Aller au contenu

VerdiosE

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Fr

VerdiosE's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. VerdiosE
    Nous pauffinerons la finalisation en MP si tu veux bien.
  2. VerdiosE
    Bit Defender (il n'est pas le seul) offre la possibilité de créer un coffre-fort pour y mettre des éléments secrets J'aimerais bien disposer d'un truc qui fonctionne dans l'autre sens : "Entré libre" - "Exit impossible" et utiliser ce dossier (tampon) pour les divers téléchargements.
  3. VerdiosE
    Bonjour Le sioux, Pas cool du tout en effet. Enfin , ce qui l'est encore moins c'est la politique Microsoft qui n'a pas voulu me fournir de CD d'installation en échange de mon N° (étiquette sur la tour) de série, de ma facture et des coordonnées d'enregistrement dans leur base de données sous prétexte que la licence est gérée par HP qui eux me répondent que cette tour n'est plus sous garantie. Haaaa bein merci le profit E t après, on s'étonne qu'il y a du piratage .... Pffff Hihi , j'avais enregistré le rapport avant de faire le bon choix.Oui les fichiers ont été mis aux oubliettes et le dossier de quarantaine à retrouvé sa légèreté des premiers jours ToolsCleaner --> Action - Fichiers TEMP effacés - Corbeille vidée - Point de restauration créé - Base de registre copiée Rapport ToolsCleaner [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\_OTM: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\Administrateur\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Program Files\ijackThis\HijackThis.exe: trouvé ! C:\Program Files\ijackThis\hijackthis.log: trouvé ! C:\Program Files\lorada\HijackThis.exe: trouvé ! C:\Program Files\lorada\hijackthis.log: trouvé ! C:\Program Files\trend micro\HijackThis.exe: trouvé ! C:\Program Files\trend micro\hijackthis.log: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\Administrateur\Bureau\OTM.exe: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Program Files\ijackThis\HijackThis.exe: supprimé ! C:\Program Files\lorada\HijackThis.exe: supprimé ! C:\Program Files\trend micro\HijackThis.exe: supprimé ! C:\Documents and Settings\Administrateur\Bureau\Rsit.exe: supprimé ! C:\Program Files\ijackThis\hijackthis.log: supprimé ! C:\Program Files\lorada\hijackthis.log: supprimé ! C:\Program Files\trend micro\hijackthis.log: supprimé ! C:\_OTM: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! Fichiers temporaires nettoyés ! Corbeille vidée! Point de restauration crée ! Sauvegarde du registre crée ! ------------------------------------------------------------------------------- Pour ce qui est de ma sécurité à venir... - Bitdefender est opérationnel - il semblerait que ce soit lui qui gère le pare-feu - un scan complet chaque semaine - les sites pornos ; "non merci !" - vigilence accrue sur les téléchargements sympas (vérification systématique avec BitDef. et AntiMal.) - Mise à jour manuellement - Utilisation Peer-to-Peer... y a pas pire ! Oui, mais j'ai Vuze depuis moins d'un mois et je ne l'ai même pas encore utilisé - vérifier les Plugins et autres codecs nécessaires sur des sites spécialisés "What else ?"___ dixit Georges C.
  4. VerdiosE
    OUF Plan de situation avant finalisation Ce n'est pas la première fois que mon PC fait les frais de manque de maitrise. J'ai, il y a quelques mois, installé une nouvelle carte graphique en rencontrant quelques difficultés. J'ai donc mis les pieds dans des fichiers system et ai pas mal bricolé avec divers drivers. Un peu trop même au point de planter mon système et de rendre mon OS irrécupérable puisque fournit dans une configuration HP originale (complètement modifiée depuis) et sans CD d'installation. J'ai alors pu obtenir un XP douteux auprès de mon cousin pour effectuer un reformatage (j'aime pas ça). Tout est alors rentré dans l'ordre (si on peut dire) si ce n'est que je n'ai pas pris la peine de réinstaller mon antivirus d' antan (BitDefender 2009) puisqu'il y avait déjà NOD32 sur la "douteuse" version d'OS. Suite à notre collaboration, j'ai désinstallé NOD32 pour remettre mon BitDefender (honnête) dont la licence n'expire que dans 400 jours. Ce dernier a été mis à jour et j'ai ré-effectué un contrôle Anti-Malware dont voici le rapport... Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3769 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 21/02/2010 14:58:16 mbam-log-2010-02-21 (14-58-04).txt Type de recherche: Examen rapide Eléments examinés: 111659 Temps écoulé: 4 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\okosrv (Worm.KoobFace) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OKOSRV (Worm.KoobFace) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\okogrp (Worm.KoobFace) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\conf21113.dat (KoobFace.Trace) -> No action taken. Je reconnais que cela va déjà beaucoup mieux Cela fait plus de 4Hr que mon câble réseau n'a pas été débranché et les pages que je visite sont bien celles qui correspondent.
  5. VerdiosE
    Cela ne semble pas encore être bon Rapport Kaspersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, February 21, 2010 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, February 21, 2010 08:53:10 Records in database: 3604269 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ L:\ Scan statistics: Objects scanned: 65888 Threats found: 5 Infected objects found: 6 Suspicious objects found: 0 Scan duration: 00:57:53 File name / Threat / Threats count C:\Program Files\Nod32\infected\FKZA5PDA.NQF Infected: Trojan-Dropper.Win32.Agent.bmqd 1 C:\Program Files\Nod32\infected\HO0W1WCA.NQF Infected: Trojan.Win32.Agent.digk 1 C:\Program Files\Nod32\infected\IPVWLUAA.NQF Infected: Net-Worm.Win32.Koobface.brr 1 C:\Program Files\Nod32\infected\L0IT5AAA.NQF Infected: Trojan-PSW.Win32.Agent.pgc 1 C:\Program Files\Nod32\infected\PIDHQLDA.NQF Infected: Trojan.Win32.Qhost.mlv 1 C:\Program Files\Nod32\infected\TLFFQUBA.NQF Infected: Trojan-Dropper.Win32.Agent.bmqd 1 Selected area has been scanned.
  6. VerdiosE
    Rapport OTM All processes killed ========== SERVICES/DRIVERS ========== Error: Unable to stop service oko6! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oko6 deleted successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ not found. ========== FILES ========== File/Folder C:\Program Files\SGPSA not found. C:\WINDOWS\rdr_1266221723.exe moved successfully. File/Folder C:\WINDOWS\system32\oko6.dll not found. C:\WINDOWS\system32\drivers\oko6.sys moved successfully. C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\tmp folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\shares folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\rss folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\plugins\azupnpav folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\plugins folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\net folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\logs folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\dht folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus\active folder moved successfully. C:\Documents and Settings\Administrateur\Application Data\Azureus folder moved successfully. C:\Program Files\Vuze\plugins\azupnpav folder moved successfully. C:\Program Files\Vuze\plugins\azupdater folder moved successfully. C:\Program Files\Vuze\plugins\azrating folder moved successfully. C:\Program Files\Vuze\plugins\azplugins folder moved successfully. C:\Program Files\Vuze\plugins\azemp folder moved successfully. C:\Program Files\Vuze\plugins folder moved successfully. C:\Program Files\Vuze\.install4j folder moved successfully. C:\Program Files\Vuze folder moved successfully. File/Folder C:\Program Files\Azureus not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 7657596 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 354937 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2428616 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 10,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02202010_171015 Files moved on Reboot... Registry entries deleted on Reboot... -->File/Folder C:\WINDOWS\system32\oko6.dll not found. Normal puisque le "killer" de MalwareBytes s'en est occupé. -------------------------------------------------------------------------------------------------------------------------------------- Second Rapport RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2010-02-20 17:32:14 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 151 GB (82%) free of 185 GB Total RAM: 2046 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:32:18, on 20/02/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Nod32\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Nod32\nod32kui.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\TweakRAM\TweakRAM.exe C:\Program Files\LClock\lclock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\LED\LedWallpaper\LedWallpaper.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ROCCAT\Kone Mouse\osd.exe C:\Program Files\Nod32\nod32.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\ijackThis\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [instantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Kone] "C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - S-1-5-18 Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe (User 'Default user') O4 - Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe -- End of file - 7732 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Driver Robot.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-682003330-500Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-682003330-500UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-01 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] LinksFolderName SaveLinksOrder Locked [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe [2006-07-30 121089] "nod32kui"=C:\Program Files\Nod32\nod32kui.exe [2009-11-15 921600] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-08-11 81920] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "InstantBurn"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600] "LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2009-11-30 557056] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-09-04 75048] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-04-16 62760] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304] "Kone"=C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE [2008-10-06 151552] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2006-09-13 201728] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-12-01 198160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2006-07-05 36864] "TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe [2006-04-15 907264] "LClock"=C:\Program Files\LClock\lclock.exe [2004-09-19 65536] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "Power2GoExpress"= [] "Google Update"=C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware] C:\Program Files\Ad-Aware\Ad-Aware.exe [2005-05-27 865280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-07-26 184408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2009-04-16 87336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk] C:\WINDOWS\system32\topdesk.exe [2006-11-06 195584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de détection de support PMB.lnk] C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-28 327680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "okosrv"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage LedWallpaper.lnk - C:\Program Files\LED\LedWallpaper\LedWallpaper.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoActiveDesktop"=00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" ======List of files/folders created in the last 1 months====== 2010-02-20 17:10:15 ----D---- C:\_OTM 2010-02-19 00:59:03 ----D---- C:\Program Files\ijackThis 2010-02-18 11:51:20 ----D---- C:\Program Files\lorada 2010-02-17 22:27:25 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2010-02-17 22:27:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-02-17 22:27:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-17 00:18:11 ----D---- C:\Program Files\trend micro 2010-02-17 00:18:10 ----D---- C:\rsit 2010-02-16 22:46:13 ----HD---- C:\WINDOWS\system32\GroupPolicy 2010-02-16 02:00:37 ----SHD---- C:\Config.Msi 2010-02-16 01:59:06 ----D---- C:\Program Files\Fichiers communs\BitDefender 2010-02-16 01:21:23 ----D---- C:\Program Files\Spyware Doctor 2010-02-13 10:42:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2010-02-08 15:24:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2010-02-07 10:27:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google 2010-02-07 10:25:16 ----D---- C:\Program Files\Google 2010-01-25 15:32:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\EPSON 2010-01-24 19:55:56 ----D---- C:\Program Files\Recuva 2010-01-24 18:57:51 ----D---- C:\Documents and Settings\Administrateur\Application Data\XnView 2010-01-24 18:56:15 ----D---- C:\Program Files\XnView 2010-01-24 18:40:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation 2010-01-24 18:23:01 ----D---- C:\Program Files\Sony 2010-01-24 17:44:52 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2010-01-24 17:40:53 ----D---- C:\Program Files\PicJet Studio 3.3.2 2010-01-22 09:06:37 ----D---- C:\Program Files\Fichiers communs\Adobe AIR ======List of files/folders modified in the last 1 months====== 2010-02-20 17:29:16 ----ASH---- C:\boot.ini 2010-02-20 17:29:16 ----A---- C:\WINDOWS\win.ini 2010-02-20 17:29:15 ----A---- C:\WINDOWS\system.ini 2010-02-20 17:29:06 ----A---- C:\WINDOWS\lgfwup.ini 2010-02-20 17:29:03 ----D---- C:\Program Files\lg_fwupdate 2010-02-20 17:28:43 ----D---- C:\WINDOWS\Temp 2010-02-20 17:27:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-20 17:27:02 ----D---- C:\WINDOWS\system32 2010-02-20 17:27:02 ----D---- C:\WINDOWS 2010-02-20 17:27:01 ----D---- C:\Program Files 2010-02-20 17:26:57 ----D---- C:\WINDOWS\system32\drivers 2010-02-20 01:46:19 ----A---- C:\WINDOWS\cdplayer.ini 2010-02-20 00:55:23 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-19 00:36:36 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp 2010-02-18 23:39:06 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-02-18 00:41:07 ----D---- C:\WINDOWS\Driver Cache 2010-02-17 01:20:06 ----D---- C:\WINDOWS\security 2010-02-17 00:31:43 ----D---- C:\WINDOWS\pss 2010-02-16 23:02:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2010-02-16 22:54:16 ----D---- C:\WINDOWS\Registration 2010-02-16 22:38:14 ----SD---- C:\WINDOWS\Tasks 2010-02-16 22:24:11 ----SHD---- C:\WINDOWS\Installer 2010-02-16 22:01:38 ----HD---- C:\WINDOWS\inf 2010-02-16 10:29:34 ----D---- C:\Program Files\Fichiers communs 2010-02-16 02:06:23 ----D---- C:\Program Files\Ad-Aware 2010-02-16 01:35:06 ----D---- C:\WINDOWS\Network Diagnostic 2010-02-16 01:21:29 ----D---- C:\WINDOWS\WinSxS 2010-02-15 23:15:57 ----D---- C:\Program Files\Internet Explorer 2010-02-15 10:02:16 ----D---- C:\Program Files\Fichiers communs\Ahead 2010-02-15 09:50:40 ----D---- C:\WINDOWS\Debug 2010-02-14 12:30:03 ----D---- C:\Program Files\Fichiers communs\Adobe 2010-02-14 12:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-02-13 09:39:00 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-13 09:38:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-12 22:17:52 ----D---- C:\Program Files\Les Sims 3 2010-02-09 21:05:32 ----D---- C:\Documents and Settings\All Users\Application Data\UDL 2010-01-25 15:48:21 ----D---- C:\WINDOWS\Microsoft.NET 2010-01-25 15:47:38 ----RSD---- C:\WINDOWS\assembly 2010-01-25 11:29:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-24 18:34:47 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2010-01-24 18:29:32 ----HD---- C:\Program Files\InstallShield Installation Information 2010-01-24 18:29:32 ----D---- C:\WINDOWS\system32\DirectX 2010-01-24 17:44:28 ----D---- C:\WINDOWS\system32\fr-fr 2010-01-24 17:40:34 ----D---- C:\WINDOWS\system32\XPSViewer 2010-01-24 17:40:31 ----D---- C:\WINDOWS\system32\en-us 2010-01-24 17:40:25 ----RSD---- C:\WINDOWS\Fonts 2010-01-24 00:32:07 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-22 09:06:52 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2010-01-22 09:06:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-10-09 36864] R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys [] R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys [] R1 CLBStor;InstantBurn Storage Helper Driver; C:\WINDOWS\system32\drivers\CLBStor.sys [2007-06-04 16048] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};Power Control [2009/12/04 15:34:45]; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\WINDOWS\system32\drivers\CLBUDF.sys [2007-06-04 162096] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-09 138752] R3 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 KoneFltr;ROCCAT Kone; C:\WINDOWS\system32\drivers\Kone.sys [2008-09-22 12672] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-17 31744] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-09-01 59264] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368] S3 BS_Flash;BS_Flash; \??\C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys [] S3 GPCIDrv;GPCIDrv; \??\C:\Program Files\GIGABYTE\atBIOS\GPCIDrv.sys [] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248] S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248] S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-01-11 3624832] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WINFLASH;WINFLASH; \??\C:\Program Files\BIOS\BIOS Flash\WinFlash.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112] R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-07-26 606316] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-06-27 79136] R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Nod32\nod32krn.exe [2009-11-15 507904] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 usnsvc;Service Messenger Sharing USN Journal Reader; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 okosrv;okosrv; C:\WINDOWS\sYSteM32\SvchOst.eXE [2004-08-04 14336] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016] -----------------EOF----------------- Voilà ! Alors que vois-tu dans cette boule de cristal ? INFO: mon câble réseau est toujours débranché
  7. VerdiosE
    "Lorada", c'était l'hacienda de Johnny Hallyday (ma femme est fan) , mais en ce qui nous concerne, c'est le nom que j'ai donné à HijackThis (Il était précisé qu'il valait mieux le renommer à l'installation) J'ai pas le temps d'en faire davantage car le travail m'appèle. Je m'y affaire ce soir.
  8. VerdiosE
    NOD32 vient de me signaler une menace... Il me semblait bien que la casse [ sYSteM32... .eXE ] était assez tordue. La mise en quarantaine n'a pas fonctionnée. La suppression non plus. J'ai débranché mon câble réseau. J'ai utilisé l'outil "Killer" de Malwarebytes pour supprimer ce fichier [oko6.dll] .... puis redémarrage (sans le câble réseau). ---------------------------------------------------------------- J'ai lu qu'il était préférable d'arrêter les points de restauration (que je n'ai pas encore fait) J'ai moi-même créé un de ces points début janvier (configuration sûre). Si je sélectionne ce point, tout ma configuration reviendra comme elle était à cette date où mon infection peut s'y être loger, ou encore cette infection interceptera ma demande et installera ses propres paramètres ?
  9. VerdiosE
    Merci Le Sioux de prendre mon problème en charge et pour le temps que tu consacre à cette cause (ZEBULON). Rapport AntiMalware (19 Fev) Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 19/02/2010 22:23:22 mbam-log-2010-02-19 (22-23-22).txt Type de recherche: Examen rapide Eléments examinés: 103288 Temps écoulé: 3 minute(s), 14 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) J'avais déjà eu recours à ce programme avant ton intervention dont voici le rapport précédemment obtenu si cela peut t'aider... Rapport AntiMalware (17 Fev) Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 17/02/2010 23:40:37 mbam-log-2010-02-17 (23-40-31).txt Type de recherche: Examen complet (C:\|D:\|L:\|) Eléments examinés: 188512 Temps écoulé: 33 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\010112010146114101.xxe (KoobFace.Trace) -> No action taken. C:\WINDOWS\01011201014650115.xxe (KoobFace.Trace) -> No action taken. C:\WINDOWS\0101120101465448.xxe (KoobFace.Trace) -> No action taken. C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken. C:\WINDOWS\pp14.exe (Worm.KoobFace) -> No action taken. C:\Documents and Settings\Administrateur\Local Settings\Temp\zpskon_1266201799.exe (Worm.Koobface) -> No action taken. Dans les deux cas, la mise à jour du logiciel n'a pas aboutie. Error code 732 (12007, 0) Rapport RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2010-02-19 22:27:44 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 152 GB (82%) free of 185 GB Total RAM: 2046 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:27:46, on 19/02/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Nod32\nod32kui.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\TweakRAM\TweakRAM.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\LClock\lclock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Nod32\nod32krn.exe C:\Program Files\LED\LedWallpaper\LedWallpaper.exe C:\WINDOWS\sYSteM32\SvchOst.eXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ROCCAT\Kone Mouse\osd.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\ijackThis\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [instantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Kone] "C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - S-1-5-18 Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe (User 'Default user') O4 - Startup: LedWallpaper.lnk = C:\Program Files\LED\LedWallpaper\LedWallpaper.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exe -- End of file - 7603 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Driver Robot.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-682003330-500Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1547161642-682003330-500UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-01 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] LinksFolderName SaveLinksOrder Locked [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe [2006-07-30 121089] "nod32kui"=C:\Program Files\Nod32\nod32kui.exe [2009-11-15 921600] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-08-11 81920] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "InstantBurn"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600] "LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2009-11-30 557056] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-09-04 75048] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-04-16 62760] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304] "Kone"=C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE [2008-10-06 151552] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2006-09-13 201728] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2006-07-05 36864] "TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe [2006-04-15 907264] "LClock"=C:\Program Files\LClock\lclock.exe [2004-09-19 65536] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "Power2GoExpress"= [] "Google Update"=C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-07 135664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware] C:\Program Files\Ad-Aware\Ad-Aware.exe [2005-05-27 865280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-07-26 184408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2009-04-16 87336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk] C:\WINDOWS\system32\topdesk.exe [2006-11-06 195584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de détection de support PMB.lnk] C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2008-11-28 327680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage LedWallpaper.lnk - C:\Program Files\LED\LedWallpaper\LedWallpaper.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoActiveDesktop"=00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" ======List of files/folders created in the last 1 months====== 2010-02-19 00:59:03 ----D---- C:\Program Files\ijackThis 2010-02-18 11:51:20 ----D---- C:\Program Files\lorada 2010-02-17 22:27:25 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2010-02-17 22:27:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-02-17 22:27:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-17 00:18:11 ----D---- C:\Program Files\trend micro 2010-02-17 00:18:10 ----D---- C:\rsit 2010-02-16 22:46:13 ----HD---- C:\WINDOWS\system32\GroupPolicy 2010-02-16 02:00:37 ----SHD---- C:\Config.Msi 2010-02-16 01:59:06 ----D---- C:\Program Files\Fichiers communs\BitDefender 2010-02-16 01:21:23 ----D---- C:\Program Files\Spyware Doctor 2010-02-15 09:15:27 ----A---- C:\WINDOWS\rdr_1266221723.exe 2010-02-14 21:54:28 ----A---- C:\WINDOWS\system32\oko6.dll 2010-02-13 10:42:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2010-02-08 15:24:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2010-02-07 10:27:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\Google 2010-02-07 10:25:16 ----D---- C:\Program Files\Google 2010-01-25 15:32:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\EPSON 2010-01-24 19:55:56 ----D---- C:\Program Files\Recuva 2010-01-24 18:57:51 ----D---- C:\Documents and Settings\Administrateur\Application Data\XnView 2010-01-24 18:56:15 ----D---- C:\Program Files\XnView 2010-01-24 18:40:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation 2010-01-24 18:23:01 ----D---- C:\Program Files\Sony 2010-01-24 17:44:52 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2010-01-24 17:40:53 ----D---- C:\Program Files\PicJet Studio 3.3.2 2010-01-23 22:22:52 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus 2010-01-23 22:22:49 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus 2010-01-23 22:20:21 ----D---- C:\Program Files\Vuze 2010-01-22 09:06:37 ----D---- C:\Program Files\Fichiers communs\Adobe AIR 2010-01-20 11:23:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird ======List of files/folders modified in the last 1 months====== 2010-02-19 21:41:25 ----D---- C:\WINDOWS\Temp 2010-02-19 12:00:25 ----ASH---- C:\boot.ini 2010-02-19 12:00:25 ----A---- C:\WINDOWS\win.ini 2010-02-19 12:00:25 ----A---- C:\WINDOWS\system.ini 2010-02-19 11:46:27 ----D---- C:\WINDOWS 2010-02-19 11:46:26 ----A---- C:\WINDOWS\lgfwup.ini 2010-02-19 11:46:24 ----D---- C:\Program Files\lg_fwupdate 2010-02-19 11:45:18 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-19 00:59:03 ----D---- C:\Program Files 2010-02-19 00:36:36 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp 2010-02-18 23:39:06 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-02-18 11:55:43 ----D---- C:\WINDOWS\system32 2010-02-18 00:41:07 ----D---- C:\WINDOWS\system32\drivers 2010-02-18 00:41:07 ----D---- C:\WINDOWS\Driver Cache 2010-02-17 01:20:06 ----D---- C:\WINDOWS\security 2010-02-17 00:31:43 ----D---- C:\WINDOWS\pss 2010-02-16 23:02:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2010-02-16 22:54:16 ----D---- C:\WINDOWS\Registration 2010-02-16 22:38:14 ----SD---- C:\WINDOWS\Tasks 2010-02-16 22:24:26 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-16 22:24:11 ----SHD---- C:\WINDOWS\Installer 2010-02-16 22:01:38 ----HD---- C:\WINDOWS\inf 2010-02-16 10:29:34 ----D---- C:\Program Files\Fichiers communs 2010-02-16 02:06:23 ----D---- C:\Program Files\Ad-Aware 2010-02-16 01:35:06 ----D---- C:\WINDOWS\Network Diagnostic 2010-02-16 01:21:29 ----D---- C:\WINDOWS\WinSxS 2010-02-15 23:15:57 ----D---- C:\Program Files\Internet Explorer 2010-02-15 10:02:16 ----D---- C:\Program Files\Fichiers communs\Ahead 2010-02-15 09:50:40 ----D---- C:\WINDOWS\Debug 2010-02-14 12:30:03 ----D---- C:\Program Files\Fichiers communs\Adobe 2010-02-14 12:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-02-13 13:02:27 ----A---- C:\WINDOWS\cdplayer.ini 2010-02-13 09:39:00 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-13 09:38:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-12 22:17:52 ----D---- C:\Program Files\Les Sims 3 2010-02-09 21:05:32 ----D---- C:\Documents and Settings\All Users\Application Data\UDL 2010-01-25 15:48:21 ----D---- C:\WINDOWS\Microsoft.NET 2010-01-25 15:47:38 ----RSD---- C:\WINDOWS\assembly 2010-01-25 11:29:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-24 18:34:47 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2010-01-24 18:29:32 ----HD---- C:\Program Files\InstallShield Installation Information 2010-01-24 18:29:32 ----D---- C:\WINDOWS\system32\DirectX 2010-01-24 17:44:28 ----D---- C:\WINDOWS\system32\fr-fr 2010-01-24 17:40:34 ----D---- C:\WINDOWS\system32\XPSViewer 2010-01-24 17:40:31 ----D---- C:\WINDOWS\system32\en-us 2010-01-24 17:40:25 ----RSD---- C:\WINDOWS\Fonts 2010-01-24 00:32:07 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-22 09:06:52 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2010-01-22 09:06:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe 2010-01-20 09:56:22 ----D---- C:\Program Files\Microsoft Silverlight ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-10-09 36864] R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys [] R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys [] R1 CLBStor;InstantBurn Storage Helper Driver; C:\WINDOWS\system32\drivers\CLBStor.sys [2007-06-04 16048] R1 oko6;oko6; \??\C:\WINDOWS\system32\drivers\oko6.sys [] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};Power Control [2009/12/04 15:34:45]; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys [] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [1999-09-10 25244] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\WINDOWS\system32\drivers\CLBUDF.sys [2007-06-04 162096] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-09 138752] R3 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 KoneFltr;ROCCAT Kone; C:\WINDOWS\system32\drivers\Kone.sys [2008-09-22 12672] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-17 31744] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-09-01 59264] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368] S3 BS_Flash;BS_Flash; \??\C:\Program Files\BIOS Update\BIOS Update\Award\BS_Flash.sys [] S3 GPCIDrv;GPCIDrv; \??\C:\Program Files\GIGABYTE\atBIOS\GPCIDrv.sys [] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248] S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248] S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-01-11 3624832] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WINFLASH;WINFLASH; \??\C:\Program Files\BIOS\BIOS Flash\WinFlash.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112] R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-07-26 606316] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-06-27 79136] R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Nod32\nod32krn.exe [2009-11-15 507904] R2 okosrv;okosrv; C:\WINDOWS\sYSteM32\SvchOst.eXE [2004-08-04 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 usnsvc;Service Messenger Sharing USN Journal Reader; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016] -----------------EOF----------------- INFO RSIT info.txt logfile of random's system information tool 1.06 2010-02-17 00:18:22 ======Uninstall list====== -->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c -removeonly -->C:\Program Files\InstallShield Installation Information\{D2A98502-8929-420F-AD48-086B1FD5CDEA}\setup.exe -runfromtemp -l0x040c -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean BIOS Flash-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FD1079-2CF1-461E-8418-E91CA6656B45}\setup.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Chinese Traditional Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-900000000003} CyberLink InstantBurn-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -l0x40c -uninstall CyberLink PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Diskeeper Professional Edition-->MsiExec.exe /X{DBCD6910-F929-4D46-B867-3EBEA4A1D409} EA Download Manager UI-->msiexec /qb /x {9901E703-D169-7139-1EA3-11AA788D09E6} EA Download Manager UI-->MsiExec.exe /I{9901E703-D169-7139-1EA3-11AA788D09E6} EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUninstall.exe EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Google SketchUp 7-->MsiExec.exe /X{5AD045DF-11AA-473D-B4AA-2A4F0E213047} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} Hi-Def Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} LabelPrint-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LedWallpaper 1.7.8-->"C:\Program Files\LED\LedWallpaper\unins000.exe" Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x040c -removeonly LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe" LightScribe Optical Disc Kit-->MsiExec.exe /X{71F17309-007D-43F9-9313-DBFBA5FCB3B3} Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe" MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{165EB935-0893-4FB3-B6FD-4D2B638B69B2} Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x040c -removeonly NOD32 Antivirus System-->C:\Program Files\Nod32\Setup\setup.exe /UNINSTALL NOD32 FiX v2.1-->"C:\Program Files\Nod32\unins000.exe" OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Power2Go 5.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RtkUpd.exe -r -m Recuva-->"C:\Program Files\Recuva\uninst.exe" ROCCAT Kone Mouse Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9733747E-E53D-4C17-977E-3A872AFB93E1}\Setup.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Serif PhotoPlus SE-->MsiExec.exe /X{09234F0D-5971-4701-94EE-89CB6926E273} Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe T-Utility Hardware Monitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B0B959-BDC0-41D0-A3D3-5F89AF5297B2}\setup.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Vuze-->C:\Program Files\Vuze\uninstall.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XnView 1.97-->"C:\Program Files\XnView\unins000.exe" Securitycenter WMI appears to be broken ======System event log====== Computer Name: HARMON Event Code: 62464 Message: UVD Information Record Number: 8581 Source Name: ati2mtag Time Written: 20100124115745.000000+060 Event Type: Informations User: Computer Name: HARMON Event Code: 62464 Message: UVD Information Record Number: 8580 Source Name: ati2mtag Time Written: 20100124115745.000000+060 Event Type: Informations User: Computer Name: HARMON Event Code: 62464 Message: UVD Information Record Number: 8579 Source Name: ati2mtag Time Written: 20100124115745.000000+060 Event Type: Informations User: Computer Name: HARMON Event Code: 62464 Message: UVD Information Record Number: 8578 Source Name: ati2mtag Time Written: 20100124115745.000000+060 Event Type: Informations User: Computer Name: HARMON Event Code: 62464 Message: UVD Information Record Number: 8577 Source Name: ati2mtag Time Written: 20100124115745.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: HARMON Event Code: 11724 Message: Product: Catalyst Control Center Core Implementation -- Removal completed successfully. Record Number: 2685 Source Name: MsiInstaller Time Written: 20091213183328.000000+060 Event Type: Informations User: HARMON\Administrateur Computer Name: HARMON Event Code: 11724 Message: Product: Catalyst Control Center - Branding -- Removal completed successfully. Record Number: 2684 Source Name: MsiInstaller Time Written: 20091213183328.000000+060 Event Type: Informations User: HARMON\Administrateur Computer Name: HARMON Event Code: 11724 Message: Product: CCC Help Portuguese -- Removal completed successfully. Record Number: 2683 Source Name: MsiInstaller Time Written: 20091213183327.000000+060 Event Type: Informations User: HARMON\Administrateur Computer Name: HARMON Event Code: 11724 Message: Product: CCC Help Polish -- Removal completed successfully. Record Number: 2682 Source Name: MsiInstaller Time Written: 20091213183326.000000+060 Event Type: Informations User: HARMON\Administrateur Computer Name: HARMON Event Code: 11724 Message: Product: CCC Help Italian -- Removal completed successfully. Record Number: 2681 Source Name: MsiInstaller Time Written: 20091213183325.000000+060 Event Type: Informations User: HARMON\Administrateur ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4b02 "NUMBER_OF_PROCESSORS"=2 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// J'avais bien compris de quoi il s'agit. C'est la façon dont c'est écrit qui me chiffonnait ...C:\WINDOWS\sYSteM32\SvchOst.eXE = C:\WINDOWS\system32\svchost.exe Dommage que l'équipe Windows n'ait pas le temps d'intituler tous leurs fichiers C'est quoi l'élément qui retient ton attention ? {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} \SGPSA\ (file missing) J'aimerais bien un jour pouvoir aider les autres à mon tour
  10. VerdiosE
    Bonsoir (ou bonjour) , J'ai, malgré ma vigilance, laissé entré un intrus en cliquant sur une vidéo d'un ami (le pauvre, il était même pas au courant). Désormais, 3 pages sur 5 (internet) ne correspondent pas à l'adresse demandée. J'ai donc effectué quelques petits nettoyages, mais en vain. C'est alors que je découvre ce merveilleux site - LONGUE VIE A ZEBULON - et merci mon amour d'avoir ton propre PC. J'ai donc pris soin de lire et d'appliquer les recommandations d' IPL001, mais n'étant pas encore un fin gourmet binaire, j'aimerais solliciter votre aide avant de poursuivre mes péripéties. Le premier truc qui m'interpèle, c'est ce processus... C:\WINDOWS\sYSteM32\SvchOst.eXE Est-ce normale une casse variable ? (minuscule - majuscule) Ensuite, O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) Est-ce vraiment un Add-On de Messenger ? Voilà, sinon, je ne vois pas plus de soucis dans ce rapport. Evidement , je ne lis pas un tel rapport comme je lis le français. Disons que cela ressemble plutôt à du hongrois Quelqu'un pourra-t-il m'aider à progresser ?
×
×
  • Créer...