[Résolu]alertes infections

Falkra · le 23 juillet 2008

En effet, c'est en trop ça. Ca se produit sans que tu ailles sur un site web ?

Ouvre la console des services windows : menu démarrer, exécuter, services.msc

Au début de la liste, tu as une ligne "affichage des messages", double clique.

Vois le type de démarrage : il faut que ça dise "désactivé" et le service doit être arrêté (tu as un bouton pour le stopper aussi).

Blutoc · le 24 juillet 2008

L'affichage des messages est bien désactivé. Ce bidule est bien incrusté il se produit dès que j'allume l'ordi qui va automatiquement sur le site de ma page d'accueil

Falkra · le 24 juillet 2008

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.

NB : Tu dois être connecté avec des droits d'Administrateur.

ferme toutes les applications et fenêtres
double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
- tu devras cliquer 2 fois sur le OK des boîtes de dialogue
  Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
- quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
  main.txt <- ouvert en premier plan et en plein écran
  extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)

S'il s'agit d'une utilisation supplémentaire de DSS :

tu n'auras pas de boîte de dialogue (pas de OK)
quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran

[*] copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post

[*] Copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)

[*] Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner

[*] n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

crée un point de restauration dans Windows XP et Vista
nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

Blutoc · le 25 juillet 2008

En 1er copie main.txt:

Deckard's System Scanner v20071014.68

Run by gab on 2008-07-25 08:08:25

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

31: 2008-07-25 06:08:29 UTC - RP97 - Deckard's System Scanner Restore Point

30: 2008-07-24 13:10:11 UTC - RP96 - Software Distribution Service 3.0

29: 2008-07-23 06:16:04 UTC - RP95 - Point de vérification système

28: 2008-07-21 11:22:27 UTC - RP94 - Point de vérification système

27: 2008-07-17 12:50:57 UTC - RP93 - Installé Java 6 Update 7

-- First Restore Point --

1: 2008-04-19 14:42:29 UTC - RP67 - Point de vérification système

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).

-- HijackThis (run as gab.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:09:20, on 25/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\EZAUDIO.EXE

C:\WINDOWS\system32\WF2K.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\PROGRA~1\Bin\INSTAN~1.EXE

D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

D:\Program Files\CalCheck.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\gab.XPSP2-A17930818\Bureau\dss.exe

C:\DOCUME~1\GAB~1.XPS\Bureau\gab.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boursorama.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [EzAudioTray] C:\WINDOWS\EZAUDIO.EXE TRAYAPP

O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\system32\WF2K.EXE

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [PE2CKFNT SE] d:\program files\ChkFont.exe

O4 - HKLM\..\Run: [instantAccess] d:\PROGRA~1\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] d:\PROGRA~1\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\RunServices: [RegisterDropHandler] d:\PROGRA~1\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [incrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKCU\..\Run: [wsaak] c:\documents and settings\gab.xpsp2-a17930818\local settings\application data\wsaak.exe wsaak

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = D:\Program Files\CalCheck.exe

O8 - Extra context menu item: Chercher avec Copernic Agent - res://D:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Leadtek Driver Helper Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6548 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - D:\Program Files\Dreamweaver 4\Dreamweaver.exe,2

.js - JSFile - shell\open\command - "D:\Program Files\Dreamweaver 4\Dreamweaver.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>

R2 SFC4 - c:\windows\system32\drivers\sfc4.sys

R3 WFsys (WinFox Control I/O Driver) - c:\windows\system32\drivers\wfsys.sys <Not Verified; Leadtek Research Inc.; WinFox Control I/O Driver>

S3 catchme - c:\docume~1\gab~1.xps\locals~1\temp\catchme.sys (file missing)

S3 driverhardwarev2 - c:\program files\hardwaredetection\driverhardwarev2.sys <Not Verified; Ma-Config.com; ma-config.com>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 07:56:56 0 d-------- C:\WINDOWS\LastGood

2008-07-24 15:10:49 0 d-------- C:\Program Files\MSXML 4.0

2008-07-24 14:31:21 0 d--h----- C:\WINDOWS\$hf_mig$

2008-07-24 14:27:27 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2008-07-23 11:40:47 0 d-------- C:\WINDOWS\ERUNT

2008-07-23 07:44:35 2908 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-23 07:44:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-07-23 07:44:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-07-23 07:44:02 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>

2008-07-23 07:44:01 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-07-23 07:44:01 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-07-23 07:44:01 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-07-23 07:44:01 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>

2008-07-23 07:44:01 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-07-22 12:10:16 0 d-------- C:\Toolbar SD

2008-07-22 09:54:07 0 d-------- C:\Program Files\Navilog1

2008-07-18 10:29:03 0 d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Adobe

2008-07-16 12:35:57 142 --a------ C:\WINDOWS\system32\netwbix32.dll

2008-07-08 18:32:57 0 d-------- C:\Program Files\Java

2008-07-08 18:32:55 0 d-------- C:\Program Files\Fichiers communs\Java

-- Find3M Report ---------------------------------------------------------------

2008-06-21 20:47:26 0 d-------- C:\Documents and Settings\gab.XPSP2-A17930818\Application Data\Real

2008-06-06 10:54:52 0 d-------- C:\Documents and Settings\gab.XPSP2-A17930818\Application Data\Babylon

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="NvQTwk" []

"EzAudioTray"="C:\WINDOWS\EZAUDIO.exe" [16/10/1998 16:12]

"WinFast_2K"="C:\WINDOWS\system32\WF2K.EXE" [16/05/2002 16:53]

"WinFast2KLoadDefault"="wf2kcpl.dll" [16/05/2002 10:53 C:\WINDOWS\SYSTEM32\WF2KCPL.dll]

"PE2CKFNT SE"="d:\program files\ChkFont.exe" [03/07/1998 12:51]

"InstantAccess"="d:\PROGRA~1\Bin\INSTAN~1.exe" [14/12/1998 11:49]

"RegisterDropHandler"="d:\PROGRA~1\Bin\REGIST~1.EXE" [14/12/1998 10:42]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [18/07/2008 17:19]

"!AVG Anti-Spyware"="D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="D:\Program Files\IncrediMail\bin\IncMail.exe" [23/04/2008 17:45]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51]

"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" []

"wsaak"="c:\documents and settings\gab.xpsp2-a17930818\local settings\application data\wsaak.exe" [23/07/2008 13:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"RegisterDropHandler"=d:\PROGRA~1\Bin\REGIST~1.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"Config"=%systemroot%\system32\run.cmd

"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

Photo Express Calendar Checker SE.lnk - D:\Program Files\CalCheck.exe [14/02/2008 16:50:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLowDiskSpaceChecks"=1 (0x1)

"NoStartBanner"=01000000

"MemCheckBoxInRunDlg"=1 (0x1)

"NoSMBalloonTip"=1 (0x1)

"NoDesktopCleanupWizard"=1 (0x1)

"NoWelcomeScreen"=1 (0x1)

"NoTrayItemsDisplay"=0 (0x0)

"NoStrCmpLogical"=0 (0x0)

"NoInstrumentation"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoLowDiskSpaceChecks"=1 (0x1)

"NoStartBanner"=01000000

"MemCheckBoxInRunDlg"=1 (0x1)

"NoSMBalloonTip"=1 (0x1)

"NoDesktopCleanupWizard"=1 (0x1)

"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Photo Express Calendar Checker SE.lnk

backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

-- End of Deckard's System Scanner: finished at 2008-07-25 08:10:04 ------------

En 2ème extra.txt:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0

Architecture: X86; Language: French

CPU 0: AMD Duron processor

Percentage of Memory in Use: 65%

Physical Memory (total/avail): 383.48 MiB / 134.19 MiB

Pagefile Memory (total/avail): 666.67 MiB / 367.15 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1927.27 MiB

A: is Removable (No Media)

C: is Fixed (FAT32) - 44.71 GiB total, 34.48 GiB free.

D: is Fixed (FAT32) - 52.15 GiB total, 48.86 GiB free.

E: is Fixed (FAT32) - 52.15 GiB total, 48.76 GiB free.

F: is CDROM (No Media)

G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR STM3160212A - 149.05 GiB - 3 partitions

\PARTITION0 (bootable) - Unknown - 44.72 GiB - C:

\PARTITION1 - Étendu avec Inter. 13 étendue - 104.33 GiB - D: - E:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="D:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"

"D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"D:\\Program Files\\FTP Explorer\\ftpx.exe"="D:\\Program Files\\FTP Explorer\\ftpx.exe:*:Enabled:FTP Explorer Application"

"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\unzipped\\Memo.exe"="C:\\unzipped\\Memo.exe:*:Enabled:Desktop tool"

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"E:\\Téléchargements\\incredimail_install.exe"="E:\\Téléchargements\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Documents and Settings\\gab.XPSP2-A17930818\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\gab.XPSP2-A17930818\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS

APPDATA=C:\Documents and Settings\gab.XPSP2-A17930818\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Fichiers communs

COMPUTERNAME=XPSP2-A17930818

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\gab.XPSP2-A17930818

LOGONSERVER=\\XPSP2-A17930818

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS;C:\WINDOWS\COMMAND

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 1, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0701

ProgramFiles=C:\Program Files

PROMPT=$p$g

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\GAB~1.XPS\LOCALS~1\Temp

TMP=C:\DOCUME~1\GAB~1.XPS\LOCALS~1\Temp

TVDUMPFLAGS=10

USERDOMAIN=XPSP2-A17930818

USERNAME=gab

USERPROFILE=C:\Documents and Settings\gab.XPSP2-A17930818

winbootdir=C:\WINDOWS

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

gab.XPSP2-A17930818 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

--> D:\Program Files\ConverterUninstall.exe /CONVERTER

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}

Adobe SVG Viewer 3.0 --> C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe

Ask Toolbar --> rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O

AVG Anti-Spyware 7.5 --> D:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe

Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Canon i350 --> C:\WINDOWS\system32\CNMCP53.exe "-PRINTERNAMECanon i350" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmi040c.dll"

Copernic Agent Basic --> "C:\WINDOWS\CopernicAgentUninstall(1).exe" /ARGSFILE="D:\Program Files\Copernic Agent\unwise.dat"

DeepBurner v1.7.0.208 --> "D:\Program Files\Uninstall.exe" "D:\Program Files\install.log"

DivX --> D:\Program Files\DivXCodecUninstall.exe /CODEC

DivX Converter --> D:\Program Files\ConverterUninstall.exe /CONVERTER

DivX Player --> D:\Program Files\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> D:\Program Files\DivXWebPlayerUninstall.exe /PLUGIN

EasyCleaner --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly

eMule --> "D:\Program Files\eMule\Uninstall.exe"

EVEREST Home Edition v1.51 --> "D:\Program Files\EVEREST Home Edition\unins000.exe"

FFBBO --> C:\WINDOWS\iun506.exe D:\Program Files\FFBBO\irunin.ini

FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"

FreeRIP MP3 v1.xx --> "D:\Program Files\FreeRIP MP3\unins000.exe"

FTP Explorer --> D:\Program Files\FTP Explorer\ftpx.exe /uninstall

FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"

HardwareDetection --> "C:\Program Files\HardwareDetection\Uninstall.exe" "C:\Program Files\HardwareDetection\install.log" -u

HijackThis 2.0.2 --> "C:\Documents and Settings\gab.XPSP2-A17930818\Bureau\HijackThis.exe" /uninstall

ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"

IncrediMail Xe --> D:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log

Java 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Codec Pack 3.9.0 Full --> "d:\Program Files\K-Lite Codec Pack\unins000.exe"

Macromedia Dreamweaver 4 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall

Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall

Macromedia Fireworks 4 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8833100-1481-11D4-9731-00C04F8EEB39}\Setup.exe" UNINSTALL

MetaStock Professional 8.0 --> C:\WINDOWS\IsUninst.exe -f"d:\program files\Uninst.isu"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2000 Professional --> MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Mustek 1200 CP v4.7 --> C:\WINDOWS\TWAIN_32\CIS600X\UNINST.EXE

Navilog1 3.6.1 --> "C:\Program Files\Navilog1\unins000.exe"

Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}

Quick Zip 4.60.019 --> "D:\Program Files\QuickZip4\unins000.exe"

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

SLD Codec Pack --> C:\Program Files\SLD Codec Pack\uninstall.exe

TextBridge Pro 8.0 --> "d:\program files\bin\setup.exe" -funinst.ins

ToolBar S&D --> C:\Toolbar SD\Uninstal.exe

TV sur PC --> C:\Program Files\Neuf\TV_PC\uninstall.exe

Ulead Photo Express 2.0 SE --> C:\WINDOWS\IsUn040c.exe -f"d:\program files\Uninst.isu" -c"d:\program files\IS32Inst.dll"

Usb disk Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC1F9C12-AFC9-4D35-BEF1-0F8AD138D28F}\setup.exe"

USB MP3 Driver v1.17r014 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68CD2C2F-1271-11D7-9D8C-00E018AAC9EC}\Setup.exe" -l0x40c

WebMediaPlayer --> D:\Program Files\webmediaplayer\uninst.exe

Win Généalogic 2005 --> D:\PROGRA~1\WINGÉN~1\UNWISE.EXE D:\PROGRA~1\WINGÉN~1\INSTALL.LOG

Winamp --> "H:\Winamp\UninstWA.exe"

WinCave 2002 version 2.4 --> "D:\Program Files\WinCave24\unins000.exe"

Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

WinFast® Display Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE4E3960-DB28-4968-8B93-D26C79B50F10}\setup.exe"

WinFast® Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf

WinFox Setup --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Leadtek Research Inc.\WinFox Setup\Uninst.isu" -c"C:\WINDOWS\system32\WinFox\WinFoxUT.dll"

-- Application Event Log -------------------------------------------------------

Event Record #/Type1231 / Warning

Event Submitted/Written: 07/22/2008 09:38:08 AM