11gatsu

Après le scan de Malwarebytes, j'ai fait un redémarrage en mode normal : plus d'infection apparente (plus d'icône de Security Tool en bas à droite, plus de fenêtre intempestive, etc.). J'ai donc l'impression que le problème est réglé. Y-a-t'il quand même d'autres étapes de nettoyage à faire ou est-ce que je peux passer le sujet en résolu ? @+

Merci pour cette réponse rapide. J'ai eu quelques soucis en suivant la procédure : - apparemment, il n'est plus posible de télécharger Rogue Remover à partir du site. Du coup j'ai sauté cette étape. - aucun lien pour rkill ne fonctionne. Heureusement, je l'avais récupéré par un autre moyen. Mais vu le log que ça me sort, je suis pas sûr que ça ai marché (voir à la fin du message) Merci de me dire s'il faut recommencer certaines étapes. @+ Voici les logs : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4699 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18943 26/09/2010 21:56:57 mbam-log-2010-09-26 (21-56-57).txt Type d'examen: Examen rapide Elément(s) analysé(s): 135404 Temps écoulé: 4 minute(s), 13 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\80614 (Malware.Packer.Gen) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Lionel\AppData\Local\80614.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Lionel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Lionel on 26/09/2010 at 21:48:25. Services Stopped: Processes terminated by Rkill or while it was running: C:\Users\Lionel\Desktop\softs\Internet\rkill.com Rkill completed on 26/09/2010 at 21:48:26.

Bonjour, Mon PC vient d'être infecté par Security Tool. J'ai plein de fenêtres intempestives qui s'ouvrent. Au bout d'un moment, la souris finit aussi par se bloquer parfois. J'ai voulu faire des scans des disques, mais j'ai l'impression que Security Tool me bloque tous les logiciels d'antivirus. Quelqu'un peut-il m'aider ? Merci.

Bonjour, Je poste ce message dans "analyse et éradication malwares" car il fait suite à la désinfection de Antimalware Doctor sur mon ordi la semaine dernière (même si je suis pas sûr que ça ait vraiment un lien). En effet, j'ai remarqué que mon ordi ramait un peu depuis et en allant voir les processus windows, horreur ! : presque 80 processus qui tournent en même temps. J'y connais pas grand chose, mais ça me paraît quand même trop. Y-a-t'il un moyen de savoir si c'est encore dû à une infection ? Comment faire pour tourner avec le minimum de processus nécessaires ? Ci-après la liste des processus. Si quelqu'un peut me renseigner ... A bientôt. ACEngSvr.exe ACMON.exe ADSMSrv.exe ADSMTray.exe alg.exe ALU.exe AsLdrSrv.exe ASPG.exe AsScrPro.exe ATKOSD.exe ATKOSD2.exe audiodg.exe avgnsx.exe avgrsx.exe avgtray.exe avgwdsvc.exe BatteryLife.exe BTStackServer.exe BTTray.exe btwdins.exe CLMLSvc.exe csrss.exe (x2) CTAudSvc.exe DMedia.exe dwm.exe ehmsas.exe ehtray.exe explorer.exe firefox.exe GFNEXSrv.exe HControl.exe HControlUser.exe KBFiltr.exe lsass.exe lsm.exe LSSrvc.exe MSASCui.exe MsgTranAgt.exe nvvsvc.exe Processus inactif du système RtHDVCpl.exe rundll32.exe (x2) SearchIndexer.exe sensorsrv.exe services.exe SLsvc.exe smss.exe spoolsv.exe svchost.exe (x 14) SynTPEnh.exe SynTPHelper.exe System taskeng.exe (x3) taskmgr upeksvr.exe VolPanlu.exe wcourier.exe WDC.exe wininit.exe winlogon.exe wlanext.exe

Salut ! Tout fonctionne normalement depuis la désinfection du PC. Je viens de faire la désinstallation de ComboFix et un coup de HijackThis. Je te copie le log juste après. à+ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:28, on 17/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program files\P4G\BatteryLife.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Users\Lionel\Desktop\softs\Internet\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: FancyStart daemon.lnk = ? O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: http://www.01net.com O15 - Trusted Zone: http://www.any-video-converter.com O15 - Trusted Zone: mirror.ibcp.fr O15 - Trusted Zone: http://www.miktex.org O15 - Trusted Zone: http://www.python.org O15 - Trusted Zone: http://www.sciencedirect.com O15 - Trusted Zone: http://downloads.sourceforge.net O15 - Trusted Zone: http://*.sourceforge.net O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative HOAL Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6539 bytes

Bonsoir, Bon, tout à l'air de fonctionner normalement depuis hier. Plus de "Antimalware Doctor" à l'horizon. Plus de "Rundll" au démarrage. Tout baigne !! Merci beaucoup Thanos pour ton aide. Je sais vraiment pas comment je m'en serais sorti tout seul. Merci encore.

Re-bonjour ! J'ai fait la manip' avec ComboFix. Je copie ci-après le log. Mais juste quelques éléments avant ça : - AVG (ou plutôt une fenêtre de "bouclier résident") n'a pas arrêté de me sortir des messages d'erreurs à propos de trois fichiers dll (du type "xxxyya.dll"). Je savais pas trop quoi faire donc j'ai fais "fermer" à chaque fois (et pas "supprimer") - Windows a eu la très bonne idée de vouloir faire une mise à jour pendant que ComboFix tournait. Du coup, quand ComboFix a fait redémarrer l'ordi, je crois que Windows a essayé de faire des installations. J'espère que ça n'a pas compromis la manip'. - à la fin du scan de ComboFix, y'a plein de fenêtres d'erreur qui se sont ouvertes sans s'arrêter, jusqu'à ce que ComboFix fasse redémarrer l'ordi. - après le redémarrage, ComboFix a généré le log. J'ai simplement pu l'enregistrer, puis le fermer. Après plus rien ne marchait (j'ai voulu lancer Mozilla et IE, mais ça me mettait un message d'erreur). Du coup j'ai fait redémarrer l'ordi. Maintenant, ça a l'air de fonctionner normalement (je n'ai plus eu les erreurs de Rundll à l'ouverture de la session). Voilà. J'espère ne pas avoir fait de bêtise. Maintenant le log : ComboFix 10-06-13.04 - Lionel 14/06/2010 18:29:18.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1774 [GMT 2:00] Lancé depuis: c:\users\Lionel\Desktop\11gatsu.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6 c:\users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\enemies-names.txt c:\users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\local.ini c:\users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\lsrslt.ini c:\windows\system32\deezer.flv c:\windows\system32\tmpDF77.flv ----- Cloneurs de fichier ----- c:\program files\MiKTeX 2.8\miktex\bin\afm2afm.exe c:\program files\MiKTeX 2.8\miktex\bin\authorindex.exe c:\program files\MiKTeX 2.8\miktex\bin\autoinst.exe c:\program files\MiKTeX 2.8\miktex\bin\bdftops.exe c:\program files\MiKTeX 2.8\miktex\bin\bib2xhtml.exe c:\program files\MiKTeX 2.8\miktex\bin\bibhtml.exe c:\program files\MiKTeX 2.8\miktex\bin\biokey2html.exe c:\program files\MiKTeX 2.8\miktex\bin\biokey2html1.exe c:\program files\MiKTeX 2.8\miktex\bin\biokey2html2.exe c:\program files\MiKTeX 2.8\miktex\bin\biokey2html3.exe c:\program files\MiKTeX 2.8\miktex\bin\birm.exe c:\program files\MiKTeX 2.8\miktex\bin\cmap2enc.exe c:\program files\MiKTeX 2.8\miktex\bin\config.exe c:\program files\MiKTeX 2.8\miktex\bin\csvtools.exe c:\program files\MiKTeX 2.8\miktex\bin\cyrename.exe c:\program files\MiKTeX 2.8\miktex\bin\dbcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\dblatex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmmex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmtex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbmxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbtex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\dbxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\dbxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\dumphint.exe c:\program files\MiKTeX 2.8\miktex\bin\eps2eps.exe c:\program files\MiKTeX 2.8\miktex\bin\escontext.exe c:\program files\MiKTeX 2.8\miktex\bin\eslatex.exe c:\program files\MiKTeX 2.8\miktex\bin\esmex.exe c:\program files\MiKTeX 2.8\miktex\bin\estex.exe c:\program files\MiKTeX 2.8\miktex\bin\estexi.exe c:\program files\MiKTeX 2.8\miktex\bin\esxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\esxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\feynmf.exe c:\program files\MiKTeX 2.8\miktex\bin\fig4latex.exe c:\program files\MiKTeX 2.8\miktex\bin\findhyph.exe c:\program files\MiKTeX 2.8\miktex\bin\fixmswrd.exe c:\program files\MiKTeX 2.8\miktex\bin\fixwada2.exe c:\program files\MiKTeX 2.8\miktex\bin\font2afm.exe c:\program files\MiKTeX 2.8\miktex\bin\font2c.exe c:\program files\MiKTeX 2.8\miktex\bin\gsbj.exe c:\program files\MiKTeX 2.8\miktex\bin\gsdj.exe c:\program files\MiKTeX 2.8\miktex\bin\gsdj500.exe c:\program files\MiKTeX 2.8\miktex\bin\gslj.exe c:\program files\MiKTeX 2.8\miktex\bin\gslp.exe c:\program files\MiKTeX 2.8\miktex\bin\gsnd.exe c:\program files\MiKTeX 2.8\miktex\bin\gsndt.exe c:\program files\MiKTeX 2.8\miktex\bin\gssetgs.exe c:\program files\MiKTeX 2.8\miktex\bin\gst.exe c:\program files\MiKTeX 2.8\miktex\bin\gstt.exe c:\program files\MiKTeX 2.8\miktex\bin\ht.exe c:\program files\MiKTeX 2.8\miktex\bin\htcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\htlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\htmex.exe c:\program files\MiKTeX 2.8\miktex\bin\httex.exe c:\program files\MiKTeX 2.8\miktex\bin\httexi.exe c:\program files\MiKTeX 2.8\miktex\bin\htxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\htxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\ibyhyph.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1context.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1latex.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1mex.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1tex.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1texi.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1xelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jh1xetex.exe c:\program files\MiKTeX 2.8\miktex\bin\jhcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\jhlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jhmex.exe c:\program files\MiKTeX 2.8\miktex\bin\jhtex.exe c:\program files\MiKTeX 2.8\miktex\bin\jhtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\jhxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jhxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\jmcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\jmlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jmmex.exe c:\program files\MiKTeX 2.8\miktex\bin\jmtex.exe c:\program files\MiKTeX 2.8\miktex\bin\jmtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\jmxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jmxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\jscontext.exe c:\program files\MiKTeX 2.8\miktex\bin\jslatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jsmex.exe c:\program files\MiKTeX 2.8\miktex\bin\jstex.exe c:\program files\MiKTeX 2.8\miktex\bin\jstexi.exe c:\program files\MiKTeX 2.8\miktex\bin\jsxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\jsxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\latexdiff-fast.exe c:\program files\MiKTeX 2.8\miktex\bin\latexdiff-so.exe c:\program files\MiKTeX 2.8\miktex\bin\latexdiff-vc.exe c:\program files\MiKTeX 2.8\miktex\bin\latexdiff.exe c:\program files\MiKTeX 2.8\miktex\bin\latexmk.exe c:\program files\MiKTeX 2.8\miktex\bin\latexrevise.exe c:\program files\MiKTeX 2.8\miktex\bin\lp386.exe c:\program files\MiKTeX 2.8\miktex\bin\lp386r2.exe c:\program files\MiKTeX 2.8\miktex\bin\lpgs.exe c:\program files\MiKTeX 2.8\miktex\bin\lpr2.exe c:\program files\MiKTeX 2.8\miktex\bin\makeglossaries.exe c:\program files\MiKTeX 2.8\miktex\bin\makeuniwada.exe c:\program files\MiKTeX 2.8\miktex\bin\merge.exe c:\program files\MiKTeX 2.8\miktex\bin\mk4ht.exe c:\program files\MiKTeX 2.8\miktex\bin\mkmlsmf.exe c:\program files\MiKTeX 2.8\miktex\bin\mkt1font.exe c:\program files\MiKTeX 2.8\miktex\bin\mm.exe c:\program files\MiKTeX 2.8\miktex\bin\mzcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\mzlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\mzmex.exe c:\program files\MiKTeX 2.8\miktex\bin\mztex.exe c:\program files\MiKTeX 2.8\miktex\bin\mztexi.exe c:\program files\MiKTeX 2.8\miktex\bin\mzxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\mzxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\nts.exe c:\program files\MiKTeX 2.8\miktex\bin\oocontext.exe c:\program files\MiKTeX 2.8\miktex\bin\oolatex.exe c:\program files\MiKTeX 2.8\miktex\bin\oomex.exe c:\program files\MiKTeX 2.8\miktex\bin\ootex.exe c:\program files\MiKTeX 2.8\miktex\bin\ootexi.exe c:\program files\MiKTeX 2.8\miktex\bin\ooxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\ooxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\orderrefs.exe c:\program files\MiKTeX 2.8\miktex\bin\ot2kpx.exe c:\program files\MiKTeX 2.8\miktex\bin\pdf2dsc.exe c:\program files\MiKTeX 2.8\miktex\bin\pdf2ps.exe c:\program files\MiKTeX 2.8\miktex\bin\pdfatfi.exe c:\program files\MiKTeX 2.8\miktex\bin\pdfcrop.exe c:\program files\MiKTeX 2.8\miktex\bin\pdfopt.exe c:\program files\MiKTeX 2.8\miktex\bin\pedigree.exe c:\program files\MiKTeX 2.8\miktex\bin\perltex.exe c:\program files\MiKTeX 2.8\miktex\bin\pf2afm.exe c:\program files\MiKTeX 2.8\miktex\bin\pfbtopfa.exe c:\program files\MiKTeX 2.8\miktex\bin\pfm2kpx.exe c:\program files\MiKTeX 2.8\miktex\bin\pftogsf.exe c:\program files\MiKTeX 2.8\miktex\bin\plind.exe c:\program files\MiKTeX 2.8\miktex\bin\pn2pdf.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2ascii.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2epsi.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2pdf.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2pdf12.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2pdf13.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2pdf14.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2pdfxx.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2ps.exe c:\program files\MiKTeX 2.8\miktex\bin\ps2ps2.exe c:\program files\MiKTeX 2.8\miktex\bin\ps4pdf.exe c:\program files\MiKTeX 2.8\miktex\bin\pst2pdf.exe c:\program files\MiKTeX 2.8\miktex\bin\rcsinfo.exe c:\program files\MiKTeX 2.8\miktex\bin\runbat.exe c:\program files\MiKTeX 2.8\miktex\bin\runperl.exe c:\program files\MiKTeX 2.8\miktex\bin\showglyphs.exe c:\program files\MiKTeX 2.8\miktex\bin\splitindex.exe c:\program files\MiKTeX 2.8\miktex\bin\svn-multi.exe c:\program files\MiKTeX 2.8\miktex\bin\teicontext.exe c:\program files\MiKTeX 2.8\miktex\bin\teilatex.exe c:\program files\MiKTeX 2.8\miktex\bin\teimcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\teimex.exe c:\program files\MiKTeX 2.8\miktex\bin\teimlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\teimmex.exe c:\program files\MiKTeX 2.8\miktex\bin\teimtex.exe c:\program files\MiKTeX 2.8\miktex\bin\teimtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\teimxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\teimxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\teitex.exe c:\program files\MiKTeX 2.8\miktex\bin\teitexi.exe c:\program files\MiKTeX 2.8\miktex\bin\teixelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\teixetex.exe c:\program files\MiKTeX 2.8\miktex\bin\texcount.exe c:\program files\MiKTeX 2.8\miktex\bin\texdiff.exe c:\program files\MiKTeX 2.8\miktex\bin\texdirflatten.exe c:\program files\MiKTeX 2.8\miktex\bin\texshow.exe c:\program files\MiKTeX 2.8\miktex\bin\thumbpdf.exe c:\program files\MiKTeX 2.8\miktex\bin\urlbst.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhmex.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhtex.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\uxhxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\vpl2ovp.exe c:\program files\MiKTeX 2.8\miktex\bin\vpl2vpl.exe c:\program files\MiKTeX 2.8\miktex\bin\wcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\wlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\wmakebat.exe c:\program files\MiKTeX 2.8\miktex\bin\wmex.exe c:\program files\MiKTeX 2.8\miktex\bin\wtex.exe c:\program files\MiKTeX 2.8\miktex\bin\wtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\wxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\wxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\xdv2pdf_mergemarks.exe c:\program files\MiKTeX 2.8\miktex\bin\xhcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\xhlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmcontext.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmlatex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmmex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmtex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhmxetex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhtex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhtexi.exe c:\program files\MiKTeX 2.8\miktex\bin\xhxelatex.exe c:\program files\MiKTeX 2.8\miktex\bin\xhxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\cyrename.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkmlsmf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe c:\users\Lionel\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe . ----- BITS: Il y a peut-être des sites infectés ----- hxxp://solaruploader.net . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-14 au 2010-06-14 )))))))))))))))))))))))))))))))))))) . 2010-06-14 16:38 . 2010-06-14 16:52 -------- d-----w- c:\users\Lionel\AppData\Local\temp 2010-06-14 16:38 . 2010-06-14 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-13 23:17 . 2010-06-13 23:17 -------- d-----w- c:\program files\trend micro 2010-06-13 23:17 . 2010-06-13 23:17 -------- d-----w- C:\rsit 2010-06-13 20:21 . 2010-06-13 20:21 -------- d-----w- c:\users\Lionel\AppData\Roaming\Malwarebytes 2010-06-13 20:20 . 2010-06-13 20:20 -------- d-----w- c:\programdata\Malwarebytes 2010-06-13 20:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-13 20:20 . 2010-06-13 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-13 20:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-13 18:25 . 2010-06-13 18:27 -------- d-----w- c:\windows\system32\ca-ES 2010-06-13 18:25 . 2010-06-13 18:27 -------- d-----w- c:\windows\system32\eu-ES 2010-06-13 18:25 . 2010-06-13 18:26 -------- d-----w- c:\windows\system32\vi-VN 2010-06-04 19:35 . 2010-06-08 19:47 -------- d-----w- c:\temp\[Taiicho]_Kimi_ga_Aruji_de_Shitsuji_ga_Ore_de 2010-05-31 20:39 . 2010-05-31 20:39 -------- d-----w- c:\users\Lionel\Calvin 2010-05-31 08:53 . 2010-05-31 08:53 4846 ----a-r- c:\users\Lionel\AppData\Roaming\Microsoft\Installer\{6FB158D3-5E25-4C5F-B358-FE36CF92DF74}\_676d113e.exe 2010-05-31 08:53 . 2010-05-31 08:53 4846 ----a-r- c:\users\Lionel\AppData\Roaming\Microsoft\Installer\{6FB158D3-5E25-4C5F-B358-FE36CF92DF74}\_496326b1.exe 2010-05-31 08:53 . 2010-05-31 08:53 4846 ----a-r- c:\users\Lionel\AppData\Roaming\Microsoft\Installer\{6FB158D3-5E25-4C5F-B358-FE36CF92DF74}\_46261cdf.exe 2010-05-31 08:53 . 2010-05-31 08:53 4846 ----a-r- c:\users\Lionel\AppData\Roaming\Microsoft\Installer\{6FB158D3-5E25-4C5F-B358-FE36CF92DF74}\_27dae29.exe 2010-05-31 08:53 . 2010-05-31 08:53 4846 ----a-r- c:\users\Lionel\AppData\Roaming\Microsoft\Installer\{6FB158D3-5E25-4C5F-B358-FE36CF92DF74}\_246264e0.exe 2010-05-31 08:53 . 2010-05-31 08:53 -------- d-----w- c:\program files\NB Soft 2010-05-26 18:28 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-14 16:53 . 2009-03-07 20:02 148006 ----a-w- c:\programdata\nvModes.dat 2010-06-14 16:52 . 2009-03-06 18:27 45056 ----a-w- c:\windows\system32\acovcnt.exe 2010-06-14 16:46 . 2008-04-16 11:16 672322 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-14 16:46 . 2008-04-16 11:16 124434 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-14 16:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-06-14 16:40 . 2009-05-17 13:41 -------- d-----w- c:\programdata\avg8 2010-06-14 16:39 . 2009-02-17 03:03 12 ----a-w- c:\windows\bthservsdp.dat 2010-06-14 16:39 . 2010-06-14 16:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-06-14 16:39 . 2010-06-14 16:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-06-13 18:40 . 2009-07-18 13:57 -------- d-----w- c:\program files\M-Audio 2010-06-13 18:40 . 2009-02-17 03:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-13 18:39 . 2009-03-18 20:51 -------- d-----w- c:\program files\Azureus 2010-06-13 18:34 . 2009-02-17 05:57 -------- d-----w- c:\programdata\NVIDIA 2010-06-13 18:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-06-13 18:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-13 18:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-06-13 18:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-06-13 18:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-06-13 18:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-06-13 18:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-06-13 16:55 . 2010-01-16 09:14 -------- d-----w- c:\users\Lionel\AppData\Roaming\vlc 2010-06-13 08:25 . 2009-02-17 03:09 -------- d-----w- c:\programdata\Microsoft Help 2010-05-26 17:06 . 2010-06-12 13:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-12 13:00 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-25 16:08 . 2009-03-22 19:42 -------- d-----w- c:\users\Lionel\AppData\Roaming\dvdcss 2010-05-12 09:21 . 2009-10-02 21:07 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-08 14:01 . 2009-04-09 16:23 -------- d-----w- c:\users\Lionel\AppData\Roaming\Audacity 2010-05-04 18:32 . 2009-03-06 18:27 100832 ----a-w- c:\users\Lionel\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-04 05:59 . 2010-06-12 13:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-12 13:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-12 13:00 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-12 13:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-12 13:00 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:58 . 2010-04-29 19:32 -------- d-----w- c:\program files\MiktexPerso 2010-04-29 18:39 . 2010-04-28 19:48 -------- d-----w- c:\program files\MiKTeX 2.8 2010-04-28 20:16 . 2010-04-28 20:16 -------- d-----w- c:\users\Lionel\AppData\Roaming\MiKTeX 2010-04-28 20:07 . 2010-04-28 20:07 -------- d-----w- c:\program files\TeXnicCenter 2010-04-28 19:49 . 2010-04-28 19:49 -------- d-----w- c:\programdata\MiKTeX 2010-04-22 19:43 . 2010-04-22 19:40 -------- d-----w- c:\program files\bibus 2010-04-22 19:42 . 2010-04-22 19:42 -------- d-----w- c:\users\Lionel\AppData\Roaming\bibus 2010-04-09 19:20 . 2010-04-09 19:20 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-04-05 17:01 . 2010-06-12 13:00 67072 ----a-w- c:\windows\system32\asycfilt.dll 2008-10-14 22:57 . 2008-10-14 22:57 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2008-05-22 16:35 . 2008-05-22 16:35 51962 ----a-w- c:\program files\Common Files\banner.jpg 2007-06-12 17:34 . 2007-06-12 17:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-02 13597216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-02 92704] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-03 8105984] "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2009-02-17 272952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1348904] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-02-17 3054136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760] "VolPanel"="c:\program files\Creative\USB Speaker\Volume Panel\VolPanlu.exe" [2008-05-06 221300] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816] c:\users\Lionel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168] FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2009-2-17 12862] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2008-03-25 23:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Users HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Lionel HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Lionel\AppData HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Lionel\AppData\Local HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Lionel\AppData\Local\Temp [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):8d,5c,f3,e0,26,0b,cb,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3063630528-193718291-1201804369-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000004 R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-09 79360] R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-03-09 79360] R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-04-10 20480] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-20 335240] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-17 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS Trusted Zone: 01net.com\www Trusted Zone: any-video-converter.com\www Trusted Zone: ibcp.fr\mirror Trusted Zone: miktex.org\www Trusted Zone: python.org\www Trusted Zone: sciencedirect.com\www Trusted Zone: sourceforge.net Trusted Zone: sourceforge.net\downloads FF - ProfilePath - c:\users\Lionel\AppData\Roaming\Mozilla\Firefox\Profiles\dlc6xpo1.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) HKCU-Run-jkhfccsys - xxxyya.dll HKLM-Run-jkhhedsys - xxxyya.dll HKU-Default-Run-yaaxxvsys - xxxyya.dll MSConfigStartUp-ope4D02 - c:\users\Lionel\AppData\Local\Temp\ope4D02.exe MSConfigStartUp-ope5FF5 - c:\users\Lionel\AppData\Local\Temp\ope5FF5.exe MSConfigStartUp-ctfmon - c:\windows\ctfmon.exe MSConfigStartUp-ddbxyasys - xxxyya.dll MSConfigStartUp-hgghhfdrv - awwvvs.dll MSConfigStartUp-lsass - c:\windows\lsass.exe MSConfigStartUp-netc - c:\windows\svc.exe MSConfigStartUp-servicelayer - c:\windows\servicelayer.exe MSConfigStartUp-setupupdater0002 - c:\users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\setupupdater0002.exe MSConfigStartUp-urstuusys - xxxyya.dll MSConfigStartUp-yaawtudrv - awwvvs.dll ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:18,04,6f,37,89,4b,f5,83,02,26,b1,e7,4e,38,92,14,28,de,08,3e,e1, 4f,46,46,7a,f7,14,37,53,a2,e3,d3,7e,12,a0,1a,c6,ad,bf,ae,58,26,7a,e2,a9,0c,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:18,04,6f,37,89,4b,f5,83,02,26,b1,e7,4e,38,92,14,28,de,08,3e,e1, 4f,46,46,7a,f7,14,37,53,a2,e3,d3,7e,12,a0,1a,c6,ad,bf,ae,58,26,7a,e2,a9,0c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(4352) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\windows\system32\btmmhook.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\WLANExt.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\SPBA\upeksvr.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\windows\system32\conime.exe c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe c:\program files\ASUS\ATK Hotkey\HControl.exe c:\program files\ASUS\Splendid\ACMON.exe c:\program files\ASUS\ATK Hotkey\ATKOSD.exe c:\program files\ASUS\ATK Hotkey\KBFiltr.exe c:\windows\System32\ACEngSvr.exe c:\program files\ASUS\ATK Hotkey\WDC.exe c:\windows\System32\rundll32.exe c:\program files\AVG\AVG8\avgtray.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe . ************************************************************************** . Heure de fin: 2010-06-14 18:57:06 - La machine a redémarré ComboFix-quarantined-files.txt 2010-06-14 16:57 Avant-CF: 150 254 501 888 octets libres Après-CF: 149 517 631 488 octets libres - - End Of File - - A9599A6E30EFCCA125121A5BDAE2D43B

J'ai fait les différents scans (1h53 pour celui de Malwarebytes !! J'ai sommeil !!). Voici les log. D'abord celui de mbam : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4195 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 14/06/2010 01:10:27 mbam-log-2010-06-14 (01-10-27).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|) Elément(s) analysé(s): 326631 Temps écoulé: 1 heure(s), 53 minute(s), 20 seconde(s) Processus mémoire infecté(s): 3 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 13 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 21 Processus mémoire infecté(s): C:\Users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\setupupdater0002.exe (Malware.Packer.Gen) -> Unloaded process successfully. C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> Unloaded process successfully. C:\Users\Lionel\AppData\Local\Temp\fFollower.exe (Trojan.Dropper) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Windows\System32\awwvvs.dll (Trojan.Agent) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Follower (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\setupupdater0002.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servicelayer (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxxutssys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urrppqdrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tutuutsys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hgggdcdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvstusys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efcyvtdrv (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvstusys (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efcyvtdrv (Trojan.Vundo) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Windows\System32\lowsec (Stolen.data) -> Delete on reboot. Fichier(s) infecté(s): C:\Windows\System32\awwvvs.dll (Trojan.Agent) -> Delete on reboot. C:\Users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\setupupdater0002.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\teste2_p.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. C:\Users\Lionel\AppData\Local\Temp\0.17774656329307348.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\tmp1513868.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\tmp4997610.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\tmp7618035.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\tmp8022743.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\tmp8465301.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\tmp8507682.log (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\lsass.exe (Trojan.PWS) -> Quarantined and deleted successfully. C:\Windows\servicelayer.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\svc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Lionel\AppData\Local\Temp\ffollower.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\Temp\ffollower.exe (Trojan.Dropper) -> Quarantined and deleted successfully. Ensuite le "log.txt" de RSIT : Logfile of random's system information tool 1.07 (written by random/random) Run by Lionel at 2010-06-14 01:17:03 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 143 GB (60%) free of 238 GB Total RAM: 3070 MB (62% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:17:13, on 14/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program files\P4G\BatteryLife.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Lionel\Desktop\softs\Internet\RSIT.exe C:\Program Files\trend micro\Lionel.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [rqoligdrv] rundll32.exe "awwvvs.dll",s O4 - HKLM\..\Run: [jkhhedsys] rundll32.exe "xxxyya.dll",DllRegisterServer O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [gebywtdrv] rundll32.exe "awwvvs.dll",s O4 - HKCU\..\Run: [jkhfccsys] rundll32.exe "xxxyya.dll",DllRegisterServer O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [yaaxxvsys] rundll32.exe "xxxyya.dll",DllRegisterServer (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [yaaxxvsys] rundll32.exe "xxxyya.dll",DllRegisterServer (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: FancyStart daemon.lnk = ? O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O15 - Trusted Zone: http://www.01net.com O15 - Trusted Zone: http://www.any-video-converter.com O15 - Trusted Zone: mirror.ibcp.fr O15 - Trusted Zone: http://www.miktex.org O15 - Trusted Zone: http://www.python.org O15 - Trusted Zone: http://www.sciencedirect.com O15 - Trusted Zone: http://downloads.sourceforge.net O15 - Trusted Zone: http://*.sourceforge.net O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (BthServ) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative HOAL Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 21719 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-18 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] Locked [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936] "P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-10-03 13597216] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-10-03 92704] "HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304] "ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2008-09-03 8105984] "ADSMTray"=C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-02-17 272952] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-31 1348904] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-08-19 159744] "ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-02-17 3054136] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-18 6793760] "VolPanel"=C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe [2008-05-06 221300] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816] "rqoligdrv"=awwvvs.dll,s [] "jkhhedsys"=xxxyya.dll,DllRegisterServer [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "gebywtdrv"=awwvvs.dll,s [] "jkhfccsys"=xxxyya.dll,DllRegisterServer [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon] C:\Windows\ctfmon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddbxyasys] xxxyya.dll,DllRegisterServer [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hgghhfdrv] awwvvs.dll,s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass] C:\Windows\lsass.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netc] C:\Windows\svc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicelayer] C:\Windows\servicelayer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setupupdater0002.exe] C:\Users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\setupupdater0002.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urstuusys] xxxyya.dll,DllRegisterServer [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yaawtudrv] awwvvs.dll,s [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe C:\Users\Lionel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba] C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-26 567560] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 xxxyya.dll "notification packages"=scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "DisableCAD"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{030d29e8-1a25-11de-bcbe-002243c0ce67}] shell\AutoRun\command - F:\Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3b467e6-1643-11de-919c-002243c0ce67}] shell\AutoRun\command - H:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-06-14 01:17:04 ----D---- C:\Program Files\trend micro 2010-06-14 01:17:03 ----D---- C:\rsit 2010-06-13 22:21:41 ----D---- C:\Users\Lionel\AppData\Roaming\Malwarebytes 2010-06-13 22:20:42 ----D---- C:\ProgramData\Malwarebytes 2010-06-13 22:20:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-06-13 20:25:25 ----D---- C:\Windows\system32\eu-ES 2010-06-13 20:25:25 ----D---- C:\Windows\system32\ca-ES 2010-06-13 20:25:22 ----D---- C:\Windows\system32\vi-VN 2010-06-13 18:50:20 ----AH---- C:\Windows\system32\xxxyya.dll 2010-06-13 18:46:08 ----D---- C:\Users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6 2010-06-13 10:24:35 ----SHD---- C:\Config.Msi 2010-06-12 15:00:43 ----A---- C:\Windows\system32\asycfilt.dll 2010-06-12 15:00:42 ----A---- C:\Windows\system32\atmlib.dll 2010-06-12 15:00:42 ----A---- C:\Windows\system32\atmfd.dll 2010-06-12 15:00:39 ----A---- C:\Windows\system32\mshtml.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\wininet.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\urlmon.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\occache.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\msfeeds.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\iertutil.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\ieframe.dll 2010-06-12 15:00:38 ----A---- C:\Windows\system32\iedkcs32.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\mstime.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\msfeedssync.exe 2010-06-12 15:00:37 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\jsproxy.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\ieUnatt.exe 2010-06-12 15:00:37 ----A---- C:\Windows\system32\ieui.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\iesysprep.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\iesetup.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\iernonce.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\iepeers.dll 2010-06-12 15:00:37 ----A---- C:\Windows\system32\ie4uinit.exe 2010-05-31 10:53:19 ----D---- C:\Program Files\NB Soft 2010-05-26 20:28:15 ----A---- C:\Windows\system32\tzres.dll ======List of files/folders modified in the last 1 months====== 2010-06-14 01:17:08 ----D---- C:\Windows\Temp 2010-06-14 01:17:04 ----RD---- C:\Program Files 2010-06-14 01:13:49 ----D---- C:\Windows\System32 2010-06-14 01:13:48 ----D---- C:\Windows\system32\drivers 2010-06-14 01:12:49 ----RD---- C:\Windows\Offline Web Pages 2010-06-14 01:10:25 ----D---- C:\Windows 2010-06-14 01:00:29 ----HD---- C:\$AVG8.VAULT$ 2010-06-13 23:15:03 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-06-13 23:15:02 ----D---- C:\Windows\inf 2010-06-13 22:28:28 ----A---- C:\Windows\system32\acovcnt.exe 2010-06-13 22:20:42 ----HD---- C:\ProgramData 2010-06-13 21:10:04 ----D---- C:\Windows\rescache 2010-06-13 20:40:02 ----HD---- C:\Program Files\InstallShield Installation Information 2010-06-13 20:40:02 ----D---- C:\Program Files\M-Audio 2010-06-13 20:39:04 ----D---- C:\Program Files\Azureus 2010-06-13 20:39:01 ----D---- C:\Windows\Prefetch 2010-06-13 20:36:07 ----D---- C:\Windows\Microsoft.NET 2010-06-13 20:36:06 ----RSD---- C:\Windows\assembly 2010-06-13 20:34:49 ----D---- C:\ProgramData\NVIDIA 2010-06-13 20:32:51 ----SHD---- C:\Boot 2010-06-13 20:32:40 ----D---- C:\Windows\system32\catroot 2010-06-13 20:31:24 ----D---- C:\Windows\system32\catroot2 2010-06-13 20:27:43 ----D---- C:\Program Files\Windows Mail 2010-06-13 20:27:43 ----D---- C:\Program Files\Windows Calendar 2010-06-13 20:27:43 ----D---- C:\Program Files\Movie Maker 2010-06-13 20:27:41 ----D---- C:\Program Files\Windows Sidebar 2010-06-13 20:27:41 ----D---- C:\Program Files\Windows Media Player 2010-06-13 20:27:41 ----D---- C:\Program Files\Internet Explorer 2010-06-13 20:27:40 ----D---- C:\Program Files\Windows Journal 2010-06-13 20:27:40 ----D---- C:\Program Files\Windows Collaboration 2010-06-13 20:27:38 ----D---- C:\Program Files\Windows Photo Gallery 2010-06-13 20:27:38 ----D---- C:\Program Files\Common Files\System 2010-06-13 20:27:33 ----D---- C:\Windows\servicing 2010-06-13 20:27:33 ----D---- C:\Program Files\Windows Defender 2010-06-13 20:27:32 ----D---- C:\Windows\ehome 2010-06-13 20:27:05 ----D---- C:\Windows\system32\XPSViewer 2010-06-13 20:27:05 ----D---- C:\Windows\system32\sk-SK 2010-06-13 20:27:05 ----D---- C:\Windows\system32\oobe 2010-06-13 20:27:05 ----D---- C:\Windows\system32\migration 2010-06-13 20:27:05 ----D---- C:\Windows\system32\lv-LV 2010-06-13 20:27:05 ----D---- C:\Windows\system32\ko-KR 2010-06-13 20:27:05 ----D---- C:\Windows\system32\it-IT 2010-06-13 20:27:05 ----D---- C:\Windows\system32\hr-HR 2010-06-13 20:27:05 ----D---- C:\Windows\system32\fr 2010-06-13 20:27:05 ----D---- C:\Windows\system32\et-EE 2010-06-13 20:27:05 ----D---- C:\Windows\system32\en-US 2010-06-13 20:27:05 ----D---- C:\Windows\system32\el-GR 2010-06-13 20:27:05 ----D---- C:\Windows\system32\de-DE 2010-06-13 20:27:05 ----D---- C:\Windows\system32\da-DK 2010-06-13 20:27:05 ----D---- C:\Windows\IME 2010-06-13 20:27:01 ----D---- C:\Windows\system32\ru-RU 2010-06-13 20:27:01 ----D---- C:\Windows\system32\AdvancedInstallers 2010-06-13 20:27:00 ----D---- C:\Windows\system32\sv-SE 2010-06-13 20:27:00 ----D---- C:\Windows\system32\SLUI 2010-06-13 20:27:00 ----D---- C:\Windows\system32\setup 2010-06-13 20:27:00 ----D---- C:\Windows\system32\pt-PT 2010-06-13 20:27:00 ----D---- C:\Windows\system32\hu-HU 2010-06-13 20:27:00 ----D---- C:\Windows\system32\he-IL 2010-06-13 20:27:00 ----D---- C:\Windows\system32\fr-FR 2010-06-13 20:27:00 ----D---- C:\Windows\system32\fi-FI 2010-06-13 20:27:00 ----D---- C:\Windows\system32\cs-CZ 2010-06-13 20:26:59 ----D---- C:\Windows\system32\zh-TW 2010-06-13 20:26:59 ----D---- C:\Windows\system32\zh-CN 2010-06-13 20:26:59 ----D---- C:\Windows\system32\uk-UA 2010-06-13 20:26:59 ----D---- C:\Windows\system32\th-TH 2010-06-13 20:26:59 ----D---- C:\Windows\system32\sr-Latn-CS 2010-06-13 20:26:59 ----D---- C:\Windows\system32\sl-SI 2010-06-13 20:26:59 ----D---- C:\Windows\system32\ro-RO 2010-06-13 20:26:59 ----D---- C:\Windows\system32\pl-PL 2010-06-13 20:26:59 ----D---- C:\Windows\system32\manifeststore 2010-06-13 20:26:59 ----D---- C:\Windows\system32\ja-JP 2010-06-13 20:26:59 ----D---- C:\Windows\system32\es-ES 2010-06-13 20:26:59 ----D---- C:\Windows\system32\bg-BG 2010-06-13 20:26:57 ----D---- C:\Windows\system32\wbem 2010-06-13 20:26:57 ----D---- C:\Windows\system32\tr-TR 2010-06-13 20:26:55 ----D---- C:\Windows\system32\nl-NL 2010-06-13 20:26:55 ----D---- C:\Windows\system32\nb-NO 2010-06-13 20:26:55 ----D---- C:\Windows\system32\lt-LT 2010-06-13 20:26:55 ----D---- C:\Windows\system32\ar-SA 2010-06-13 20:26:54 ----D---- C:\Windows\system32\pt-BR 2010-06-13 20:26:54 ----D---- C:\Windows\system32\migwiz 2010-06-13 20:25:31 ----RSD---- C:\Windows\Fonts 2010-06-13 20:25:31 ----D---- C:\Windows\AppPatch 2010-06-13 20:25:22 ----D---- C:\Windows\system32\Boot 2010-06-13 20:24:31 ----D---- C:\Windows\system32\RTCOM 2010-06-13 20:02:12 ----D---- C:\Windows\winsxs 2010-06-13 18:58:27 ----D---- C:\Windows\Debug 2010-06-13 18:55:24 ----D---- C:\Users\Lionel\AppData\Roaming\vlc 2010-06-13 10:25:34 ----SHD---- C:\Windows\Installer 2010-06-13 10:25:34 ----D---- C:\ProgramData\Microsoft Help 2010-06-08 22:12:15 ----D---- C:\temp 2010-05-31 10:53:20 ----SD---- C:\Users\Lionel\AppData\Roaming\Microsoft 2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe 2010-05-25 18:08:26 ----D---- C:\Users\Lionel\AppData\Roaming\dvdcss ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-20 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-20 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-17 108552] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-06-25 47104] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400] R3 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-11 29752] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-04 952320] R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-07-09 81960] R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-05-13 100392] R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-13 17320] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-18 2323680] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-24 45600] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-03 7412480] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-07-31 202416] R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-01-30 50576] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MA_CMIDI;M-Audio USB Driver; C:\Windows\system32\drivers\ma_cmidi.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 skfiltv;skfiltv; C:\Windows\system32\drivers\skfiltv.sys [2008-04-10 20480] S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2009-02-17 231992] R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-07-30 522792] R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-03 203296] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-08 72704] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-03-09 79360] S3 Creative HOAL Licensing Service;Creative HOAL Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [2009-03-09 79360] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-17 156656] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- Enfinle "info.txt" de RSIT : info.txt logfile of random's system information tool 1.06 2010-06-14 01:17:15 ======Uninstall list====== -->"C:\Program Files\Creative\USB Speaker\Program\SETUP.EXE" /s /U /W /L:FRN -->MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED1E1B7-D143-4579-BE02-ED70E45B416C}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED1E1B7-D143-4579-BE02-ED70E45B416C}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x40c /remove 2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Premiere Pro 2.0-->msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110} Any Video Converter Professional 3.0.3-->"C:\Program Files\AnvSoft\Any Video Converter Professional\unins000.exe" ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354} ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\setup.exe -runfromtemp -l0x0009 -removeonly ASUS FancyStart-->MsiExec.exe /I{567C654B-7FE9-4970-8323-56E8191D1941} ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9 ASUS MultiFrame-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\Setup.exe" -l0x9 ASUS Power4Gear Hybrid-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA} ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5} ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D} ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1} ASUS_Notebook__N51 Screen Saver-->C:\Windows\system32\ASUS_Notebook__N51.scr /u Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x0009 -removeonly ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9} ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF} ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Audacity 1.3.7 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL bibus 1.5.1-->C:\Program Files\bibus\uninst.exe Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Cisco EAP-FAST Module-->MsiExec.exe /I{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A} Cisco LEAP Module-->MsiExec.exe /I{934B3B19-8193-467A-B356-E73F82647D38} Cisco PEAP Module-->MsiExec.exe /I{BAD1449B-DF0C-4118-B76D-68C54009576C} Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove Creative USB Speaker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{999E1CFC-AE99-4086-9632-8F0C703357E9}\SETUP.EXE" -l0x40c /remove CutePDF Writer 2.3-->C:\Windows\system32\uninscpw.exe C:\Program Files\ CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" Express Gate-->MsiExec.exe /X{E8CC51B4-F039-4A13-8C23-57661C5A90AC} Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2-->"C:\Users\Lionel\Desktop\softs\Internet\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IZArc 3.5 beta 3-->"C:\Program Files\IZArc\unins000.exe" Java 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} KeyHoleTV-->"C:\Program Files\KeyHoleTV\uninstall.exe" LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe" LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {0A75DA12-55CB-4DE5-8B6A-74D97847204E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A} Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB} Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE} Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {C76C02F1-B07F-4974-876A-A18DEC9887C8} Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE} Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word 2007 Help - Aggiornamento (KB963665)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC} Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MiKTeX 2.8-->"C:\Program Files\MiKTeX 2.8\miktex\bin\internal\copystart_admin.exe" "C:\Program Files\MiKTeX 2.8\miktex\bin\internal\uninstall_admin.exe" Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C} n-Surf 1.0 beta-->MsiExec.exe /I{6FB158D3-5E25-4C5F-B358-FE36CF92DF74} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" Python 2.6 pywin32-214-->"C:\Python26\Removepywin32.exe" -u "C:\Python26\pywin32-wininst.log" Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223} Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB} Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tetris-->"C:\Program Files\Tetris\unins000.exe" TeXnicCenter Version 1.0 Stable RC1-->"C:\Program Files\TeXnicCenter\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA} Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5} Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809} USB 2.0 2.0M UVC WebCam-->C:\Windows\Uninstuxga.bat VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe WIDCOMM Bluetooth Software-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9 Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x0009 -removeonly WMP3 version 1.0.0-->"C:\Program Files\Softal\WMP3\unins000.exe" wxPython 2.8.10.1 (unicode) for Python 2.6-->"C:\Python26\Lib\site-packages\wx-2.8-msw-unicode\unins000.exe" ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: DivCom Event Code: 1001 Message: L’initialisation de l’application a échoué. Dernière erreur : 0x80070032 Record Number: 118988 Source Name: Microsoft-Windows-LanguagePackSetup Time Written: 20100120110819.084814-000 Event Type: Erreur User: AUTORITE NT\SYSTEM Computer Name: DivCom Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {5C9A50CB-E15D-443B-B85C-22F3C1923DAC} Utilisateur : DivCom\Lionel Nom : Unknown ID : ID de gravité : ID de catégorie : Chemin d’accès trouvé : file:C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\FancyStart daemon.lnk;file:C:\Program Files\ASUS\FancyStart\FancyStart.exe;startup:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\FancyStart daemon.lnk Type d’alerte : Logiciel non classifié Type de détection : Record Number: 118986 Source Name: Microsoft-Windows-Windows Defender Time Written: 20100120110802.000000-000 Event Type: Avertissement User: Computer Name: DivCom Event Code: 15016 Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur. Record Number: 118977 Source Name: Microsoft-Windows-HttpEvent Time Written: 20100120110740.931014-000 Event Type: Erreur User: Computer Name: DivCom Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 118965 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100120080751.103600-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: DivCom Event Code: 10002 Message: Le module d’extensibilité WLAN s’est arrêté. Chemin d’accès du module : C:\Windows\system32\athihvs.dll Record Number: 118964 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100120080751.103600-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: DivCom Event Code: 3086 Message: Les paramètres régionaux du système ont changé. Les données existantes vont être supprimées et l'index doit être recréé. Contexte : Application , Catalogue SystemIndex Record Number: 702 Source Name: Microsoft-Windows-Search Time Written: 20090306182646.000000-000 Event Type: Avertissement User: Computer Name: DivCom Event Code: 63 Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur. Record Number: 690 Source Name: Microsoft-Windows-WMI Time Written: 20090306182424.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: DivCom Event Code: 63 Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur. Record Number: 689 Source Name: Microsoft-Windows-WMI Time Written: 20090306182424.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: DivCom Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 676 Source Name: Microsoft-Windows-WMI Time Written: 20090307101639.000000-000 Event Type: Erreur User: Computer Name: DivCom Event Code: 1008 Message: Le service Windows Search tente de supprimer l’ancien catalogue. Record Number: 672 Source Name: Microsoft-Windows-Search Time Written: 20090307101636.000000-000 Event Type: Avertissement User: =====Security event log===== Computer Name: DivCom Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 20742 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091003201858.074602-000 Event Type: Succès de l'audit User: Computer Name: DivCom Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DIVCOM$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2c8 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 20741 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091003201858.074602-000 Event Type: Succès de l'audit User: Computer Name: DivCom Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DIVCOM$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x2c8 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 20740 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091003201858.074602-000 Event Type: Succès de l'audit User: Computer Name: DivCom Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-20 Nom du compte : SERVICE RÉSEAU Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e4 Privilèges : SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Record Number: 20739 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091003201858.012202-000 Event Type: Succès de l'audit User: Computer Name: DivCom Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : DIVCOM$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-20 Nom du compte : SERVICE RÉSEAU Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e4 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x2c8 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 20738 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091003201858.012202-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\MiKTeX 2.8\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=1706 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "configsetroot"=%SystemRoot%\ConfigSetRoot -----------------EOF----------------- Voilà pour les scans. Coté infection, depuis le redémarrage à la fin du scan de mbam, je n'ai plus les fenêtres intempestives de Antimalware Doctor. Le problème a donc l'air, a priori, réglé. J'ai quand même eu au redémarrage 2 fenêtres de "RunDLL", qui n'arrivait pas à trouver un fichier "awwvvs.dll", ou quelque chose comme ça. Merci de me dire si mon problème est vraiment résolu, ou s'il est encore trop tôt pour se réjouir. @+

Oups !! Nos réponses se sont croisées ! Je vais faire ce que tu indiques dans le message. Je ferais une nouvelle réponse quand ce sera fait. En tout cas, merci de m'aider !

J'ai profité du fait que je peux de nouveau récupérer des exe pour récupérer Malwarebytes (j'ai vu sur des forum qu'il est très utile). Au départ, il ne se passais rien quand je le lancais. Finalement, j'ai vu qu'il y avait une astuce de renommer le mbam.exe en autre chose. Du coup ça a fonctionné. Je vous copie le résultat du scan rapide: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 13/06/2010 22:53:21 mbam-log-2010-06-13 (22-53-21).txt Type d'examen: Examen rapide Elément(s) analysé(s): 117061 Temps écoulé: 5 minute(s), 29 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 9 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 14 Processus mémoire infecté(s): C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> No action taken. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urrppqdrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hgggdcdrv (Trojan.Vundo) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efcyvtdrv (Trojan.Vundo) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efcyvtdrv (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tutuutsys (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxxutssys (Trojan.Vundo) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvstusys (Trojan.Vundo) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvstusys (Trojan.Vundo) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. Dossier(s) infecté(s): C:\Windows\System32\lowsec (Stolen.data) -> No action taken. Fichier(s) infecté(s): C:\Windows\Temp\teste2_p.exe (Trojan.Agent) -> No action taken. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> No action taken. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> No action taken. C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> No action taken. C:\Windows\Temp\avto.exe (Trojan.Agent) -> No action taken. C:\Windows\tmp1513868.log (Trojan.Agent) -> No action taken. C:\Windows\tmp8022743.log (Trojan.Agent) -> No action taken. C:\Windows\tmp8507682.log (Trojan.Agent) -> No action taken. C:\Windows\ctfmon.exe (Trojan.Agent) -> No action taken. C:\Windows\lsass.exe (Trojan.PWS) -> No action taken. C:\Windows\servicelayer.exe (Backdoor.Bot) -> No action taken. C:\Windows\svc.exe (Trojan.Agent) -> No action taken. C:\Windows\Temp\teste3_p.exe (Trojan.Agent) -> No action taken. C:\Users\Lionel\AppData\Local\Temp\0.17774656329307348.exe (Trojan.Dropper) -> No action taken. Ne sachant pas ce qu'il fallait faire ensuite (suppression, quarantaine, ...), je n'ai donc rien fait de plus. Quelle est la démarche à suivre ensuite ? Dois-je faire supprimer les éléments listés ? Dois-je faire un scan complet ?

Voici le résultat du scan par HijackThis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:07, on 13/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Windows\system32\svchost.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Users\Lionel\AppData\Local\Temp\fFollower.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdra64.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program files\P4G\BatteryLife.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\Explorer.EXE C:\Windows\System32\alg.exe C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Hotkey\HControl.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files\ASUS\ATK Hotkey\WDC.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\setupupdater0002.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Lionel\Desktop\softs\Internet\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe, O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Speaker\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [tutuutsys] rundll32.exe "xxxyya.dll",DllRegisterServer O4 - HKLM\..\Run: [hgggdcdrv] rundll32.exe "awwvvs.dll",s O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [xxxutssys] rundll32.exe "xxxyya.dll",DllRegisterServer O4 - HKCU\..\Run: [urrppqdrv] rundll32.exe "awwvvs.dll",s O4 - HKCU\..\Run: [setupupdater0002.exe] C:\Users\Lionel\AppData\Roaming\FC63490E14E6F8553AD99E6E516590B6\setupupdater0002.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [efcyvtdrv] rundll32.exe "awwvvs.dll",s (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [efcyvtdrv] rundll32.exe "awwvvs.dll",s (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: FancyStart daemon.lnk = ? O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://www.01net.com O15 - Trusted Zone: http://www.any-video-converter.com O15 - Trusted Zone: mirror.ibcp.fr O15 - Trusted Zone: http://www.miktex.org O15 - Trusted Zone: http://www.python.org O15 - Trusted Zone: http://www.sciencedirect.com O15 - Trusted Zone: http://downloads.sourceforge.net O15 - Trusted Zone: http://*.sourceforge.net O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative HOAL Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Follower - Unknown owner - C:\Users\Lionel\AppData\Local\Temp\fFollower.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 10106 bytes A partir d'ici, je ne sais pas ce qu'il faut faire. J'attends vos conseils. Merci. @+

Mea culpa !! J'ai été trop rapide dans mon accusation de Vista sur le blocage de mes téléchargements. En fait, il fallait simplement que je repasse aux paramètres par défaut sur IE, et tout est redevenu normal de ce point de vue-là. Du coup, j'ai récupéré Hijackthis. En effet, j'ai vu sur plusieurs forum qu'il était nécessaire pour se débarrasser de Antimalware Doctor. Je vais donc lancer un scan. @+

Bonjour, J'ai été infecté par Antimalware Doctor. Je ne sais vraiment pas quoi faire pour m'en débarrasser. J'ai regardé à droite à gauche sur des forum pour essayer de trouver une solution, mais apparemment ca a l'air assez compliqué à gérer. Je préfère donc demander de l'assistance. Comme antivirus, j'ai simplement AVG ... Sinon, CCleaner pour faire du nettoyage, mais forcément, ça n'a rien fait. Puis un autre problème pour corser le tout : depuis quelques temps (plusieurs mois, en fait), je ne parviens plus à télécharger d'executable, que ce soit depuis IE ou Mozilla. Je me doute que c'est Vista qui me bloque tout, mais j'ai pas réussi à trouver le moyen de régler ce problème. Et donc s'il faut télécharger des programmes pour se débarrasser de Antimalware Doctor, ça risque de me poser problème. Merci pour votre secours !!