dudulos2

Bonjour, Avec un peu de retard je te poste le résultat de ComboFix. Remarque : Au redémarrage, le XP Security semble ne pas s'être relancé : c'est bon signe? Rapport : ComboFix 10-03-24.02 - Denis 25/03/2010 7:23.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.521 [GMT 1:00] Lancé depuis: c:\documents and settings\Denis\Bureau\dudulos.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Alexis\Application Data\WeatherDPA c:\documents and settings\Alexis\Application Data\WeatherDPA\Weather\WeatherStartup.xml c:\documents and settings\Denis\Local Settings\Application Data\ave.exe c:\documents and settings\Denis\Local Settings\Temporary Internet Files\H31p3h0.jpg c:\documents and settings\Denis\Local Settings\Temporary Internet Files\HTGkdAB0R.jpg c:\documents and settings\Denis\Local Settings\Temporary Internet Files\R845kH4.jpg c:\documents and settings\Denis\Local Settings\Temporary Internet Files\Xh05nskp1.jpg c:\program files\SGPSA c:\program files\SGPSA\BHO.dll c:\windows\system32\images c:\windows\system32\images\accessinghvnoprop.jpg c:\windows\system32\images\accessingmdesk.jpg c:\windows\system32\images\ati_logo.jpg c:\windows\system32\images\hvdm.jpg c:\windows\system32\images\hvhotkeys.jpg c:\windows\system32\images\hvsystray.jpg c:\windows\system32\images\hvsystray2.jpg c:\windows\system32\images\Thumbs.db c:\windows\system32\index.html . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-25 au 2010-03-25 )))))))))))))))))))))))))))))))))))) . 2010-03-19 22:30 . 2010-03-19 22:55 -------- d-----w- C:\rsit 2010-03-19 21:43 . 2010-03-25 05:56 203264 --sha-w- c:\documents and settings\Denis\Local Settings\Application Data\1825969648.dll 2010-03-19 12:15 . 2010-03-19 12:49 -------- d-----w- c:\program files\Enigma Software Group 2010-03-11 06:50 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-06 18:37 . 2010-03-06 18:37 -------- d-----w- c:\program files\iPod 2010-03-06 18:36 . 2010-03-06 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-06 18:36 . 2010-03-06 18:38 -------- d-----w- c:\program files\iTunes 2010-03-06 18:35 . 2010-03-06 18:35 -------- d-----w- c:\program files\Bonjour 2010-03-06 18:34 . 2010-03-06 18:34 -------- d-----w- c:\program files\QuickTime 2010-03-06 18:31 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-03-06 18:31 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-03-06 18:23 . 2010-03-06 18:23 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-06 13:52 . 2010-03-17 19:07 -------- d-----w- c:\documents and settings\Alexis\Local Settings\Application Data\Temp 2010-02-25 16:18 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-25 06:16 . 2008-02-24 20:17 -------- d-----w- c:\program files\Wanadoo 2010-03-24 20:50 . 2008-04-26 20:41 -------- d-----w- c:\program files\Steam 2010-03-24 12:20 . 2008-04-20 16:12 -------- d-----w- c:\program files\POB 7 2010-03-22 16:54 . 2001-08-28 14:00 908132 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-22 16:54 . 2001-08-28 14:00 340276 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-20 10:39 . 2008-02-26 07:54 24808 ----a-w- c:\documents and settings\Alexis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-19 22:04 . 2008-02-24 22:29 24808 ----a-w- c:\documents and settings\Denis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-19 12:42 . 2008-07-08 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-06 18:54 . 2008-02-27 14:55 -------- d-----w- c:\documents and settings\Alexis\Application Data\Apple Computer 2010-03-06 18:36 . 2008-02-27 14:53 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-02-17 12:09 . 2009-11-01 12:30 24808 ----a-w- c:\documents and settings\Commun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-07 18:51 . 2010-02-07 18:51 -------- d-----w- c:\program files\MSECache 2010-02-06 12:33 . 2009-02-14 22:25 -------- d-----w- c:\documents and settings\Alexis\Application Data\teamspeak2 2010-02-03 13:47 . 2008-04-26 16:11 -------- d-----w- c:\program files\Google 2010-01-19 18:27 . 2010-01-19 18:27 0 ----a-w- c:\windows\nsreg.dat 2010-01-14 18:12 . 2010-01-16 19:19 127348 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aescn.dll 2010-01-14 18:12 . 2010-01-16 19:19 422262 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aepack.dll 2010-01-14 18:11 . 2010-01-16 19:19 2232695 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aeheur.dll 2010-01-14 18:11 . 2010-01-16 19:19 237942 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aehelp.dll 2010-01-14 18:11 . 2010-01-16 19:19 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aecore.dll 2010-01-07 15:07 . 2010-01-13 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2008-07-08 16:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 12:08 . 2010-01-16 19:19 594296 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aescript.dll 2010-01-07 12:08 . 2010-01-16 19:19 369014 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b521112\validationdir\aegen.dll 2010-01-05 09:56 . 2001-08-28 14:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2001-08-28 14:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2001-08-28 14:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-27 12:56 . 2009-12-27 12:56 13312 ----a-w- c:\windows\system32\svrapi.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}] 2010-02-16 06:43 2349080 ----a-w- c:\program files\radiodofus\tbrad0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b905bc9d-6059-4517-a6b4-950d26299a2b}"= "c:\program files\radiodofus\tbrad0.dll" [2010-02-16 2349080] [HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B905BC9D-6059-4517-A6B4-950D26299A2B}"= "c:\program files\radiodofus\tbrad0.dll" [2010-02-16 2349080] [HKEY_CLASSES_ROOT\clsid\{b905bc9d-6059-4517-a6b4-950d26299a2b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2001-03-26 77824] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 196608] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ATIPTA"="atiptaxx.exe" [2001-09-14 245760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Alexis\Menu D‚marrer\Programmes\D‚marrage\ Lanceur Pointsoft.lnk - c:\pointsoft\lanceur.exe [2001-2-12 71952] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk25.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintd03.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\steamapps\\alexancienskater\\counter-strike\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\alexancienskater\\condition zero\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [30/12/2005 12:12 3072] R2 OPTENET_FILTER;Securitoo Contrôle Parental;c:\program files\Securitoo\Contrôle Parental\bin\optproxy.exe [24/02/2008 22:05 497744] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 14:47 135664] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 Winhk25;Winhk25;\??\c:\windows\System32\drivers\Winhk25.sys --> c:\windows\System32\drivers\Winhk25.sys [?] S3 Wintd03;Wintd03;\??\c:\windows\System32\drivers\Wintd03.sys --> c:\windows\System32\drivers\Wintd03.sys [?] . Contenu du dossier 'Tâches planifiées' 2010-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] 2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:47] 2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:47] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr uInternet Connection Wizard,ShellNext = hxxp://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=3.0&Cd_Key=MV3883K594138241&Company=famille&FName=raultteyssonneyre&Lang=Fra IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\program files\Securitoo\Contrf4,le Parental\bin\lsp.dll TCP: {63664C21-28F3-43F5-9C59-02BA281757F0} = 80.10.246.1 81.253.149.2 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab FF - ProfilePath - c:\documents and settings\Denis\Application Data\Mozilla\Firefox\Profiles\c2qwr4ov.default\ FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-EoEngine - (no file) HKLM-Run-CmPCIaudio - CMICNFG3.cpl AddRemove-Le Club des TrouveTout, La Cité Perdue - c:\program files\Mindscape\Le Club des TrouveTout ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-25 07:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1715567821-2111687655-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1988) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\pctspk.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\atiptaxx.exe c:\windows\system32\RunDll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Heure de fin: 2010-03-25 07:36:12 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-25 06:36 Avant-CF: 84 573 634 560 octets libres Après-CF: 84 505 522 176 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn - - End Of File - - 9F5EBDB9192C635394873F1F0D38EE26

Bonjour et merci de ta réponse! Là je suis au bureau mais ce soir je me met sur le PC de la maison et je poste les résultats.

Bonjour, Je suis infecté par Xp smart security. Je suis sous XP familiale sp3. Ca a commencé par des détections multiples par Avira de troyens genre : Dldr.Zlob.caq (ou bnw) et autres dans Kcx.exe et autres comme Kviqub.exe, ou Drop.Agen.243712 ou Agent.184832 dans sshnas21.dll etc... Avira les a à peu près éliminer mais depuis j'ai cette cochonnerie de XP smart security qui démarre tout le temps, m'inonde de fausses alertes agrémentées d'invite à acheter un antimalware... Autres symptômes : - ouverture du centre de sécurité windows avec pare-feu désactivé - parfois difficultés à ouvrir IE7 - bloquage de sites sur IE (forums de déboggage de malwares par exemple...) - dans le panneau de configuration, impossibilité d'ouvrir le module d'ajout/effacement de programmes - IMPOSSIBILITE de charger ou lancer Malware Bytes Anti Malware... Tout ceci a lieu dans mon compte de XP. Curieusement, dans le compte de mon fils, pas de symptomes. J'y ai même pu lancer MBAM mais de retour sur mon compte pas de changement. Voici des logs de ce que j'ai essayé de faire (sans solutionner le problème) : 1. Scan antivir sur mon compte : Avira AntiVir Personal Report file date: vendredi 19 mars 2010 08:22 Scanning for 1876413 virus strains and unwanted programs. Licensed to: Avira AntiVir Personal - FREE Antivirus Serial number: 0000149996-ADJIE-0000001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: GTDR Version information: BUILD.DAT : 8.2.0.354 17048 Bytes 23/10/2009 13:15:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 19:51:45 AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 04:41:57 LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 04:41:57 LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 04:41:57 ANTIVIR0.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:39:24 ANTIVIR1.VDF : 7.10.4.211 7108976 Bytes 05/03/2010 19:21:08 ANTIVIR2.VDF : 7.10.5.133 709536 Bytes 18/03/2010 19:15:32 ANTIVIR3.VDF : 7.10.5.136 153600 Bytes 18/03/2010 19:15:37 Engineversion : 8.2.1.194 AEVDF.DLL : 8.1.1.3 106868 Bytes 23/01/2010 19:19:38 AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 18/03/2010 19:16:57 AESCN.DLL : 8.1.5.0 127347 Bytes 12/03/2010 19:21:21 AESBX.DLL : 8.1.2.1 254323 Bytes 18/03/2010 19:16:43 AERDL.DLL : 8.1.4.3 541043 Bytes 18/03/2010 19:16:40 AEPACK.DLL : 8.2.1.0 426356 Bytes 12/03/2010 19:21:19 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 18/03/2010 19:16:30 AEHEUR.DLL : 8.1.1.13 2470262 Bytes 18/03/2010 19:16:27 AEHELP.DLL : 8.1.10.2 237941 Bytes 18/03/2010 19:15:50 AEGEN.DLL : 8.1.2.2 373107 Bytes 18/03/2010 19:15:47 AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 11:05:19 AECORE.DLL : 8.1.12.3 188789 Bytes 18/03/2010 19:15:40 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 12:58:43 AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 04:41:57 AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 04:41:57 AVREP.DLL : 8.0.0.7 159784 Bytes 20/02/2010 08:46:10 AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 04:41:57 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 04:41:57 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 04:41:57 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 04:41:54 RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 04:41:54 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 19 mars 2010 08:22 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned Scan process 'rasautou.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'HijackThis.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'ave.exe' - '1' Module(s) have been scanned Scan process 'epmworker.exe' - '1' Module(s) have been scanned Scan process 'Generic.exe' - '1' Module(s) have been scanned Scan process 'SSScheduler.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned Scan process 'Kviqub.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'pctspk.exe' - '1' Module(s) have been scanned Scan process 'optproxy.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'ewidoctrl.exe' - '1' Module(s) have been scanned Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 48 processes with 48 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '54' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Denis\Local Settings\Temp\Kcx.exe [DETECTION] Is the TR/Dldr.Zlob.caq Trojan [NOTE] The file was moved to '4c1b276d.qua'! C:\System Volume Information\_restore{D36A4EEB-9088-470C-AB18-040135B9BF91}\RP331\A0437907.exe [DETECTION] Is the TR/Zlob.bnw Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{D36A4EEB-9088-470C-AB18-040135B9BF91}\RP331\A0437975.dll [DETECTION] Is the TR/Agent.184832 Trojan [NOTE] The file was deleted! C:\WINDOWS\Kviqub.VIR [DETECTION] Is the TR/Zlob.bnw Trojan [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK lib. [NOTE] The file was deleted! End of the scan: vendredi 19 mars 2010 12:58 Used time: 4:36:30 Hour(s) The scan has been done completely. 12863 Scanning directories 345847 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 3 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 345842 Files not concerned 2146 Archives were scanned 2 Warnings 4 Notes 2. Passage d'OTM avec des paramètres pris sur un forum : All processes killed ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMIMZMHMFM\ not found. Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found. ========== FILES ========== File/Folder C:\DOCUME~1\Val77\LOCALS~1\Temp\Djr.exe not found. File/Folder C:\WINDOWS\system32\logon.exe not found. File/Folder C:\WINDOWS\system32\sshnas21.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 39 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Alexis ->Temp folder emptied: 555784440 bytes ->Temporary Internet Files folder emptied: 3247253 bytes ->FireFox cache emptied: 90067835 bytes ->Flash cache emptied: 13415649 bytes User: All Users User: Commun ->Temp folder emptied: 62549 bytes ->Temporary Internet Files folder emptied: 447947 bytes ->FireFox cache emptied: 3286011 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Denis ->Temp folder emptied: 18499858 bytes ->Temporary Internet Files folder emptied: 3040737 bytes ->FireFox cache emptied: 3258350 bytes ->Flash cache emptied: 2147 bytes User: Eudes User: Geneviève ->Temp folder emptied: 163576 bytes ->Temporary Internet Files folder emptied: 24607504 bytes ->FireFox cache emptied: 3397323 bytes ->Flash cache emptied: 405 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 7277368 bytes ->Flash cache emptied: 72 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 75646687 bytes ->Flash cache emptied: 10963235 bytes %systemdrive% .tmp files removed: 156672 bytes %systemroot% .tmp files removed: 1569510 bytes %systemroot%\System32 .tmp files removed: 14402560 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 45222485 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23964002 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 857,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03192010_130427 Files moved on Reboot... Registry entries deleted on Reboot... 3. Passage de MBAM sur le compte de mon fils : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 19/03/2010 22:02:27 mbam-log-2010-03-19 (22-02-16).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 300177 Temps écoulé: 1 hour(s), 55 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\SDFix\dummy.sys (Malware.Trace) -> No action taken. C:\SDFix\apps\dummy.sys (Malware.Trace) -> No action taken. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken. 4. Passage de RSIT sur le compte de mon fils : 4.1 log Logfile of random's system information tool 1.06 (written by random/random) Run by Alexis at 2010-03-19 23:30:15 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 81 GB (62%) free of 131 GB Total RAM: 767 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:30:23, on 19/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\pointsoft\lanceur.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alexis\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Alexis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) R3 - URLSearchHook: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbrad0.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbrad0.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbrad0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Lanceur Pointsoft.lnk = C:\pointsoft\lanceur.exe O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203887950545 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63664C21-28F3-43F5-9C59-02BA281757F0}: NameServer = 80.10.246.1 81.253.149.2 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 9591 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-03 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}] radiodofus Toolbar - C:\Program Files\radiodofus\tbrad0.dll [2010-02-16 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}] Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {b905bc9d-6059-4517-a6b4-950d26299a2b} - radiodofus Toolbar - C:\Program Files\radiodofus\tbrad0.dll [2010-02-16 2349080] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-29 196608] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497] "EoEngine"= [] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28 528384] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-09-14 245760] "CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Alexis\Menu Démarrer\Programmes\Démarrage Lanceur Pointsoft.lnk - C:\pointsoft\lanceur.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"= [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk25.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintd03.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhk25.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wintd03.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\EA GAMES\MOHDA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\Documents and Settings\Alexis\Mes documents\metin2.bin"="C:\Documents and Settings\Alexis\Mes documents\metin2.bin:*:Disabled:metin2" "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Steam\steamapps\alexancienskater\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\alexancienskater\counter-strike\hl.exe:*:Disabled:Half-Life Launcher" "C:\DOCUME~1\Denis\LOCALS~1\Temp\8.tmp.exe"="C:\DOCUME~1\Denis\LOCALS~1\Temp\8.tmp.exe:*:Enabled:msdefender.exe" "C:\WINDOWS\msserv.exe"="C:\WINDOWS\msserv.exe:*:Enabled:enable" "C:\WINDOWS\system32\msdefender.exe"="C:\WINDOWS\system32\msdefender.exe:*:Enabled:msdefender.exe" "C:\Program Files\Steam\steamapps\alexancienskater\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\alexancienskater\condition zero\hl.exe:*:Disabled:Half-Life Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe"="C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Disabled:dfbhd" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Disabled:Steam" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "explorer.exe"="explorer.exe::*:Enabled:Explorer" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12626c42-21e1-11dd-a823-000e505a77b9}] shell\AutoRun\command - F:\LaunchU3.exe -a ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2010-03-19 23:30:15 ----D---- C:\rsit 2010-03-19 13:38:41 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-19 13:15:54 ----D---- C:\Program Files\Enigma Software Group 2010-03-11 08:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-06 19:37:03 ----D---- C:\Program Files\iPod 2010-03-06 19:36:49 ----D---- C:\Program Files\iTunes 2010-03-06 19:36:49 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-06 19:35:15 ----D---- C:\Program Files\Bonjour 2010-03-06 19:34:05 ----D---- C:\Program Files\QuickTime 2010-03-06 19:31:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2010-02-25 17:18:48 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-02-25 00:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ ======List of files/folders modified in the last 1 months====== 2010-03-19 23:30:21 ----D---- C:\WINDOWS\Prefetch 2010-03-19 23:17:11 ----D---- C:\Program Files\Mozilla Firefox 2010-03-19 23:16:41 ----D---- C:\WINDOWS\Temp 2010-03-19 23:16:40 ----D---- C:\Program Files\Wanadoo 2010-03-19 23:06:51 ----D---- C:\WINDOWS\system32 2010-03-19 23:06:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-19 23:01:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-19 22:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$ 2010-03-19 22:05:59 ----D---- C:\WINDOWS\system32\drivers 2010-03-19 22:03:59 ----SD---- C:\WINDOWS\Tasks 2010-03-19 20:44:20 ----D---- C:\Program Files\Steam 2010-03-19 18:17:42 ----HD---- C:\WINDOWS\inf 2010-03-19 18:17:42 ----D---- C:\WINDOWS 2010-03-19 18:17:41 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-19 13:42:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-19 13:15:54 ----RD---- C:\Program Files 2010-03-17 20:07:43 ----SHD---- C:\WINDOWS\Installer 2010-03-11 19:33:04 ----D---- C:\WINDOWS\Debug 2010-03-11 08:21:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-11 08:21:48 ----D---- C:\Program Files\Movie Maker 2010-03-11 08:21:19 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-06 19:54:05 ----D---- C:\Documents and Settings\Alexis\Application Data\Apple Computer 2010-03-06 19:38:12 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-03-06 19:36:58 ----D---- C:\Program Files\Fichiers communs\Apple 2010-03-06 19:32:42 ----D---- C:\WINDOWS\WinSxS 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-01 75096] R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS [] R2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS [1999-09-20 6144] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2001-09-14 337472] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2008-09-03 1516672] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480] S3 Winhk25;Winhk25; \??\C:\WINDOWS\System32\drivers\Winhk25.sys [] S3 Wintd03;Wintd03; \??\C:\WINDOWS\System32\drivers\Wintd03.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-10-22 39936] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-08-03 497744] R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-23 86016] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888] S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-18 151616] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- 4.2 fichier info sur le compte de mon fils info.txt logfile of random's system information tool 1.06 2010-03-19 23:30:26 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\Presto! BizCard Fre\Uninst.isu" -c"C:\WINDOWS\StiRegstFre.dll" -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} ABBYY FineReader 6.0-->MsiExec.exe /I{AF600F7B-67A7-48D9-BA3B-0FF97F35F970} Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ArcSoft PhotoImpression 2000-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68CF04B1-A3B4-472D-BF4C-1B562EE2BE17}\Setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Multimedia Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{885283DA-46D5-4F9A-85AA-45B421BB6077}\setup.exe" AVIConverter 5.1.6-->C:\Program Files\AVIConverter\uninst.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Battlefield 1942-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x40c Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Bugs Bunny - Voyage à travers le temps-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Infogrames\Bugs Bunny - Voyage à travers le temps\Uninst.isu" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" C-Media PCI Audio Device-->C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\C-Media PCI Audio Device#C-Media PCI Audio Device#C-Media PCI Audio Device# Contrôle Parental-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Counter-Strike-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} Delta Force - Black Hawk Down-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}\setup.exe" -l0x40c -uninst Dictee-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{12e5a2d2-fb45-47bc-ad2f-e53976740b1d}.sdb" DicteeCE2-->C:\WINDOWS\UbiSoft\UbiSetup.exe -uninstall DicteeCE2 Disc2Phone-->MsiExec.exe /X{1C75E8E0-29D5-4298-AE16-B8604FD9DDE4} Dis-moi Adi Anglais-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5129869-9093-4EAF-9A82-37BF10DA4135}\setup.exe" -l0x40c -removeonly Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe Dofus-->msiexec /qb /x {5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD} Dofus-->MsiExec.exe /I{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD} EA SPORTS online 2004-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall ewido anti-malware-->C:\Program Files\ewido anti-malware\Uninstall.exe Fast Browser Search (My Web Tattoo)-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll" FIFA 2004-->C:\Program Files\EA SPORTS\FIFA 2004\EAUninstall.exe Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hp deskjet 920c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 920c series HydraVision-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Lapin Malin CE1-->C:\Program Files\Mindscape\Lapin Malin CE1\uninstall.exe Lapin Malin Initiation à l'anglais CE1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17B6E8BA-17F7-4157-8AA5-0B99CE877669}\setup.exe" Le Club des TrouveTout, La Cité Perdue-->C:\Program Files\Mindscape\Le Club des TrouveTout, La Cité Perdue\uninstall.exe Le Monde de Nemo : Une Odyssée Sous-Marine-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BCB8D603-985E-4765-B4AB-B4B991A535B7} NemoUWFUninstall Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe" Medal of Honor débarquement allié-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x40c MediaBar-->C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe "C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx" "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{9151040C-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional-->MsiExec.exe /I{9111040C-6000-11D3-8CFE-0050048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.5.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Patch Darluok-->"C:\WINDOWS\Patch Darluok\uninstall.exe" "/U:C:\Program Files\World of Warcraft\Uninstall\uninstall.xml" Perf2480P_2580P Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\Perf2480P_2580P\REF_G\DOCUNINS.EXE PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x40c POB 7-->C:\Program Files\POB 7\Uninstall.exe POB 8-->C:\Program Files\POB 8\Uninstall.exe PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Presto! BizCard 4.1 Fre-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NewSoft\Presto! BizCard Fre\Uninst.isu" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} radiodofus Toolbar-->C:\PROGRA~1\RADIOD~1\UNWISE.EXE /U C:\PROGRA~1\RADIOD~1\INSTALL.LOG Reg (DOFUS Audio Subsystem)-->msiexec /qb /x {3F900346-A316-BA88-B83C-2513F1260AD7} Reg (DOFUS Audio Subsystem)-->MsiExec.exe /I{3F900346-A316-BA88-B83C-2513F1260AD7} ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sethi et le Sorcier Inca-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Montparnasse multimedia - GEO\Sethi et le Sorcier Inca\Uninst.isu" Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4} Sony Ericsson Drivers-->MsiExec.exe /I{5CC68528-24FF-4DF8-91C9-AF540F98505A} Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall Sony Ericsson PC Suite-->MsiExec.exe /I{B192E1BB-98A4-4369-9271-96117A57F546} SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel Starsky&Hutch-->C:\Program Files\Empire Interactive\Starsky&Hutch\Uninstall.exe Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Supercar Street Challenge-->C:\PROGRA~1\ACTIVI~1\SSC\Uninstall\Unwise.exe /u C:\PROGRA~1\ACTIVI~1\SSC\Uninstall\Install.log TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe Tony Hawk's American Wasteland-->MsiExec.exe /I{3293C06B-003F-4027-8380-FFD79E38167D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Wanadoo-->C:\PROGRA~1\Wanadoo\Shell.exe desinstall.shl WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe =====HijackThis Backups===== O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2010-02-03] O4 - HKLM\..\Run: [sGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2010-02-03] O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Denis\LOCALS~1\Temp\Kcx.exe [2010-03-19] O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-03-19] O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe [2010-03-19] ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: Avira AntiVir PersonalEdition ======System event log====== Computer Name: GTDR Event Code: 7036 Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté. Record Number: 15190 Source Name: Service Control Manager Time Written: 20100225154540.000000+060 Event Type: Informations User: Computer Name: GTDR Event Code: 7036 Message: Le service Service de l’iPod est entré dans l'état : en cours d'exécution. Record Number: 15189 Source Name: Service Control Manager Time Written: 20100225154539.000000+060 Event Type: Informations User: Computer Name: GTDR Event Code: 7036 Message: Le service Service Google Update (gupdate) est entré dans l'état : arrêté. Record Number: 15188 Source Name: Service Control Manager Time Written: 20100225154537.000000+060 Event Type: Informations User: Computer Name: GTDR Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod. Record Number: 15187 Source Name: Service Control Manager Time Written: 20100225154537.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: GTDR Event Code: 7036 Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution. Record Number: 15186 Source Name: Service Control Manager Time Written: 20100225154537.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: GTDR Event Code: 2003 Message: Le service EAPOL est en cours d'exécution Record Number: 1226 Source Name: EAPOL Time Written: 20091228170020.000000+060 Event Type: Informations User: Computer Name: GTDR Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1225 Source Name: LoadPerf Time Written: 20091228143056.000000+060 Event Type: Informations User: Computer Name: GTDR Event Code: 3011 Message: Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section Data. Record Number: 1224 Source Name: LoadPerf Time Written: 20091228143053.000000+060 Event Type: erreur User: Computer Name: GTDR Event Code: 3012 Message: Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. Record Number: 1223 Source Name: LoadPerf Time Written: 20091228143053.000000+060 Event Type: erreur User: Computer Name: GTDR Event Code: 3012 Message: Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. Record Number: 1222 Source Name: LoadPerf Time Written: 20091228143052.000000+060 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- 4.3 Fichier log après passage sur mon compte : Logfile of random's system information tool 1.06 (written by random/random) Run by Denis at 2010-03-19 23:54:17 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 81 GB (62%) free of 131 GB Total RAM: 767 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:30:23, on 19/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\pointsoft\lanceur.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alexis\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Alexis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) R3 - URLSearchHook: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbrad0.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbrad0.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbrad0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Lanceur Pointsoft.lnk = C:\pointsoft\lanceur.exe O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203887950545 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-2.0.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{63664C21-28F3-43F5-9C59-02BA281757F0}: NameServer = 80.10.246.1 81.253.149.2 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Securitoo Contrôle Parental (OPTENET_FILTER) - WANADOO - C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 9591 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-03 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}] radiodofus Toolbar - C:\Program Files\radiodofus\tbrad0.dll [2010-02-16 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}] Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {b905bc9d-6059-4517-a6b4-950d26299a2b} - radiodofus Toolbar - C:\Program Files\radiodofus\tbrad0.dll [2010-02-16 2349080] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-29 196608] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497] "EoEngine"= [] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28 528384] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "ATIPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-09-14 245760] "CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe [2001-03-26 77824] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"= [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhk25.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintd03.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winhk25.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wintd03.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\EA GAMES\MOHDA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\Documents and Settings\Alexis\Mes documents\metin2.bin"="C:\Documents and Settings\Alexis\Mes documents\metin2.bin:*:Disabled:metin2" "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Steam\steamapps\alexancienskater\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\alexancienskater\counter-strike\hl.exe:*:Disabled:Half-Life Launcher" "C:\DOCUME~1\Denis\LOCALS~1\Temp\8.tmp.exe"="C:\DOCUME~1\Denis\LOCALS~1\Temp\8.tmp.exe:*:Enabled:msdefender.exe" "C:\WINDOWS\msserv.exe"="C:\WINDOWS\msserv.exe:*:Enabled:enable" "C:\WINDOWS\system32\msdefender.exe"="C:\WINDOWS\system32\msdefender.exe:*:Enabled:msdefender.exe" "C:\Program Files\Steam\steamapps\alexancienskater\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\alexancienskater\condition zero\hl.exe:*:Disabled:Half-Life Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe"="C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe:*:Disabled:dfbhd" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Disabled:Steam" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "explorer.exe"="explorer.exe::*:Enabled:Explorer" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======File associations====== .exe - open - "C:\Documents and Settings\Denis\Local Settings\Application Data\ave.exe" /START "%1" %* .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2010-03-19 23:30:15 ----D---- C:\rsit 2010-03-19 13:38:41 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-19 13:15:54 ----D---- C:\Program Files\Enigma Software Group 2010-03-11 08:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-06 19:37:03 ----D---- C:\Program Files\iPod 2010-03-06 19:36:49 ----D---- C:\Program Files\iTunes 2010-03-06 19:36:49 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-06 19:35:15 ----D---- C:\Program Files\Bonjour 2010-03-06 19:34:05 ----D---- C:\Program Files\QuickTime 2010-03-06 19:31:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2010-02-25 17:18:48 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-02-25 00:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ ======List of files/folders modified in the last 1 months====== 2010-03-19 23:53:29 ----D---- C:\WINDOWS\Temp 2010-03-19 23:53:20 ----D---- C:\Program Files\Wanadoo 2010-03-19 23:30:23 ----D---- C:\WINDOWS\Prefetch 2010-03-19 23:17:11 ----D---- C:\Program Files\Mozilla Firefox 2010-03-19 23:06:51 ----D---- C:\WINDOWS\system32 2010-03-19 23:06:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-19 23:01:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-19 22:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$ 2010-03-19 22:05:59 ----D---- C:\WINDOWS\system32\drivers 2010-03-19 22:03:59 ----SD---- C:\WINDOWS\Tasks 2010-03-19 20:44:20 ----D---- C:\Program Files\Steam 2010-03-19 18:17:42 ----HD---- C:\WINDOWS\inf 2010-03-19 18:17:42 ----D---- C:\WINDOWS 2010-03-19 18:17:41 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-19 13:42:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-19 13:15:54 ----RD---- C:\Program Files 2010-03-17 20:07:43 ----SHD---- C:\WINDOWS\Installer 2010-03-11 19:33:04 ----D---- C:\WINDOWS\Debug 2010-03-11 08:21:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-11 08:21:48 ----D---- C:\Program Files\Movie Maker 2010-03-11 08:21:19 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-06 19:38:12 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-03-06 19:36:58 ----D---- C:\Program Files\Fichiers communs\Apple 2010-03-06 19:32:42 ----D---- C:\WINDOWS\WinSxS 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-01 75096] R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS [] R2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS [1999-09-20 6144] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2001-09-14 337472] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmudax3.sys [2008-09-03 1516672] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480] S3 Winhk25;Winhk25; \??\C:\WINDOWS\System32\drivers\Winhk25.sys [] S3 Wintd03;Wintd03; \??\C:\WINDOWS\System32\drivers\Wintd03.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-10-22 39936] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 OPTENET_FILTER;Securitoo Contrôle Parental; C:\Program Files\Securitoo\Contrôle Parental\bin\optproxy.exe [2004-08-03 497744] R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-23 86016] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03 135664] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888] S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-18 151616] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Pardon pour la longueur mais merci d'avance pour votre aide!