mowgli85

OK Thanos, je suivrai tes conseil pour l'avenir, c'est promis!! En tout cas UN GRAND MERCI POUR TON AIDE @+

Thanos, J'ai bien éxecuté en tant qu'administrateur, mais le programme n'a pas fonctionné. Pour le rapport il n'y a pas d'Afficher les détails" voici ce que j'ai extrait : containerfile:D:\UDISK 2.0\Norton_AntiVirus_2007_Internet_Security_2007.uif file:D:\UDISK 2.0\Norton_AntiVirus_2007_Internet_Security_2007.uif->(UIF)->NAV2007RETAIL FOR XP VISTA32.64\NAV2007RETAIL_XP_VISTA32.64\Norton.Antivirus.2007.Keygen_Upgraded.exe containerfile:D:\eMule\Incoming\(Incl. Bonus Tracks) tori amos abnormally attracted to sin .zip file:D:\eMule\Incoming\(Incl. Bonus Tracks) tori amos abnormally attracted to sin .zip->Setup.exe->(WExtract)->TorrentSpeederInstaller.exe->(AutoIT)->TorentSilentInstall.exe->(AutoIT)->TorrentSpeeder-1.0.0.1-setup.exe containerfile:D:\Sonar Home Studio 6 XL (multilanguage).zip file:D:\Sonar Home Studio 6 XL (multilanguage).zip->Setup.exe containerfile:D:\eMule\Incoming\(Incl. Bonus Tracks) tori amos abnormally attracted to sin .zip file:D:\eMule\Incoming\(Incl. Bonus Tracks) tori amos abnormally attracted to sin .zip->Setup.exe->(WExtract)->TorrentSpeederInstaller.exe->(AutoIT)->Forextrading.exe containerfile:D:\UDISK 2.0\UDISK 2.0 (G)\LEXAR MEDIA (H)\AssMat.Revenus.exe file:D:\UDISK 2.0\UDISK 2.0 (G)\LEXAR MEDIA (H)\AssMat.Revenus.exe->(UPX)->(RarSfx)->AssMat.Revenus.sar containerfile:D:\UDISK 2.0\Norton_AntiVirus_2007_Internet_Security_2007.uif file:D:\UDISK 2.0\Norton_AntiVirus_2007_Internet_Security_2007.uif->(UIF)->NAV2007RETAIL FOR XP VISTA32.64\NAV2007RETAIL_XP_VISTA32.64\Norton.Antivirus.2007.Keygen.exe file:D:\UDISK 2.0\UDISK 2.0 (G)\LEXAR MEDIA (H)\AssMat.Revenus.sar A bientôt

Thanos, En fait je n'ai pas réussi à installer MSE Update Utility Installer car il a buggé j'ai fait la MàJ manuelle sur le site Microsofoft et ca marche j'ai aussi installé un jeu sans problème Ci-dessous la capture du rapport d'analyse compléte http://img51.imageshack.us/img51/6087/capturerp.jpg A bientôt

Thanos, Depuis mon dernier message j'ai pu faire la màj de Microsoft Security Essentials et une analyse compléte 6 éléments ont été detectés et supprimés ou mis en quanrantaine. penses-tu que mon ordi est suffisamment protégé ou dois-je encore tenter quelquechose? En tout cas merci pour ton aide précieuse

Thanos, oui j'ai pu installer un jeu sans souci ci dessous une capture suite à échec MSE utility http://img815.imageshack.us/img815/1880/mseupdateutility.jpg A bientôt

Thanos, voici le log Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

Thanos, impossible de cocher ou décocher quoi que ce soit le programme démarre de suite et quelques seconde après il bloque je joins une capture qui peut t'aider peut-etre A bientôt http://img204.imageshack.us/img204/3219/gmererroru.jpg

Bonjour Thanos, désolé mais ce nouveau programme ne fonctionne pas non plus ROOTREPEAL CRASH REPORT ------------------------- Windows Version: Windows Vista SP0 Exception Code: 0xc0000005 Exception Address: 0x00422bf2 Attempt to read from address: 0x00000004 a bientôt

Bonsoir Thanos, j'ai bien pratiqué comme tu me l'as dit, mais après "executer en tant qu'admisitrateur", le programme se lance directement et se bloque aprés quelques minutes. Impossible de "décocher" Sections microsoft security essentials fonctionne bien apparemment A bientôt

Bonjour Thanos, Voilà, ça devrait mieux te convenir A bientôt ComboFix 10-06-06.01 - mowgli95 07/06/2010 6:02.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.822 [GMT 2:00] Lancé depuis: c:\users\mowgli95\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\mowgli95\Downloads\CFScript(3).txt AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\system32\dxcombin.exe" "c:\windows\system32\dxwizard.exe" "c:\windows\system32\winvercp.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Alwil Software c:\programdata\Alwil Software . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_DirectX common -------\Service_DirectX multi version -------\Service_Windows sharing object ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-07 au 2010-06-07 )))))))))))))))))))))))))))))))))))) . 2010-06-07 04:10 . 2010-06-07 04:10 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-06-07 04:10 . 2010-06-07 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-06 19:09 . 2010-06-06 19:24 -------- d-----w- C:\mowgli8524127m 2010-06-06 11:56 . 2010-06-06 11:56 -------- d-----w- C:\games 2010-06-06 05:45 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-06-03 16:02 . 2010-06-03 16:02 -------- d-----w- C:\rsit 2010-06-03 16:02 . 2010-06-03 16:02 -------- d-----w- c:\program files\trend micro 2010-06-03 03:42 . 2010-06-06 08:49 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-02 04:39 . 2010-06-02 04:39 -------- d-----w- c:\program files\Common Files\BitDefender 2010-06-01 18:32 . 2010-06-01 18:32 -------- d-----w- c:\users\mowgli95\AppData\Roaming\Malwarebytes 2010-06-01 18:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-01 18:32 . 2010-06-01 18:32 -------- d-----w- c:\programdata\Malwarebytes 2010-06-01 18:32 . 2010-06-01 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-01 18:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 18:51 . 2010-05-31 18:51 -------- d-----w- c:\users\mowgli95\DoctorWeb 2010-05-30 17:02 . 2010-05-30 17:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2010-05-29 05:25 . 2010-05-29 05:25 -------- d-----w- c:\users\mowgli95\AppData\Roaming\Icones . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 04:15 . 2007-05-20 06:14 60170 ----a-w- c:\users\mowgli95\AppData\Roaming\nvModes.dat 2010-06-07 04:15 . 2009-01-30 17:05 -------- d-----w- c:\programdata\VMware 2010-06-07 04:11 . 2007-06-30 09:43 12 ----a-w- c:\windows\bthservsdp.dat 2010-06-06 19:11 . 2006-11-02 15:48 723492 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-06 19:11 . 2006-11-02 15:48 131792 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-05 20:47 . 2007-03-15 12:13 -------- d-----w- c:\programdata\Microsoft Help 2010-05-30 16:47 . 2008-04-14 18:36 -------- d-----w- c:\users\mowgli95\AppData\Roaming\Uniblue 2010-05-30 15:18 . 2010-04-03 05:58 -------- d-----w- c:\users\mowgli95\AppData\Roaming\OnlineStorage 2010-05-26 17:07 . 2008-11-25 16:01 -------- d-----w- c:\programdata\HP Product Assistant 2010-05-25 11:28 . 2007-08-15 06:53 -------- d-----w- c:\users\mowgli95\AppData\Roaming\OpenOffice.org2 2010-05-15 13:46 . 2010-03-17 19:27 -------- d-----w- c:\users\mowgli95\AppData\Roaming\vlc 2010-05-15 13:46 . 2009-02-14 07:31 -------- d-----w- c:\users\mowgli95\AppData\Roaming\dvdcss 2010-05-12 09:21 . 2009-10-03 17:05 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-02 04:42 . 2009-10-26 17:16 -------- d-----w- c:\users\mowgli95\AppData\Roaming\HpUpdate 2010-04-19 16:12 . 2007-05-19 17:58 131664 ----a-w- c:\users\mowgli95\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-19 14:25 . 2008-07-27 10:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-20 09:55 . 2010-03-20 09:56 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OSDOverLayIcon] @="{8129812F-4AF8-4A47-85A5-D995B505880C}" [HKEY_CLASSES_ROOT\CLSID\{8129812F-4AF8-4A47-85A5-D995B505880C}] 2009-04-16 14:32 53248 ----a-w- d:\mes données\OSDExtension.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "SpriteService"="c:\program files\Sprite Software\Sprite Backup\SpriteService.exe" [2006-08-15 544768] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] "OnlineStorage"="d:\mes données\OrangeDrvHome.exe" [2009-04-16 217088] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-02-06 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272] "NDSTray.exe"="NDSTray.exe" [bU] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 894512] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504] "CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="d:\media player\Media Player.exe" [2008-12-02 319488] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, append.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\common\Database\bin\fbserver.exe [2005-11-17 1527900] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-08-25 685816] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs32.sys [2009-01-21 137384] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/15 13:24];d:\powerdvd9\000.fcl [2009-05-07 19:05 87536] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792] S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI239D.tmp [2009-05-12 189696] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ . Contenu du dossier 'Tâches planifiées' 2010-06-07 c:\windows\Tasks\User_Feed_Synchronization-{DAABF963-70E0-4DAE-9E5A-49A072EE60F7}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.foozir.com/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR LSP: c:\program files\VMware\VMware Player\vsocklib.dll TCP: {FB818685-DB53-4601-80BE-1E9D67220C25} = 192.168.1.1 FF - ProfilePath - c:\users\mowgli95\AppData\Roaming\Mozilla\Firefox\Profiles\po29tz47.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\mowgli95\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\divx\DivX Web Player\npdivx32.dll FF - plugin: d:\program files\Netscape6\nppl3260.dll FF - plugin: d:\program files\Netscape6\nprjplug.dll FF - plugin: d:\program files\Netscape6\nprpjplug.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 06:15 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84C531E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x82e61d1f \Driver\ACPI -> acpi.sys @ 0x804479d6 \Driver\atapi -> 0x84c531e8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPDFReadSpool] "ImagePath"="c:\windows\Installer\MSI239D.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\d:\powerdvd9\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:00000020 [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(4148) d:\mes données\OSDExtension.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\RtHDVCpl.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ehome\ehmsas.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\windows\system32\vmnat.exe c:\program files\VMware\VMware Player\vmware-authd.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\vmnetdhcp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\windows\system32\conime.exe c:\program files\Microsoft Security Essentials\MpCmdRun.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Heure de fin: 2010-06-07 06:21:04 - La machine a redémarré ComboFix-quarantined-files.txt 2010-06-07 04:20 ComboFix2.txt 2010-06-06 19:24 ComboFix3.txt 2010-06-06 16:35 Avant-CF: 33 112 862 720 octets libres Après-CF: 33 037 103 104 octets libres - - End Of File - - A00C68F969FAB5E78C2E2CF7619FC997

Thanos, effectivement, Microsoft Security essentials ne fonctionne pas correctement : il fait une mise à jour depuis des heurs sans succés. pour le reste j'ai pas réussi à faire comme tu me dis mais voici ce que j'ai pu récuperer. http://senduit.com/931ddc fais moi signe si c'est pas ça @+

Bon courage @+ ComboFix 10-06-05.03 - mowgli95 06/06/2010 18:15:29.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.999 [GMT 2:00] Lancé depuis: c:\users\mowgli95\Downloads\mowgli85.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} SP: Microsoft Security Essentials *disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\npclntax.xpt c:\users\mowgli95\AviSynthLexer.lexer c:\users\mowgli95\corona.dll c:\users\mowgli95\FAVORI~1\Games.url c:\users\mowgli95\Favorites\Games.url c:\users\mowgli95\ogg.dll c:\users\mowgli95\vcredist.exe c:\users\mowgli95\vorbis.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3550P -------\Service_Neth -------\Service_Win Common module -------\Service_WinTrust32 ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-06 au 2010-06-06 )))))))))))))))))))))))))))))))))))) . 2010-06-06 16:24 . 2010-06-06 16:28 -------- d-----w- c:\users\mowgli95\AppData\Local\temp 2010-06-06 16:24 . 2010-06-06 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-06 11:56 . 2010-06-06 11:56 -------- d-----w- C:\games 2010-06-06 05:45 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-06-06 05:44 . 2010-06-06 05:44 -------- d-----w- c:\program files\Alwil Software 2010-06-03 16:02 . 2010-06-03 16:02 -------- d-----w- C:\rsit 2010-06-03 16:02 . 2010-06-03 16:02 -------- d-----w- c:\program files\trend micro 2010-06-03 03:42 . 2010-06-06 08:49 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-02 04:39 . 2010-06-02 04:39 -------- d-----w- c:\program files\Common Files\BitDefender 2010-06-01 18:32 . 2010-06-01 18:32 -------- d-----w- c:\users\mowgli95\AppData\Roaming\Malwarebytes 2010-06-01 18:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-01 18:32 . 2010-06-01 18:32 -------- d-----w- c:\programdata\Malwarebytes 2010-06-01 18:32 . 2010-06-01 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-01 18:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 18:51 . 2010-05-31 18:51 -------- d-----w- c:\users\mowgli95\DoctorWeb 2010-05-30 17:02 . 2010-05-30 17:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2010-05-29 05:25 . 2010-05-29 05:25 -------- d-----w- c:\users\mowgli95\AppData\Roaming\Icones 2010-05-26 04:09 . 2010-06-06 06:15 -------- d-----w- c:\programdata\Alwil Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 16:28 . 2007-05-20 06:14 60170 ----a-w- c:\users\mowgli95\AppData\Roaming\nvModes.dat 2010-06-06 16:27 . 2009-01-30 17:05 -------- d-----w- c:\programdata\VMware 2010-06-06 16:25 . 2007-06-30 09:43 12 ----a-w- c:\windows\bthservsdp.dat 2010-06-06 16:16 . 2006-11-02 15:48 723492 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-06 16:16 . 2006-11-02 15:48 131792 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-05 20:47 . 2007-03-15 12:13 -------- d-----w- c:\programdata\Microsoft Help 2010-05-30 16:47 . 2008-04-14 18:36 -------- d-----w- c:\users\mowgli95\AppData\Roaming\Uniblue 2010-05-30 15:18 . 2010-04-03 05:58 -------- d-----w- c:\users\mowgli95\AppData\Roaming\OnlineStorage 2010-05-26 17:07 . 2008-11-25 16:01 -------- d-----w- c:\programdata\HP Product Assistant 2010-05-25 11:28 . 2007-08-15 06:53 -------- d-----w- c:\users\mowgli95\AppData\Roaming\OpenOffice.org2 2010-05-15 13:46 . 2010-03-17 19:27 -------- d-----w- c:\users\mowgli95\AppData\Roaming\vlc 2010-05-15 13:46 . 2009-02-14 07:31 -------- d-----w- c:\users\mowgli95\AppData\Roaming\dvdcss 2010-05-12 09:21 . 2009-10-03 17:05 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-02 04:42 . 2009-10-26 17:16 -------- d-----w- c:\users\mowgli95\AppData\Roaming\HpUpdate 2010-04-19 16:12 . 2007-05-19 17:58 131664 ----a-w- c:\users\mowgli95\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-19 14:25 . 2008-07-27 10:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-20 09:55 . 2010-03-20 09:56 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OSDOverLayIcon] @="{8129812F-4AF8-4A47-85A5-D995B505880C}" [HKEY_CLASSES_ROOT\CLSID\{8129812F-4AF8-4A47-85A5-D995B505880C}] 2009-04-16 14:32 53248 ----a-w- d:\mes données\OSDExtension.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "SpriteService"="c:\program files\Sprite Software\Sprite Backup\SpriteService.exe" [2006-08-15 544768] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] "OnlineStorage"="d:\mes données\OrangeDrvHome.exe" [2009-04-16 217088] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-02-06 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272] "NDSTray.exe"="NDSTray.exe" [bU] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 894512] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504] "CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OrangePlayer"="d:\media player\Media Player.exe" [2008-12-02 319488] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, append.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 DirectX common;DirectX common;c:\windows\system32\dxwizard.exe [x] R2 DirectX multi version;DirectX multi version;c:\windows\system32\dxcombin.exe [x] R2 Windows sharing object;Windows sharing object;c:\windows\system32\winvercp.exe [x] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368] R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\common\Database\bin\fbserver.exe [2005-11-17 1527900] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-08-25 685816] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs32.sys [2009-01-21 137384] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/15 13:24];d:\powerdvd9\000.fcl [2009-05-07 19:05 87536] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792] S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI239D.tmp [2009-05-12 189696] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ . Contenu du dossier 'Tâches planifiées' 2010-06-06 c:\windows\Tasks\User_Feed_Synchronization-{DAABF963-70E0-4DAE-9E5A-49A072EE60F7}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.foozir.com/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR LSP: c:\program files\VMware\VMware Player\vsocklib.dll TCP: {FB818685-DB53-4601-80BE-1E9D67220C25} = 192.168.1.1 FF - ProfilePath - c:\users\mowgli95\AppData\Roaming\Mozilla\Firefox\Profiles\po29tz47.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\users\mowgli95\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\divx\DivX Web Player\npdivx32.dll FF - plugin: d:\program files\Netscape6\nppl3260.dll FF - plugin: d:\program files\Netscape6\nprjplug.dll FF - plugin: d:\program files\Netscape6\nprpjplug.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-TOSCDSPD - TOSCDSPD.EXE AddRemove-Cakewalk Guitar Studio 1.0 - d:\Uninst.isu AddRemove-Interactive Repair Manuals - c:\program files\Briggs and Stratton\Manuals\DeIsL1.isu AddRemove-Native Instruments - Rig Kontrol 3 Driver - d:\program files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup AddRemove-Winamp Toolbar for Firefox - c:\users\mowgli95\AppData\Roaming\Mozilla\Firefox\Profiles\kdba8kko.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-06 18:28 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84C531E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x82e61d1f \Driver\ACPI -> acpi.sys @ 0x804479d6 \Driver\atapi -> 0x84c531e8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPDFReadSpool] "ImagePath"="c:\windows\Installer\MSI239D.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\d:\powerdvd9\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:00000020 [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-3940065221-2280737029-732981558-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(5600) d:\mes données\OSDExtension.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\RtHDVCpl.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\windows\system32\vmnat.exe c:\windows\ehome\ehmsas.exe c:\program files\VMware\VMware Player\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\windows\system32\conime.exe c:\program files\Microsoft Security Essentials\MpCmdRun.exe . ************************************************************************** . Heure de fin: 2010-06-06 18:35:16 - La machine a redémarré ComboFix-quarantined-files.txt 2010-06-06 16:35 Avant-CF: 34 201 833 472 octets libres Après-CF: 34 253 787 136 octets libres - - End Of File - - FD2BC726B151652043961F4705411629

Bonjour Thanos, je revien vers toi aprés ces quelques journées pendant lesquelles j'ai franchement galéré!! Impossible d'installer quelque antivirus que ce soit : Avast ; AVG ; AVIRA et autres...... J'ai pratiqué comme tu me le disais dans ton dernier message. As-tu une autre solution que le formatage, car j'ai pas mal de fichiers persos que je voudrais garder A bientôt

Bonjour Thanos, je suis ravi que tu veuilles bien m'aider et t'en remercie par avance. hier soir, j'ai voulu redémarrer et j'ai eu le message "veuillez ne pas éteindre ...... mise à jour 1 de 8" cela a duré jusqu'à ce matin et rien n'a avancé!! Bon c'était pour ton info (moi j'y pige rien) Comme tu me le conseilles, je te transmet les rapports je te souhaites du courage pour digérer tout ça A bientôt Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4166 Windows 6.0.6000 Internet Explorer 7.0.6000.16609 03/06/2010 08:21:10 mbam-log-2010-06-03 (08-21-10).txt Type d'examen: Examen complet (C:\|D:\|H:\|O:\|) Elément(s) analysé(s): 278047 Temps écoulé: 1 heure(s), 47 minute(s), 7 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of random's system information tool 1.07 (written by random/random) Run by mowgli95 at 2010-06-03 18:02:39 Microsoft® Windows Vista™ Édition Familiale Premium System drive C: has 31 GB (32%) free of 95 GB Total RAM: 2046 MB (43% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:02:51, on 03/06/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\CardDetector\ICON225\CardDetector.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\Windows\System32\rundll32.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe D:\mes données\OrangeDrvHome.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\mowgli95\Downloads\RSIT.exe C:\Program Files\trend micro\mowgli95.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.recfree.com/hmpg/search.html?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\Windows\system32\SoftAheadCert.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [OnlineStorage] D:\mes données\OrangeDrvHome.exe -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB818685-DB53-4601-80BE-1E9D67220C25}: NameServer = 192.168.1.1 O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: DirectX common - Unknown owner - C:\Windows\system32\dxwizard.exe (file missing) O23 - Service: DirectX multi version - Unknown owner - C:\Windows\system32\dxcombin.exe (file missing) O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: Lanceur des services Windows Media Center (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Journal d’événements Windows (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Neth - Unknown owner - C:\Windows\system32\netid.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\rapimgr.dll,-104 (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI239D.tmp O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\wcescomm.dll,-40079 (WcesComm) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Collecteur d'événements de Windows (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Win Common module - Unknown owner - C:\Windows\system32\servicemp.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Windows sharing object - Unknown owner - C:\Windows\system32\winvercp.exe (file missing) O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Gestion à distance de Windows (Gestion WSM) (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WinTrust32 - Unknown owner - C:\Windows\system32\wintrust32.exe (file missing) O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 26070 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Uniblue SpyEraser Nag.job C:\Windows\tasks\Uniblue SpyEraser.job C:\Windows\tasks\User_Feed_Synchronization-{DAABF963-70E0-4DAE-9E5A-49A072EE60F7}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}] Download Manager Browser Helper Object - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL [2007-05-21 525792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2}] SACert Class - C:\Windows\system32\SoftAheadCert.dll [2008-01-26 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC41D38F-B56D-40AD-94E0-B493D130C959}] CmjBrowserHelperObject Object - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll [2006-12-14 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-20 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-20 411768] "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-02-06 509496] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-01-17 534648] "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2006-11-01 413696] "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-11-01 438272] "NDSTray.exe"=NDSTray.exe [] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-13 90191] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-13 7766016] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-13 81920] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512] "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024] "Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-02-13 405504] "CardDetectorICON225"=C:\Program Files\CardDetector\ICON225\CardDetector.exe [2007-11-14 278528] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2008-10-29 64048] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-05-07 75048] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-10 1232896] "TOSCDSPD"=TOSCDSPD.EXE [] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "SpriteService"=C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe [2006-08-15 544768] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] "OnlineStorage"=D:\mes données\OrangeDrvHome.exe [2009-04-16 217088] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll, append.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d2ed6bd-3fb7-11dd-b255-0016d4f5fc28}] shell\AutoRun\command - H:\AutoRunCardDetector.exe ======List of files/folders created in the last 1 months====== 2010-06-03 18:02:39 ----D---- C:\rsit 2010-06-03 18:02:39 ----D---- C:\Program Files\trend micro 2010-06-03 05:42:51 ----D---- C:\Program Files\Microsoft Security Essentials 2010-06-02 06:39:32 ----D---- C:\Program Files\Common Files\BitDefender 2010-06-01 20:32:45 ----D---- C:\Users\mowgli95\AppData\Roaming\Malwarebytes 2010-06-01 20:32:36 ----D---- C:\ProgramData\Malwarebytes 2010-06-01 20:32:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-06-01 19:37:36 ----A---- C:\Windows\system32\aswBoot.exe 2010-05-30 19:02:37 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-05-30 17:37:45 ----SHD---- C:\Config.Msi 2010-05-29 07:25:34 ----D---- C:\Users\mowgli95\AppData\Roaming\Icones 2010-05-26 06:09:49 ----D---- C:\ProgramData\Alwil Software ======List of files/folders modified in the last 1 months====== 2010-06-03 18:02:51 ----D---- C:\Windows\Prefetch 2010-06-03 18:02:39 ----D---- C:\Program Files 2010-06-03 18:02:38 ----D---- C:\Windows\Temp 2010-06-03 09:03:50 ----SHD---- C:\System Volume Information 2010-06-03 06:35:05 ----D---- C:\Windows\System32 2010-06-03 06:35:04 ----D---- C:\Windows\inf 2010-06-03 06:35:04 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-06-03 05:43:21 ----SHD---- C:\Windows\Installer 2010-06-03 05:43:05 ----D---- C:\Windows\system32\drivers 2010-06-03 05:43:05 ----D---- C:\Windows\system32\catroot 2010-06-03 05:43:02 ----SD---- C:\ProgramData\Microsoft 2010-06-03 05:36:25 ----D---- C:\ProgramData\VMware 2010-06-02 18:44:57 ----D---- C:\Windows\system32\LogFiles 2010-06-02 18:44:57 ----D---- C:\Windows 2010-06-02 12:20:47 ----D---- C:\Windows\Hewlett-Packard 2010-06-02 06:39:32 ----D---- C:\Program Files\Common Files 2010-06-01 20:45:58 ----D---- C:\Windows\Options 2010-06-01 20:42:44 ----HD---- C:\ProgramData 2010-06-01 20:14:53 ----D---- C:\Program Files\Common Files\microsoft shared 2010-06-01 06:52:13 ----D---- C:\Windows\BDOSCAN8 2010-06-01 05:26:31 ----SD---- C:\Windows\Downloaded Program Files 2010-05-31 20:33:14 ----AD---- C:\ProgramData\TEMP 2010-05-30 18:47:13 ----D---- C:\Users\mowgli95\AppData\Roaming\Uniblue 2010-05-30 18:14:36 ----D---- C:\Windows\system32\catroot2 2010-05-30 18:07:07 ----D---- C:\Program Files\Mozilla Firefox 2010-05-30 17:32:30 ----D---- C:\Windows\Minidump 2010-05-30 17:18:39 ----D---- C:\Windows\Tasks 2010-05-30 17:18:39 ----D---- C:\Program Files\Alwil Software 2010-05-30 17:18:38 ----D---- C:\Windows\system32\spool 2010-05-30 17:18:38 ----D---- C:\Users\mowgli95\AppData\Roaming\OnlineStorage 2010-05-30 17:18:38 ----D---- C:\Program Files\Internet Explorer 2010-05-26 20:41:14 ----D---- C:\Users\mowgli95\AppData\Roaming\Adobe 2010-05-26 19:08:51 ----D---- C:\Windows\system32\wbem 2010-05-26 19:07:49 ----D---- C:\Windows\system32\config 2010-05-26 19:07:30 ----D---- C:\ProgramData\HP Product Assistant 2010-05-26 19:07:28 ----D---- C:\Windows\registration 2010-05-26 18:14:47 ----D---- C:\Windows\system32\Tasks 2010-05-25 13:28:13 ----D---- C:\Users\mowgli95\AppData\Roaming\OpenOffice.org2 2010-05-15 15:46:48 ----D---- C:\Users\mowgli95\AppData\Roaming\vlc 2010-05-15 15:46:07 ----D---- C:\Users\mowgli95\AppData\Roaming\dvdcss 2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CbFs;CbFs; \??\C:\Windows\system32\drivers\cbfs32.sys [2009-01-21 137384] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-12-02 149040] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/15 13:24:13]; \??\D:\PowerDVD9\000.fcl [2009-05-07 87536] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-29 32304] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-29 54960] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-29 26288] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-29 857392] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2008-10-02 22448] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-14 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632] R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2007-09-05 92544] R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-13 4452288] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 59392] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-06-13 82432] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128] R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] R3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-26 17712] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-29 23216] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 ag3btj4b;ag3btj4b; C:\Windows\system32\drivers\ag3btj4b.sys [] S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456] S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584] S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 GT72NDISIPXP;GT 72 IP NDIS; C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744] S3 GT72UBUS;GT 72 U BUS; C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968] S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-13 8064] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [] S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216] S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [] S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-09-07 23600] S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-07-09 39424] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392] S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-02-13 65536] R2 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2009-04-27 271760] R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\Windows\Installer\MSI239D.tmp [2009-05-12 189696] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-20 428152] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2008-10-29 113200] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-29 326192] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-29 399920] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 DirectX common;DirectX common; C:\Windows\system32\dxwizard.exe [] S2 DirectX multi version;DirectX multi version; C:\Windows\system32\dxcombin.exe [] S2 Neth;Neth; C:\Windows\system32\netid.exe [] S2 Win Common module;Win Common module; C:\Windows\system32\servicemp.exe [] S2 Windows sharing object;Windows sharing object; C:\Windows\system32\winvercp.exe [] S2 WinTrust32;WinTrust32; C:\Windows\system32\wintrust32.exe [] S3 aawservice;Lavasoft Ad-Aware Service; D:\aawservice.exe [2008-07-20 611664] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-02-16 72704] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:\acid pro\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:\acid pro\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2008-10-02 191024] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Common\Database\bin\fbserver.exe [2005-11-17 1527900] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-06-03 18:02:58 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->D:\DivX\DivXConverterUninstall.exe /CONVERTER µTorrent-->"D:\Program Files\uninstall.exe" 1.0-->"D:\The Tetris Game\unins000.exe" 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA} 7-Zip 4.57-->"D:\7-Zip\Uninstall.exe" Able2Extract v6.0-->D:\Uninstal.exe Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101} Adobe InDesign CS4-->C:\Program Files\Common Files\Adobe\Installers\1710d324011afc3e7658e969025f4ba\Setup.exe --uninstall=1 Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D} Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Adobe Setup-->MsiExec.exe /I{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101} Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{265E7080-E2C4-4D6C-B893-F20EA1E61985}\Setup.exe" -l0x40c Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB0E8D21-E9DA-4459-8D75-1B00A72573A8}\Setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} BitDownload version 3.2.0.0-->"D:\BitDownload\unins000.exe" BitTorrent 4.26.0-->"C:\Program Files\BitTorrent\uninstall.exe" Bluetooth Monitor 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61539202-097E-487E-9237-B291AB56D54C}\setup.exe" -l0x9 -removeonly Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Cakewalk Guitar Studio 1.0-->C:\Windows\IsUninst.exe -fd:\Uninst.isu Camera Assistant Software for Toshiba-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x40c Card Detector for Option Icon 225-->C:\Program Files\CardDetector\ICON225\CardDetectorSetup.exe -u CCleaner (remove only)-->"D:\CCleaner\uninst.exe" Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Cogniview PDF2XL OCR Evaluation-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4BE1E111-4580-41BE-899F-60B5DC1DB2EA} Cubase VST 24 v3.70-->C:\Windows\UNWISE.EXE D:\audio\STEINB~1\CUBASE~1\INSTALL.LOG CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall dBpoweramp FLAC Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat dBpowerAMP Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E} DivX Codec-->D:\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->D:\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->D:\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->D:\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->D:\DivX\DivXWebPlayerUninstall.exe /PLUGIN doPDF 6.1 printer-->"D:\doPDF 6\unins000.exe" EA SPORTS online 2007-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe Favorit-->c:\users\mowgli95\appdata\local\eclcaj.bat ffdshow-->"D:\ffdshow\uninstall.exe" Firebird SQL Server - MAGIX Edition 2.0.0.1 (UK)-->D:\Common\Database\uninstall.exe FreeMind-->"D:\FreeMind\unins000.exe" Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917} HijackThis 2.0.2-->"C:\Users\mowgli95\Downloads\HijackThis.exe" /uninstall HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Interactive Repair Manuals-->C:\Windows\uninst.exe -f"C:\Program Files\Briggs and Stratton\Manuals\DeIsL1.isu" -c"C:\Program Files\Briggs and Stratton\Manuals\_ISREG32.DLL" Internet Everywhere-->C:\Program Files\Orange\IEWInternet\installation\core\Installgui.exe -u iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} LimeWire 4.16.6-->"D:\LimeWire\uninstall.exe" Magic ISO Maker v5.4 (build 0247)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG Magic ISO Maker v5.4 (build 0251)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG MagicDisc 2.5.79-->D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG MAGIX Music Maker Basic Edition 12.1.0.3 (UK)-->D:\Program Files\instslct.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player-->"D:\Media Player\uninstall.exe" mes données 1.2.1.9-->D:\mes données\uninst.exe Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9} Microsoft Antimalware-->MsiExec.exe /X{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Mobile 6.1-->MsiExec.exe /I{0428A339-FB43-45C4-A17F-D20FB064611F} Microsoft Office Outlook 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Photo 2006 Starter Edition-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12 Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mindjet MindManager Pro 6 Admin-->MsiExec.exe /I{1C34F272-40C5-409E-8599-C230C0D7BCC1} Movavi Video Converter 6-->MsiExec.exe /I{0D6EDECD-7523-4E74-BE25-4E1BFC073242} Movavi VideoSuite 4.4-->C:\Program Files\Movavi VideoSuite 4.4\uninst.exe Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe Native Instruments - Rig Kontrol 3 Driver-->D:\Program Files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup Native Instruments Service Center-->D:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe OpenOffice.org 2.2-->MsiExec.exe /I{419805D6-75A0-4981-BC8F-9FF97EC6B03A} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Pacific Fighters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E149E957-F289-45E3-8645-1794A173F5AB} /l1036 PDFCreator-->D:\PDFCreator\unins000.exe Pixie 1.4.1-->D:\Pixie\unins000.exe Podmailing Beta 0.9.5-->C:\Program Files\Podmailing\uninstall.exe PrestoNotes-->D:\UnInstall_24475.exe Quartz Studio Free-->C:\Windows\unin040c.exe -fd:\DeIsL1.isu -cd:\_ISREG32.DLL QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x40c Satellite-->C:\WINDOWS\st6unst.exe -n "d:\ST6UNST.000" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Solid Converter PDF-->MsiExec.exe /I{56BFAA6E-2BCC-4AED-9233-84731E66B205} SONAR 7 Producer Edition Trial-->"C:\Program Files\Cakewalk\SONAR 7 Producer Edition Trial\unins000.exe" Sony ACID Pro 5.0-->MsiExec.exe /X{76902AF9-DA86-419D-B533-077643124722} Sprite Backup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}\setup.exe" -l0x40c Steinberg LM4 - ZONE-->C:\PROGRA~1\VSTPLU~1\LM4-UN~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\LM4-UN~1\INSTALL.LOG Streamripper Plugin 1.62.2 (Remove only)-->D:\Winamp\streamripper_uninstall.exe Studio365-Loader-->D:\PROGRA~1\Live365\loader\UNWISE.EXE D:\PROGRA~1\Live365\loader\INSTALL.LOG Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TELL ME MORE-->"D:\Bin\unsetup.exe" -file "D:\unsetup.aui" TempsInternet-->C:\WINDOWS\st6unst.exe -n "D:\ST6UNST.LOG" TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U Tetris-->"D:\Tetris\unins000.exe" Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x040c Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Tomtomax Maxi-Box V2.0.20-->"D:\Tomtomax Maxi-Box\unins000.exe" ToolBook II 6.1 Runtime Files-->C:\Windows\uninst.exe -f"C:\Program Files\Asymetrix\Shared Tools\TBSystem\DeIsL1.isu" -c"C:\Program Files\Asymetrix\Shared Tools\TBSystem\_ISREG32.DLL" TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x40c TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x040cuninstall -removeonly TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x040c TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E} TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036 TOSHIBA Mot de passe responsable-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036 Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x040c -removeonly TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7} TOSHIBA Software Modem-->Tosmreg -U TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x040c TotalPDFConverter-->"D:\Total PDF Converter\unins000.exe" Trojan Remover 6.8.1-->"D:\Trojan Remover\unins000.exe" Update for Office 2007 (KB932080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb944965)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1} Update for Word 2007 (KB934173)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VDownloader 0.75-->"D:\VDOWNLOADER\unins000.exe" VLC media player 1.0.5-->D:\VLC\uninstall.exe VMware DiskManager GUI 0.9-->C:\Program Files\RDPSoftware\VMware\VMware DiskManager GUI\uninst.exe VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405} VOB2MPG v3-->MsiExec.exe /I{52053836-9B3B-4223-816E-19B257545CCA} Winamp Toolbar for Firefox-->"C:\Users\mowgli95\AppData\Roaming\Mozilla\Firefox\Profiles\kdba8kko.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe" Winamp-->"D:\Winamp\UninstWA.exe" WinAVI Video Converter 8.0-->"D:\WinAVI Video Converter\unins000.exe" Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c XitNotes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4120315D-0E5D-4963-B2AC-A0AC9945C078}\setup.exe" -l0x9 -removeonly Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe" YASA Video Converter v3.4 (build 0065)-->D:\PROGRA~1\YASAVI~1\UNWISE.EXE D:\PROGRA~1\YASAVI~1\INSTALL.LOG ======Security center information====== AV: Microsoft Security Essentials (outdated) AS: Microsoft Security Essentials (outdated) AS: Windows Defender ======System event log====== Computer Name: PC-de-mowgli95 Event Code: 7023 Message: Le service Programme d’installation de modules Windows s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 1268636 Source Name: Service Control Manager Time Written: 20100603160054.000000-000 Event Type: Erreur User: Computer Name: PC-de-mowgli95 Event Code: 7023 Message: Le service Programme d’installation de modules Windows s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 1268638 Source Name: Service Control Manager Time Written: 20100603160124.000000-000 Event Type: Erreur User: Computer Name: PC-de-mowgli95 Event Code: 7023 Message: Le service Programme d’installation de modules Windows s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 1268640 Source Name: Service Control Manager Time Written: 20100603160154.000000-000 Event Type: Erreur User: Computer Name: PC-de-mowgli95 Event Code: 7023 Message: Le service Programme d’installation de modules Windows s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 1268642 Source Name: Service Control Manager Time Written: 20100603160224.000000-000 Event Type: Erreur User: Computer Name: PC-de-mowgli95 Event Code: 7023 Message: Le service Programme d’installation de modules Windows s'est arrêté avec l'erreur : Le module spécifié est introuvable. Record Number: 1268644 Source Name: Service Control Manager Time Written: 20100603160254.000000-000 Event Type: Erreur User: =====Application event log===== Computer Name: PC-de-mowgli95 Event Code: 33 Message: La création du contexte d’activation a échoué pour « C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll ». Assembly dépendant Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Record Number: 60653 Source Name: SideBySide Time Written: 20100602172127.000000-000 Event Type: Erreur User: Computer Name: PC-de-mowgli95 Event Code: 33 Message: La création du contexte d’activation a échoué pour « C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll ». Assembly dépendant Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Record Number: 60654 Source Name: SideBySide Time Written: 20100602172127.000000-000 Event Type: Erreur User: Computer Name: PC-de-mowgli95 Event Code: 11935 Message: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, component: {A75F2217-AD54-3EA6-AE14-F255F8660531} Record Number: 60658 Source Name: MsiInstaller Time Written: 20100602173737.000000-000 Event Type: Erreur User: PC-de-mowgli95\mowgli95 Computer Name: PC-de-mowgli95 Event Code: 1530 Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3940065221-2280737029-732981558-1000: Process 292 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3940065221-2280737029-732981558-1000 Record Number: 60667 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100602194532.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-mowgli95 Event Code: 1002 Message: Le programme msseces.exe version 1.0.1961.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1618 Heure de début : 01cb02ceefb6f737 Heure de fin : 6 Record Number: 60712 Source Name: Application Hang Time Written: 20100603042456.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: PC-de-mowgli95 Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MOWGLI95$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2f8 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 2535225 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100601140125.318871-000 Event Type: Succès de l'audit User: Computer Name: PC-de-mowgli95 Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 2535226 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100601140125.318871-000 Event Type: Succès de l'audit User: Computer Name: PC-de-mowgli95 Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MOWGLI95$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x2f8 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 2535227 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100601140155.328871-000 Event Type: Succès de l'audit User: Computer Name: PC-de-mowgli95 Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MOWGLI95$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2f8 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 2535228 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100601140155.328871-000 Event Type: Succès de l'audit User: Computer Name: PC-de-mowgli95 Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 2535229 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100601140155.328871-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL;%PIXIEHOME%\bin;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0f02 "NUMBER_OF_PROCESSORS"=2 "PIXIEHOME"=D:\Pixie "SHADERS"=%PIXIEHOME%\shaders "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF-----------------

Bonsoir, je n'arrive palus à installer un antivirus sur mon ordi. j'ai essayer de mettre la dernière version d'Avast car ma version arrivait à terme et depuis je suis franchement dans la galère. Ni Avast, ni AVG, ni Bitdefender ne s'installent. A tout hasard je joint un rapport Hijackthis pour peut-etre quelqu'un m'aide à remettre un AV sur mon PC. merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:38:55, on 02/06/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\CardDetector\ICON225\CardDetector.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\VMware\VMware Player\hqtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe D:\mes données\OrangeDrvHome.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\mowgli95\Downloads\setup_av_free_fre(3).exe C:\Users\mowgli95\AppData\Local\Temp\_av_sfx.tm~a04416\avast.setup C:\Program Files\Alwil Software\Avast5\vcredist_x86_SP1.exe f:\8da607bc3a2a12ce9a3dd6514e24\install.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\mowgli95\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.recfree.com/hmpg/search.html?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\Windows\system32\SoftAheadCert.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [OnlineStorage] D:\mes données\OrangeDrvHome.exe -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB818685-DB53-4601-80BE-1E9D67220C25}: NameServer = 192.168.1.1 O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DirectX common - Unknown owner - C:\Windows\system32\dxwizard.exe (file missing) O23 - Service: DirectX multi version - Unknown owner - C:\Windows\system32\dxcombin.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Neth - Unknown owner - C:\Windows\system32\netid.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI239D.tmp O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: Win Common module - Unknown owner - C:\Windows\system32\servicemp.exe (file missing) O23 - Service: Windows sharing object - Unknown owner - C:\Windows\system32\winvercp.exe (file missing) O23 - Service: WinTrust32 - Unknown owner - C:\Windows\system32\wintrust32.exe (file missing) -- End of file - 11894 bytes