davhid

Je n'ai pas trouvé comment procéder hier... Je saurais, si je m'en souviens, pour la prochaine fois Merci Dylav, et Bernard aussi, encore.

Pas grave Bernard, merci quand même de t'être penché sur mon cas. D'autres soucis sont apparus dimanche, plus d'accès à internet, message de plantage mémoire (sur fond bleu en plein écran), temps extrèmement long au démarrage (plus de 4 mn), des programmes impossible à fermer,... bref, j'ai reformaté tout çà avec mes CD Master et repars quasiment à zéro mais avec l'assurance d'un système propre. Bon, et bien je crois que j'ai quelques mises à jour à faire maintenant du coup Encore merci, et peut être à un de ces jours

Je ne pense pas avoir occasionné ces problèmes avec XP-Registry, étant donné que je n'y comprenais pas grand chose je n'ai rien touché. Voici le rapport, j'espère ne pas avoir fait de fautes en recopiant le texte dans OTL... All processes killed ========== OTL ========== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{034B09D7-1B31-4E7C-A36A-7A22C7DC42B0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034B09D7-1B31-4E7C-A36A-7A22C7DC42B0}\ not found. Prefs.js: "WiseConvert 1.5 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit/ResultsExt.aspx?ctid=CT3242339&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl File D:\Document and Settings\davehid\Application Data\Mozilla\Firefox\Profiles\pwcj1ejv.default\searchplugins not found. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C.\Program Files\Microsoft Security Client\msseces.exe not found. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunOnceEx not found. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunOnceEx not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrooser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-A37C9A5676A7}\ not found. Unable to delete ADS D:\Documents and Setting\All Users\Application Data\Microsoft:YViLXnwyGX2Uhn0EJdk3d7T . Unable to delete ADS D\:Documents and Setting\All Users\Application Data\Microsoft:U4XDiev0uwgFUOmR7TY . Unable to delete ADS D\:Documents and Setting\davehid\Local Settongs\Apllication Data\dhWJKcsbC:QOh3wVP3ynAin2YX66 . Unable to delete ADS D\:Documents and Setting\All Users\Application Data\Microsoft:6fV8gcn0p87XjhvIGHKZVoNh . Unable to delete ADS D\:Documents and Setting\All Users\Application Data\Microsoft:Anvv9uviUE0g7itaGztcpQcuH . Unable to delete ADS D\:Program Files\Fichiers communs\Microsoft Shared:UDBJNFWUNqXzEjDxeG5vimiw . ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes ->FireFox cache emptied: 5896581 bytes ->Flash cache emptied: 533 bytes User: All Users User: davehid ->Temp folder emptied: 455795853 bytes ->Temporary Internet Files folder emptied: 124319755 bytes ->Java cache emptied: 111119 bytes ->FireFox cache emptied: 71021112 bytes ->Flash cache emptied: 523 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes ->Flash cache emptied: 533 bytes User: LocalService ->Temp folder emptied: 115348 bytes ->Temporary Internet Files folder emptied: 2467627 bytes User: NetworkService ->Temp folder emptied: 608986 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Propriétaire User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes ->Flash cache emptied: 533 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7792898 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 48874578 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34293 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 684,00 mb System Restore Service not available. OTL by OldTimer - Version 3.2.58.1 log created on 08252012_171531 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

J'ai désinstallé et reinstaller Malwarebytes mais il ne se lance toujours pas et me donne le même message d'erreur. Pour désinstaller MSE j'ai le même message que lorsque je veux le lancer, donc désinstallation impossible. Je ne peux pas faire de copier/coller alors j'ai écrit manuellement le texte dans le cadre de OTL, donc le lien cliquable "Google" est invalide, ce qui explique "No captured output from command" dans le rapport. Et lorsque j'écris manuellement le lien que cjoint me donne pour OTL.Txt, j'obtiens ceci : © CJoint, 2010 Je n'ai donc pas d'autre chox que de l'afficher directement ici, dsl. Si quelqu'un peut l'héberger pour moi... merci d'avance Il y a un paquet de trucs là dedans que je n'arrive pas à désinstaller, ou alors pas complètement, je pourrais avoir des conseils pour çà? Voici donc le rapport OTL.Txt (si tu aussi Extras.Txt je l'enverrais plus tard, çà fera peut être beaucoup avec les 2 d'un seul coup)Bon week end OTL logfile created on: 25/08/2012 12:37:59 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = D:\Documents and Settings\davehid\Mes documents\Téléchargements Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1022,48 Mb Total Physical Memory | 630,38 Mb Available Physical Memory | 61,65% Memory free 1,45 Gb Paging File | 1,03 Gb Available in Paging File | 70,60% Paging File free Paging file location(s): C:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,99 Gb Total Space | 6,29 Gb Free Space | 20,96% Space Free | Partition Type: NTFS Drive D: | 202,89 Gb Total Space | 165,80 Gb Free Space | 81,72% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 229,13 Gb Free Space | 98,39% Space Free | Partition Type: NTFS Computer Name: SN117655420319 | User Name: davehid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\davehid\Mes documents\Téléchargements\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () PRC - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe () PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe (Cyberlink) PRC - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - c:\APPS\HIDSERVICE\HidService.exe () ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () MOD - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe () MOD - c:\APPS\Powercinema\Kernel\HomeNetWorking\CLNetMedia.dll () MOD - c:\APPS\HIDSERVICE\HidService.exe () ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft) SRV - (BlueSoleil Hid Service) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe () SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (CLSched) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () SRV - (GenericHidService) -- c:\APPS\HIDSERVICE\HidService.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.) DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (Nsynas32) -- C:\WINDOWS\System32\drivers\NSynas32.sys (Syncrosoft Hard- und Software GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {034B09D7-1B31-4E7C-A36A-7A22C7DC42B0} IE - HKCU\..\SearchScopes\{034B09D7-1B31-4E7C-A36A-7A22C7DC42B0}: "URL" = {searchTerms} - Google Search IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert 1.5 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3242339&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "https://www.sfr.fr/cas/login?service=https%3A%2F%2Fmessagerie-12.sfr.fr%2Fwebmail%2Fj_spring_cas_security_check" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 08:25:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/15 18:52:28 | 000,000,000 | ---D | M] [2012/04/19 14:57:16 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\davehid\Application Data\Mozilla\Extensions [2012/08/22 21:30:37 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\davehid\Application Data\Mozilla\Firefox\Profiles\pwcj1ejv.default\extensions [2012/08/07 18:15:46 | 000,000,933 | ---- | M] () -- D:\Documents and Settings\davehid\Application Data\Mozilla\Firefox\Profiles\pwcj1ejv.default\searchplugins\conduit.xml [2012/07/20 08:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/16 16:04:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/07/15 18:51:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/07/15 19:00:37 | 000,089,481 | ---- | M] () (No name found) -- D:\DOCUMENTS AND SETTINGS\DAVEHID\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PWCJ1EJV.DEFAULT\EXTENSIONS\MD5REHASHER@PHONEIXS.ES.XPI [2012/07/20 08:25:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008/11/11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012/06/18 15:08:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/06/18 15:08:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/18 15:08:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/06/18 15:08:51 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2009/08/04 23:15:08 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml [2009/09/15 21:25:18 | 000,003,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml [2012/06/18 15:08:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/06/18 15:08:51 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2012/08/25 12:06:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software) O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1334844597062 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E1E76D-E94F-406E-80E4-AF694C3A185D}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\davehid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\davehid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2b3a7859-8a10-11e1-bb8f-0016e61cf789}\Shell\AutoRun\command - "" = "J:\Start PC.exe" O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (Partizan) O34 - HKLM BootExecute: (ootExecute settings...) O34 - HKLM BootExecute: (ount) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/'>http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll () PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Vade Retro Outlook Express - hkey= - key= - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2012/08/24 17:50:37 | 000,000,000 | ---D | C] -- C:\BackSys [2012/08/24 17:49:07 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2012/08/24 17:42:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\RegRun [2012/08/24 17:42:51 | 000,039,184 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2012/08/24 17:42:51 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2012/08/24 17:42:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Mes documents\RegRun2 [2012/08/24 17:42:42 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys [2012/08/24 17:42:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\UnHackMe [2012/08/24 17:42:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents\regruninfo [2012/08/24 17:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe [2012/08/24 17:03:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware [2012/08/24 17:03:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/08/24 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/08/23 17:30:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Bureau\RK_Quarantine [2012/08/22 21:22:04 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\davehid\Menu Démarrer\Programmes\Démarrage (Disabled by Starter) [2012/08/22 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/08/22 17:38:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis [2012/08/22 03:42:21 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/08/19 15:31:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Mes documents\The Lord of the Rings Online [2012/08/19 15:31:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Local Settings\Application Data\The Lord of the Rings Online [2012/08/19 14:45:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2012/08/19 14:45:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2012/08/19 14:45:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2012/08/19 14:44:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Local Settings\Application Data\Turbine [2012/08/19 14:41:04 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2012/08/19 14:40:59 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll [2012/08/19 14:40:57 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll [2012/08/19 14:40:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012/08/19 14:40:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Turbine [2012/08/19 14:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine [2012/08/19 02:05:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Bureau\League of Legends [2012/08/19 01:36:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Bureau\FW_FR_Installer_0.209.0 [2012/08/19 01:27:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Bureau\LOTRO Standard Res Install Files FR [2012/08/19 01:27:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Local Settings\Application Data\PMB Files [2012/08/19 01:27:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PMB Files [2012/08/19 01:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2012/08/16 10:32:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira [2012/08/08 23:45:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Local Settings\Application Data\WMTools Downloaded Files [2012/08/08 04:10:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com [2012/08/08 04:10:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\ma-config.com [2012/08/08 04:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\ma-config.com [2012/08/08 03:58:40 | 000,926,720 | ---- | C] (Windows Website (http://Www.win-web.Be)) -- D:\Documents and Settings\davehid\Bureau\Xp-Registry_v2_2.exe [2012/08/08 03:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\X-Setup Pro [2012/08/08 03:38:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Menu Démarrer\Programmes\Zeb-Utility [2012/08/08 03:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Zeb-Utility [2012/08/06 02:14:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Application Data\EurekaLog [2012/08/06 00:45:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\davehid\Application Data\Wise Registry Cleaner [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/25 12:39:28 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2012/08/25 12:13:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/08/25 12:13:54 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys [2012/08/25 12:06:08 | 000,001,026 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg [2012/08/25 11:58:24 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/08/25 11:57:52 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2012/08/25 11:08:06 | 000,000,947 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers OTL.lnk [2012/08/25 11:07:57 | 000,000,998 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers SmitfraudFix.lnk [2012/08/24 17:42:51 | 000,039,184 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2012/08/24 17:42:51 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2012/08/24 17:42:45 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012/08/24 17:42:45 | 000,001,896 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2012/08/24 17:42:45 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat [2012/08/24 17:42:42 | 000,000,543 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\UnHackMe.lnk [2012/08/24 17:03:04 | 000,000,669 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2012/08/24 17:00:21 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/08/23 20:02:15 | 000,006,071 | ---- | M] () -- D:\Documents and Settings\davehid\all [2012/08/22 22:02:23 | 000,000,077 | ---- | M] () -- D:\Documents and Settings\davehid\Application Data\mbam.context.scan [2012/08/22 17:38:29 | 000,001,615 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\HijackThis.lnk [2012/08/22 02:40:04 | 004,718,592 | ---- | M] () -- D:\Documents and Settings\davehid\NTUSER.bak [2012/08/22 01:45:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/08/21 15:49:43 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/08/19 14:40:26 | 000,001,725 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Le Seigneur des Anneaux Online.lnk [2012/08/19 08:59:09 | 000,088,576 | ---- | M] () -- D:\Documents and Settings\davehid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/08/19 01:37:19 | 000,000,674 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Resume Download of Forsaken World.url [2012/08/16 10:32:29 | 000,001,594 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Avira Control Center.lnk [2012/08/16 03:21:19 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/08/16 03:04:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/08/14 23:46:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/08/14 23:46:50 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/08/13 16:24:34 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012/08/13 16:24:34 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012/08/08 19:10:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012/08/08 18:04:52 | 000,016,574 | ---- | M] () -- C:\WINDOWS\EPISMF00.SWB [2012/08/08 03:38:45 | 000,001,481 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Zeb-Utility 2.1.lnk [2012/08/06 01:57:39 | 000,001,152 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers start.lnk [2012/08/06 01:16:58 | 000,000,988 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers adwcleaner.lnk [2012/08/06 00:46:24 | 000,001,308 | ---- | M] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers WiseRegCleaner.lnk [2012/08/04 13:23:57 | 000,650,460 | ---- | M] () -- D:\Documents and Settings\davehid\Mes documents\les petits secrets du vinaigre en cuisine.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/25 12:39:28 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2012/08/25 12:13:54 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys [2012/08/25 11:08:06 | 000,000,947 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers OTL.lnk [2012/08/25 11:07:57 | 000,000,998 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers SmitfraudFix.lnk [2012/08/24 17:42:45 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat [2012/08/24 17:42:42 | 000,000,543 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\UnHackMe.lnk [2012/08/24 17:27:29 | 000,001,026 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg [2012/08/24 17:03:04 | 000,000,669 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk [2012/08/23 20:02:15 | 000,006,071 | ---- | C] () -- D:\Documents and Settings\davehid\all [2012/08/22 22:02:23 | 000,000,077 | ---- | C] () -- D:\Documents and Settings\davehid\Application Data\mbam.context.scan [2012/08/22 17:38:29 | 000,001,615 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\HijackThis.lnk [2012/08/19 14:40:26 | 000,001,725 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Le Seigneur des Anneaux Online.lnk [2012/08/19 01:37:19 | 000,000,674 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Resume Download of Forsaken World.url [2012/08/16 03:01:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/08/08 03:50:06 | 000,001,628 | ---- | C] () -- D:\Documents and Settings\All Users\Menu Démarrer\Programmes\X-Setup Pro.lnk [2012/08/08 03:38:45 | 000,001,481 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Zeb-Utility 2.1.lnk [2012/08/06 01:57:39 | 000,001,152 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers start.lnk [2012/08/06 01:16:58 | 000,000,988 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers adwcleaner.lnk [2012/08/06 00:46:24 | 000,001,308 | ---- | C] () -- D:\Documents and Settings\davehid\Bureau\Raccourci vers WiseRegCleaner.lnk [2012/08/04 13:23:56 | 000,650,460 | ---- | C] () -- D:\Documents and Settings\davehid\Mes documents\les petits secrets du vinaigre en cuisine.pdf [2012/06/09 13:49:59 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/06/09 13:49:59 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/06/09 13:49:48 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012/06/09 13:49:31 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012/06/09 13:16:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2012/06/09 13:16:48 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2012/06/09 13:16:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2012/06/09 13:16:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2012/06/09 13:16:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2012/06/09 13:16:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2012/06/09 13:16:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2012/06/09 13:16:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2012/06/09 13:16:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2012/06/09 13:16:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2012/06/09 13:16:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2012/06/09 13:16:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2012/06/09 13:16:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2012/06/09 13:16:48 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2012/06/09 13:16:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2012/06/09 13:16:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2012/06/09 13:16:48 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2012/06/09 13:16:48 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2012/06/09 13:16:48 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2012/05/06 11:19:17 | 000,000,863 | ---- | C] () -- D:\Documents and Settings\davehid\.lmmsrc.xml [2012/04/29 16:01:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\restart.exe [2012/04/29 16:01:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Sign2k.exe [2012/04/29 16:01:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Removejoy.exe [2012/04/29 13:52:21 | 000,000,836 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2012/04/22 14:12:05 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll [2012/04/19 22:39:13 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012/04/19 22:33:14 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/04/19 22:33:14 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/04/19 22:33:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/04/19 22:32:44 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/04/19 19:21:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/04/19 14:24:11 | 000,088,576 | ---- | C] () -- D:\Documents and Settings\davehid\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/19 14:24:11 | 000,000,130 | ---- | C] () -- D:\Documents and Settings\davehid\Local Settings\Application Data\fusioncache.dat [2012/04/19 14:24:10 | 004,718,592 | ---- | C] () -- D:\Documents and Settings\davehid\NTUSER.bak [2012/04/19 14:11:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2012/04/19 13:48:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/19 13:17:51 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2012/04/19 13:17:32 | 000,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI [2012/04/19 13:11:32 | 000,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini [2012/04/19 13:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2012/04/19 13:02:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2012/04/19 13:02:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe ========== Custom Scans ========== < HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs > < HKEY_USERS\DEFAULT\Software\microsoft\Internet Explorer\Main\FeatureControle|feature_enable_ie_compression /rs > < HKEY_USERS\S-1-5-18\Software\microsoft\Internet Explorer\Main\FeatureControle|feature_enable_ie_compression /rs > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 08:25:19 | 000,867,904 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 08:25:19 | 000,867,904 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 08:25:19 | 000,867,904 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/20 08:25:38 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 08:25:38 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 08:25:38 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 14:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 14:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 14:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 08:25:19 | 000,867,904 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 08:25:19 | 000,867,904 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 08:25:19 | 000,867,904 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/20 08:25:38 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 08:25:38 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 08:25:38 | 000,913,888 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 14:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 14:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 14:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < HKLM\SOFTWARE\Microsoft\Windows NTC\CurrentVersion\Drivers /s > < HKLM\SOFTWARE\Microsoft\Windows NTC\CurrentVersion\Drivers.desc /s > < %temp%smtmp\1\*.* /s > < %temp%smtmp\2\*.* /s > < %temp%smtmp\4\*.* /s > < nslookup Google /c > No captured output from command... < %systemroot%\systeme32\drivers\*.sys /lockedfiles > < %systemroot%\*./mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 1326 bytes -> D:\Documents and Settings\All Users\Application Data\Microsoft:YViLXnwyGX2Uhn0EJdk3b7T @Alternate Data Stream - 1320 bytes -> D:\Documents and Settings\All Users\Application Data\Microsoft:U4Xdiev0uwgFUOmR7TY @Alternate Data Stream - 1255 bytes -> D:\Documents and Settings\davehid\Local Settings\Application Data\dhBWjKcsbC:QOh3wVP3ynEin2YX66 @Alternate Data Stream - 1207 bytes -> D:\Documents and Settings\All Users\Application Data\Microsoft:6fV8gcn0p87XjhvlGHkZVoNh @Alternate Data Stream - 1161 bytes -> D:\Documents and Settings\All Users\Application Data\Microsoft:AnvV9uviUE0g7itaGztcpQcuH @Alternate Data Stream - 1112 bytes -> C:\Program Files\Fichiers communs\Microsoft Shared:UDBJNFWUNqXzEjDxeG5vimiw < End of report >

Voilà, c'est fait. L'élément en question est supprimé. Après netsh int ip reset all j'ai eu le message suivant : AVERTISSEMENT : impossible d'obtenir des renseignements sur l'hôte à partir de l'ordinateur. Certaines commandes peuvent ne pas être disponibles. Le serveur RPC n'est pas disponible. Après netsh winsock reset catalog : AVERTISSEMENT : impossible d'obtenir des renseignements sur l'hôte à partir de l'ordinateur. Certaines commandes peuvent ne pas être disponibles. Le serveur RPC n'est pas disponible. Et enfin : Le catalogue winsock a été réinitialisé correctement. Après redémarrage, aucun changement. Déjà il n'y a pas de fichier système endommagés, c'est bon de la savoir

SFC /SCANNOW n'a rien révélé d'anormal, en fin de scan il a affiché le nom du volume scanner, rien de plus. Voici le rapport Roguekiller : RogueKiller V7.6.6 [10/08/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/59) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: davehid [Droits d'admin] Mode: Recherche -- Date: 23/08/2012 17:37:13 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7C50AAC) SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xF7C50A66) SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7C50AB6) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7C50A5C) SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xF7C50A6B) SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xF7C50A75) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7C50AA7) SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xF7C50A7A) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7C50A48) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7C50A4D) SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xF7C50ACF) SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xF7C50A84) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7C50AC0) SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xF7C50A7F) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7C50ABB) SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7C50AC5) SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xF7C50A70) SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xF7C50ACA) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xF7C50A57) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C50ADE) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C50AE3) ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 74c356491237e543bf20baca2e01e782 [bSP] f962f4e7c4331d1b724a5bfa86d5ac8f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30710 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 62910540 | Size: 207754 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: +++++ --- User --- [MBR] 48711733128dda5c4881278fa1e01988 [bSP] 67a2e6c4e15c6de0ea88abfc67faa36d : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt En fin de scan il m'affiche ceci : scan terminé, merci de regarder les onglets et de supprimer les éléments. 1 seul élément affiché, celui notifié dans ce rapport sous ¤¤¤ Entrées de registre: 1 ¤¤¤ Je ne supprime pas pour l'instant, je préfère attendre ton avis.

Bonsoir Bernard, Oui, j'ai deux antivirus, maintenant que celui de Microsoft est planté il y a des chances pour que ce soit lui qui disparaisse. Depuis le temps que je me dis qu'il faut en choisir un, c'est le moment ou jamais. Je me disais bien que j'avais oublié quelque chose, j'ai effectivement essayé une restauration système, mais tout comme pour informations système, çà ne répond pas. Pour en revenir au jeu, j'ai lu sur un forum qu'on reçoit un petit logiciel p2p lors du téléchargement du jeu. Soit disant pour que le téléchargement soit plus rapide pour les futurs inscrits. J'ai aussi reçu un programme jugé indésirable pas Microsoft Security Essentials : adware:win32/Adkubru (que antivir n'a pas vu passer) Je lui ai autorisé l'accés pensant qu'il servait aux mises à jour, puis supprimé dès l'apparition des problèmes. Alors. J'ai tout fait comme tu me l'as conseillé, et effectivement le démarrage est un peu plus rapide. Le scan du disque C n'a visiblement pas révélé d'anomalie. Le problème persiste cependant en tous points.

Bonjour, je rencontre depuis hier les problèmes suivant : Le fond d'écran s'affiche au démarrage et disparait juste avant l'apparition des e-cônes de bureau qui se fait sur un fond gris. La barre d'outils a disparue. Je l'ai récupérée avec je ne sais quel raccourci clavier mais n'est plus présentée comme avant. Les boutons de navigation ne s'affichant pas, inpossible à configurer autrement. Impossible également de déplacer les onglets dans firefox. Je n'ai plus acces à certains programmes comme "informations système", que j'ai voulu ouvrir pour détailler au mieux ma configuration système lors de mon inscription. Je clique dessus, il ne se passe simplement rien. Je n'ai plus de "son windows". Le panneau "Realtek" s'affiche alors qu'il ne le faisait pas avant, et il y a du son lors des test à partir du panneau. Skype s'ouvre au démarrage alors qu'il est configuré via CCleaner pour ne pas s'ouvrir.Idem pour bluesoleil. Le copier/coller ne fonctionne plus à la souris ni au raccourci clavier ctrl+c/ctrl+v Microsoft Security Essencials est désactivé et ne veux pas démarrer (code erreur 80077042c) Malwarebytes ne démarre pas (Run-time error '372': Failed to control 'vbalGrid' from vbalsgrid6.ocx. Your version of cbalsgrid.ocx may be outbated.....) Pour terminer, je viens de voir deux trucs étranges dans mon gestionnaire de tâches--> precessus : Nom de l'image : Processus inactif du système, Nom de l'utilisateur : SYSTEME, Processeur : 99, Util.mémoire: 28 Ko (je n'ai jamais vu çà auparavant)et firefox.exe qui utilise 244 000 Ko de mémoir pour deux onglets ouverts sur zebulon et un autre sur ma messagerie sfr. Cà fait beaucoup, non? Pour info, je ne sais pas çà peut servir mais tant que j'y suis... Nom de l'image : system, processeur : 00, Util.memoire : 248Ko et explorer.exe utilise quant à lui 40 948Ko J'ai fait un scan minutieux avec Avira (mis à jour tous les jours), qui n'a rien détecté. adwcleaner n'a rien fait de mieux, idem pour "start" (mergency kit de Emsisoft), et WiseRegCleaner n'apporté aucune améloiration. Tout cela est arrivé après installation du jeu "le seigneur des anneau online" téléchargé sur lotro.com Au début c'était des coupures avec un message concernant la mémoire. J'ai donc allégé la qualité graphique et tout est rentré dans l'ordre. Lorsque 2 heures plus tard, nouvelle coupure, avec les constatations évoquées si dessus. (le jeu ne démarre plus depuis) Si ces problèmes sont dues au jeu, je m'en séparerais, mais si je peux le garder çà serait bien aussi Merci de m'avoir lu, désolé d'avoir été si long, j'attends vos avis, conseils et/ou instructions. J'ai parcouru un peu le forum avant d'exposer mon problème et j'ai lu que vous préconisiez souvent de copier le log HijackThis, alors je précède votre demande : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:39:49, on 22/08/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: BHO_PROJECT - {82EA3E77-7BD2-4744-A8F2-670770767EC5} - C:\Program Files\OApps\bho_project.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-686094433-2123434016-130490313-1006\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe (User '?') O4 - HKUS\S-1-5-21-686094433-2123434016-130490313-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-686094433-2123434016-130490313-1006 Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (User '?') O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1334844597062 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- End of file - 9928 bytes