Conf.exe:*:enabled:NetMeeting" "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" ======List of files/folders created in the last 1 months====== 2010-01-18 12:59:09 ----D---- C:\Program Files\trend micro 2010-01-18 12:59:08 ----D---- C:\rsit 2010-01-17 23:50:44 ----A---- C:\rollback.ini 2010-01-17 23:09:20 ----D---- C:\Program Files\Fichiers communs\ParetoLogic 2010-01-17 23:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic 2010-01-16 10:50:46 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-01-16 10:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-15 21:43:43 ----D---- C:\Program Files\a-squared Anti-Malware 2010-01-15 18:01:11 ----A---- C:\WINDOWS\system32\cards32.dll 2010-01-15 17:13:14 ----A---- C:\WINDOWS\system32\comrepl32.dll 2010-01-15 15:19:54 ----D---- C:\Program Files\Kaspersky Lab 2010-01-15 15:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2010-01-15 15:17:02 ----D---- C:\KAV 2010-01-15 15:07:06 ----A---- C:\WINDOWS\system32\ccfgnt32.dll 2010-01-14 21:05:50 ----A---- C:\WINDOWS\system32\MRT.INI 2010-01-04 17:25:50 ----D---- C:\Program Files\Fichiers communs\PersonalSecUninstall 2009-12-27 21:52:12 ----A---- C:\WINDOWS\GnuHashes.ini 2009-12-27 19:54:42 ----D---- C:\Documents and Settings\cathy\Application Data\WinRAR 2009-12-27 19:54:30 ----SHD---- C:\WINDOWS\system32\SysWoW32 2009-12-27 19:52:58 ----SH---- C:\WINDOWS\system32\unrar.exe 2009-12-27 19:52:58 ----D---- C:\WINDOWS\system32\1390597036 2009-12-27 19:52:57 ----SHD---- C:\Documents and Settings\cathy\Application Data\SystemProc ======List of files/folders modified in the last 1 months====== 2010-01-18 12:59:11 ----D---- C:\WINDOWS\Temp 2010-01-18 12:59:09 ----RD---- C:\Program Files 2010-01-18 12:59:02 ----D---- C:\WINDOWS\Prefetch 2010-01-18 12:41:10 ----SD---- C:\WINDOWS\Tasks 2010-01-18 11:25:36 ----SHD---- C:\Config.Msi 2010-01-18 03:03:37 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-18 02:17:00 ----D---- C:\WINDOWS\system32\drivers 2010-01-18 01:58:16 ----SHD---- C:\WINDOWS\Installer 2010-01-18 01:57:34 ----D---- C:\WINDOWS\system32 2010-01-17 23:09:20 ----D---- C:\Program Files\Fichiers communs 2010-01-17 22:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2010-01-17 22:39:55 ----D---- C:\WINDOWS 2010-01-16 03:38:56 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-15 18:11:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-15 18:10:50 ----A---- C:\WINDOWS\system32\pubprn.vbs 2010-01-15 17:46:05 ----D---- C:\WINDOWS\Help 2010-01-15 17:46:04 ----D---- C:\WINDOWS\nview 2010-01-15 17:44:09 ----HD---- C:\WINDOWS\inf 2010-01-15 17:43:19 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-01-15 17:42:54 ----D---- C:\WINDOWS\system 2010-01-15 15:29:18 ----A---- C:\WINDOWS\bdagent.INI 2010-01-15 15:19:55 ----SHD---- C:\System Volume Information 2010-01-15 14:38:37 ----SHD---- C:\RECYCLER 2010-01-15 12:34:22 ----SHD---- C:\Documents and Settings\cathy\Application Data\Microsoft 2010-01-15 10:49:24 ----D---- C:\Program Files\CCleaner 2010-01-15 09:42:20 ----D---- C:\OfficeUser 2010-01-15 09:06:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-01-15 09:06:18 ----RSD---- C:\WINDOWS\assembly 2010-01-15 09:04:48 ----RSD---- C:\WINDOWS\Fonts 2010-01-15 09:04:43 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2010-01-15 09:04:15 ----D---- C:\Program Files\Microsoft Works 2010-01-15 09:02:04 ----A---- C:\WINDOWS\win.ini 2010-01-15 08:11:16 ----D---- C:\WINDOWS\Debug 2010-01-15 08:04:14 ----D---- C:\WINDOWS\AppPatch 2010-01-14 21:07:20 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe 2010-01-04 17:24:36 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-30 13:44:38 ----D---- C:\Program Files\Red Kawa 2009-12-27 22:35:31 ----D---- C:\WINDOWS\network diagnostic 2009-12-27 20:32:30 ----D---- C:\Documents and Settings\cathy\Application Data\LimeWire ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys [] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-15 223760] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-10-27 43008] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2009-09-03 24848] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-06 7429088] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [] S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys [] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 s3m;s3m; C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-09-22 315736] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-06 155716] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe [2007-05-01 131256] S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe [2007-05-01 1216704] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-01-18 12:59:40 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{807E8929-6BA3-4901-8F62-AB1195A644CA}\setup.exe" -l0x40c ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c a-squared Anti-Malware 4.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Atlas mondial Microsoft Encarta 2000-->"C:\Program Files\Microsoft Encarta\Atlas mondial Microsoft Encarta 2000\evgunnst.exe" /uninstall Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" BitComet 0.59-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini Canon MP150-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x000c Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CCleaner-->"C:\Program Files\CCleaner\uninst.exe" C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Complément Microsoft Word de Works Suite-->MsiExec.exe /I{0BE4B058-700D-11D3-B999-00C04F328D26} Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{8F023021-A7EB-45D3-9269-D65264C81729} Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{8F023021-A7EB-45D3-9269-D65264C81729} Kptic-->MsiExec.exe /X{4312AB5F-7C43-461E-B48B-EDFA6B9CD3D6} Lanceur du programme d'installation de Microsoft Works 2000 -->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe F:\ Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3} PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SiSoftware Sandra Lite XI.SP2 (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Outlook 2007 Junk Email Filter (kb977839)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C568005C-5FC6-4C81-A664-BD136610A931} Utilitaire de configuration iPhone-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1} Utilitaire de sauvegarde Windows-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Videora iPod classic Converter 5.03-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Kaspersky Anti-Virus AV: a-squared Anti-Malware FW: Kaspersky Anti-Virus ======System event log====== Computer Name: NOM-B1AF0E90865 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 100123 Source Name: EventLog Time Written: 20091211214105.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 100122 Source Name: EventLog Time Written: 20091210212001.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : arrêté. Record Number: 100121 Source Name: Service Control Manager Time Written: 20091210205912.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : en cours d'exécution. Record Number: 100120 Source Name: Service Control Manager Time Written: 20091210205800.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater. Record Number: 100119 Source Name: Service Control Manager Time Written: 20091210205800.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: NOM-B1AF0E90865 Event Code: 32068 Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Record Number: 24876 Source Name: Microsoft Fax Time Written: 20090918204039.000000+120 Event Type: Avertissement User: Computer Name: NOM-B1AF0E90865 Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 24875 Source Name: Microsoft Fax Time Written: 20090918204039.000000+120 Event Type: Avertissement User: Computer Name: NOM-B1AF0E90865 Event Code: 0 Message: Record Number: 24874 Source Name: gusvc Time Written: 20090918204024.000000+120 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 1 Message: Record Number: 24873 Source Name: Bonjour Service Time Written: 20090918204024.000000+120 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 0 Message: Record Number: 24872 Source Name: gusvc Time Written: 20090917221210.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Et voici le fichier info info.txt logfile of random's system information tool 1.06 2010-01-18 12:59:40 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{807E8929-6BA3-4901-8F62-AB1195A644CA}\setup.exe" -l0x40c ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c a-squared Anti-Malware 4.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} Atlas mondial Microsoft Encarta 2000-->"C:\Program Files\Microsoft Encarta\Atlas mondial Microsoft Encarta 2000\evgunnst.exe" /uninstall Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" BitComet 0.59-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini Canon MP150-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x000c Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CCleaner-->"C:\Program Files\CCleaner\uninst.exe" C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Complément Microsoft Word de Works Suite-->MsiExec.exe /I{0BE4B058-700D-11D3-B999-00C04F328D26} Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{8F023021-A7EB-45D3-9269-D65264C81729} Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{8F023021-A7EB-45D3-9269-D65264C81729} Kptic-->MsiExec.exe /X{4312AB5F-7C43-461E-B48B-EDFA6B9CD3D6} Lanceur du programme d'installation de Microsoft Works 2000 -->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe F:\ Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3} PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SiSoftware Sandra Lite XI.SP2 (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Outlook 2007 Junk Email Filter (kb977839)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C568005C-5FC6-4C81-A664-BD136610A931} Utilitaire de configuration iPhone-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1} Utilitaire de sauvegarde Windows-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Videora iPod classic Converter 5.03-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Kaspersky Anti-Virus AV: a-squared Anti-Malware FW: Kaspersky Anti-Virus ======System event log====== Computer Name: NOM-B1AF0E90865 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 100123 Source Name: EventLog Time Written: 20091211214105.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 100122 Source Name: EventLog Time Written: 20091210212001.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : arrêté. Record Number: 100121 Source Name: Service Control Manager Time Written: 20091210205912.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 7036 Message: Le service Google Software Updater est entré dans l'état : en cours d'exécution. Record Number: 100120 Source Name: Service Control Manager Time Written: 20091210205800.000000+060 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater. Record Number: 100119 Source Name: Service Control Manager Time Written: 20091210205800.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: NOM-B1AF0E90865 Event Code: 32068 Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Record Number: 24876 Source Name: Microsoft Fax Time Written: 20090918204039.000000+120 Event Type: Avertissement User: Computer Name: NOM-B1AF0E90865 Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 24875 Source Name: Microsoft Fax Time Written: 20090918204039.000000+120 Event Type: Avertissement User: Computer Name: NOM-B1AF0E90865 Event Code: 0 Message: Record Number: 24874 Source Name: gusvc Time Written: 20090918204024.000000+120 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 1 Message: Record Number: 24873 Source Name: Bonjour Service Time Written: 20090918204024.000000+120 Event Type: Informations User: Computer Name: NOM-B1AF0E90865 Event Code: 0 Message: Record Number: 24872 Source Name: gusvc Time Written: 20090917221210.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
- le 18 janvier 2010
- 12 réponses
Comment éradiquer problème ?

astor82 a posté un sujet dans Analyses et éradication malwares

Bonjour, Ne voyant plus aucune solution pour nettoyer l'ordinateur dont j'assure la maintenance, je fais donc appel aux connaissances des membres du forum. Diagnostique : quand je fais une recherche dans "Google" pour ne pas le nommer je suis redirigé vers un site (généralement porno) ou portail non désiré ((( Tentatives de réparations effectuées : Comme l'anvirus précédent BitDefender était proche de sa date d'expiration (restait une vingtaine de jours) je l'ai remplacé par Kaspersky workstation 6.0 MP4. Un scan avec Kaspersky ne donne rien le problème est identique ((( J'installe a-squared quasi la même chose J'installe spybot il me trouve certains virus et vers dont win32.Rungbu-a (c'est le seul dont je me me souviens), j'éradique mais le problème est toujours là ! Que faire ? Si quelqu'un pouvait m'aider à virer cette saleté, d'avance je l'en remercie.
- le 18 janvier 2010
- 12 réponses

Connexion

astor82

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par astor82

Comment éradiquer problème ?

Comment éradiquer problème ?

Comment éradiquer problème ?

Comment éradiquer problème ?

Comment éradiquer problème ?

Comment éradiquer problème ?

Comment éradiquer problème ?

Zebulon

Outils en ligne

Naviguer