pb d'icones sur le bureau (et donc d'explorer.exe)

[mcyann]

Bonjour,

 

Alors, j'ai un soucis avec explorer.exe....

Je n'ai plus d'icones sur le bureau, et lorsque je lance explorer.exe a partir du gestionnaire des taches, il est aussitôt refermé.

J'ai fait une analyse avec hijack :

 

Scan saved at 13:10:09, on 06/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.fr/ws/eBayISAPI.dll?Sig...F%2Fwww.ebay.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sRFirstRun] rundll32 srclient.dll,CreateFirstRunRp

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

et j'ai passé le clean de Malekal qui m'a trouvé ceci :

 

06/10/2008 a 12:01:43,85

 

*** Recherche des fichiers dans C:

 

*** Recherche des fichiers dans C:\WINDOWS\

C:\WINDOWS\ALCXMNTR.EXE FOUND

 

*** Recherche des fichiers dans C:\WINDOWS\system32

 

*** Recherche des fichiers dans C:\Program Files

"C:\Program Files\Viewpoint\" FOUND

*** Fin du rapport !

 

Et j'ai aussi passé malwarebyte (ou qq chose comme ça...) qui m'a detecté des trucs.

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1134

Windows 5.1.2600 Service Pack 2

 

06/10/2008 11:56:53

mbam-log-2008-10-06 (11-56-53).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 149886

Temps écoulé: 43 minute(s), 25 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.

 

 

J'ai repassé un deuxieme coup avec ses deux logiciel, ils me disent que tout est clean (et je ne vois rien d'anormal dans le rapport Hijack).

 

J'ai même essayé de remplacer explorer.exe par une version prise sur un autre poste, mais cela n'a rien donné.

 

Voila, je vus ais tout dis, si vous pouviez m'aider ce serait vraiment cool, je bloque completement!

 

Merci d'avance!

[chrifleur]

bonjour et bienvenue

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

 

* Double-clique sur RSIT.exe afin de lancer RSIT

* Clique Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSITle téléchargera et tu devras accepter la licence.

* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)

ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

[mcyann]

re-bonjour et merci te t'intéresser a mon cas!

 

Alors voila le log :

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by HP_Propriétaire at 2008-10-06 16:36:03

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 78 GB (54%) free of 145 GB

Total RAM: 510 MB (56% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:36:08, on 06/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

J:\no bug\securité\rsit\RSIT.exe

J:\no bug\securité\hijackthis\HP_Propriétaire.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.fr/ws/eBayISAPI.dll?Sig...F%2Fwww.ebay.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sRFirstRun] rundll32 srclient.dll,CreateFirstRunRp

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O24 - Desktop Component 0: (no name) - http://auto.aol.fr/img/bones-eu/fondendo.gif

 

--

End of file - 9198 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-09 308856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-19 737776]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-17 343112]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2436160]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"WINREMOTE"=C:\Program Files\InterVideo\Common\Bin\WinRemote.exe [2005-07-18 262144]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-08-09 185896]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-01-01 98304]

"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]

"LWBMOUSE"=C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE [2001-11-09 356352]

"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-11 253952]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"KBD"=C:\HP\KBD\KBD.EXE [2005-02-03 61440]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-05-05 278528]

"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]

"Home Theater SchSvr"=C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe [2005-07-18 106496]

"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-04-15 579584]

"AOLDialer"=C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

"PS2"=C:\WINDOWS\system32\ps2.exe [2004-10-26 90112]

"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

"SRFirstRun"=rundll32 srclient.dll []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 -reboot 1 []

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-05 68856]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

"Pando"=C:\Program Files\Pando Networks\Pando\Pando.exe [2008-02-09 6051144]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []

"AdobeUpdater"=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

"a-squared"=C:\Program Files\a-squared\a2guard.exe []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Outil de mise à jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\AOL 9.0b\waol.exe"="C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL 9.0b"

"C:\Program Files\AOL 9.0c\waol.exe"="C:\Program Files\AOL 9.0c\waol.exe:*:Enabled:AOL 9.0c"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"

"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Program Files\AOL 9.0f\waol.exe"="C:\Program Files\AOL 9.0f\waol.exe:*:Enabled:AOL"

"C:\Documents and Settings\HP_Propriétaire\Mes documents\eMule\emule.exe"="C:\Documents and Settings\HP_Propriétaire\Mes documents\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\Fichiers communs\AOL\1170109035\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1170109035\ee\aolsoftware.exe:*:Enabled:AOL Services"

"C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\ST_NG_SetupWizard\stInstall.exe"="C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\ST_NG_SetupWizard\stInstall.exe:*:Enabled:SpeedTouch Setup Wizard"

"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"

"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"

"C:\Program Files\Maxis\SimCity 3000 World Edition\Apps\Updater\UPDATER.EXE"="C:\Program Files\Maxis\SimCity 3000 World Edition\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"

"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:pando"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

"C:\Program Files\AOL 9.0b\waol.exe"="C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL 9.0b"

"C:\Program Files\AOL 9.0c\waol.exe"="C:\Program Files\AOL 9.0c\waol.exe:*:Enabled:AOL 9.0c"

"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"

"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Program Files\AOL 9.0f\waol.exe"="C:\Program Files\AOL 9.0f\waol.exe:*:Enabled:AOL"

"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"

"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

 

======List of files/folders created in the last 1 months======

 

2008-10-06 16:36:03 ----D---- C:\rsit

2008-10-06 12:17:40 ----D---- C:\WINDOWS\temp

2008-10-06 12:05:57 ----A---- C:\rapport_cleanbis.txt

2008-10-06 12:04:45 ----A---- C:\resultat_clean.txt

2008-10-06 12:01:43 ----A---- C:\rapport_clean.txt

2008-10-06 10:43:12 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes

2008-10-06 10:43:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-06 10:43:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-06 10:20:40 ----D---- C:\VundoFix Backups

2008-10-06 10:20:40 ----A---- C:\VundoFix.txt

2008-10-06 09:49:50 ----A---- C:\fixnavi.txt

2008-10-06 09:49:32 ----D---- C:\Program Files\Navilog1

2008-10-06 09:47:51 ----D---- C:\Program Files\CCleaner

2008-10-06 08:49:12 ----A---- C:\WINDOWS\system32\wpa.bak

2008-10-05 15:55:39 ----D---- C:\WINDOWS\Prefetch

2008-10-05 15:45:54 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2008-10-05 11:56:05 ----A---- C:\WINDOWS\system32\irclass.dll

2008-10-05 11:56:04 ----A---- C:\WINDOWS\system32\spxcoins.dll

2008-10-05 11:55:43 ----RA---- C:\WINDOWS\SET12C.tmp

2008-10-05 11:55:40 ----RA---- C:\WINDOWS\SET120.tmp

2008-10-05 11:55:38 ----RA---- C:\WINDOWS\SET11D.tmp

2008-10-05 11:54:30 ----A---- C:\WINDOWS\setuplog.txt

2008-10-04 14:48:49 ----D---- C:\WINDOWS\system32\NtmsData

2008-10-03 09:17:42 ----D---- C:\WINDOWS\pss

2008-10-01 19:44:59 ----A---- C:\WINDOWS\ntbtlog.txt

2008-09-09 18:08:48 ----D---- C:\WINDOWS\system32\CatRoot_bak

 

======List of files/folders modified in the last 1 months======

 

2008-10-06 13:29:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-10-06 12:17:40 ----AD---- C:\WINDOWS

2008-10-06 12:17:32 ----RD---- C:\WINDOWS\Web

2008-10-06 12:17:32 ----RAD---- C:\Program Files

2008-10-06 12:17:29 ----SHD---- C:\WINDOWS\Installer

2008-10-06 11:56:52 ----D---- C:\WINDOWS\system32

2008-10-06 10:43:10 ----D---- C:\WINDOWS\system32\drivers

2008-10-06 09:55:34 ----AC---- C:\WINDOWS\OEWABLog.txt

2008-10-06 09:46:37 ----D---- C:\Documents and Settings

2008-10-06 09:36:49 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-10-06 09:14:11 ----D---- C:\WINDOWS\system32\CatRoot2

2008-10-05 16:03:49 ----D---- C:\WINDOWS\security

2008-10-05 15:59:46 ----D---- C:\WINDOWS\Registration

2008-10-05 15:59:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-05 15:59:12 ----HD---- C:\WINDOWS\inf

2008-10-05 15:56:22 ----SHD---- C:\System Volume Information

2008-10-05 15:56:22 ----D---- C:\WINDOWS\system32\Restore

2008-10-05 15:55:05 ----D---- C:\WINDOWS\system32\config

2008-10-05 15:55:05 ----D---- C:\WINDOWS\nview

2008-10-05 15:55:05 ----D---- C:\WINDOWS\Help

2008-10-05 15:48:04 ----D---- C:\Program Files\Windows Media Player

2008-10-05 15:47:16 ----AC---- C:\WINDOWS\ODBCINST.INI

2008-10-05 15:46:43 ----D---- C:\WINDOWS\system32\ias

2008-10-05 15:45:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2008-10-05 15:45:33 ----A---- C:\WINDOWS\win.ini

2008-10-05 15:45:28 ----D---- C:\WINDOWS\system32\oobe

2008-10-05 15:45:16 ----D---- C:\Program Files\Outlook Express

2008-10-05 15:45:16 ----D---- C:\Program Files\Fichiers communs\System

2008-10-05 15:45:10 ----D---- C:\Program Files\Internet Explorer

2008-10-05 15:44:48 ----D---- C:\WINDOWS\system32\Com

2008-10-05 15:42:29 ----SH---- C:\boot.ini

2008-10-05 13:51:57 ----D---- C:\WINDOWS\system

2008-10-05 13:51:56 ----D---- C:\WINDOWS\system32\Setup

2008-10-05 13:51:43 ----D---- C:\WINDOWS\system32\usmt

2008-10-05 13:51:29 ----D---- C:\WINDOWS\AppPatch

2008-10-05 13:51:27 ----D---- C:\WINDOWS\ime

2008-10-05 13:51:25 ----RSD---- C:\WINDOWS\Fonts

2008-10-05 13:51:24 ----D---- C:\WINDOWS\Media

2008-10-05 13:51:21 ----D---- C:\WINDOWS\system32\wbem

2008-10-05 13:51:09 ----D---- C:\WINDOWS\PeerNet

2008-10-05 13:50:51 ----D---- C:\WINDOWS\system32\npp

2008-10-05 13:50:41 ----D---- C:\WINDOWS\msagent

2008-10-05 13:47:03 ----D---- C:\WINDOWS\system32\1036

2008-10-05 13:46:32 ----D---- C:\WINDOWS\twain_32

2008-10-05 13:45:39 ----D---- C:\WINDOWS\system32\icsxml

2008-10-05 13:44:48 ----D---- C:\WINDOWS\system32\1033

2008-10-05 13:43:07 ----D---- C:\WINDOWS\WinSxS

2008-10-05 13:43:07 ----D---- C:\WINDOWS\Driver Cache

2008-10-05 11:57:10 ----D---- C:\WINDOWS\system32\CatRoot

2008-10-05 11:56:11 ----A---- C:\WINDOWS\system.ini

2008-10-05 11:55:52 ----ASHC---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2008-10-04 14:53:20 ----D---- C:\Program Files\Grisoft

2008-10-04 12:19:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2008-10-03 19:57:31 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\AVG7

2008-09-26 19:23:51 ----D---- C:\Program Files\eMule

2008-09-20 08:10:45 ----D---- C:\WINDOWS\system32\FxsTmp

2008-09-12 15:23:47 ----A---- C:\WINDOWS\imsins.BAK

2008-09-12 15:22:44 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-01-04 821856]

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-01-03 4224]

R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-01-03 27776]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]

R1 AvgClean;AVG Clean Driver; C:\WINDOWS\system32\drivers\avgclean.sys [2008-01-04 10760]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-04 278728]

R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-01-03 4960]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-04 25416]

R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-07-27 2786176]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3199328]

R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]

R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]

S3 ATWPKT2;ATWPKT2; \??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]

S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-05 15360]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-05 10880]

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []

S3 SaiH040B;SaiH040B; C:\WINDOWS\system32\DRIVERS\SaiH040B.sys [2005-07-07 173568]

S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2005-07-07 33792]

S3 SaiU040B;SaiU040B; C:\WINDOWS\system32\DRIVERS\SaiU040B.sys [2005-07-07 26496]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-05 11136]

S3 SQTECH905C;DaulCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2004-12-08 32123]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-05 15360]

S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20051208.051\symidsco.sys []

S3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 12672]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2008-01-04 418816]

R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2008-01-03 49664]

R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2008-01-04 406528]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-23 138680]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-05-05 327680]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\C:\WINDOWS\system32\HPZipm12.exe []

 

-----------------EOF-----------------

 

 

et voila info :

 

info.txt logfile of random's system information tool 1.04 2008-10-06 16:36:10

 

======Uninstall list======

 

-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

a-squared Personal 1.6.5-->"C:\Program Files\a-squared\unins000.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe

AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Ecran de veille AOL Photos-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Football Manager 2006-->MsiExec.exe /X{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}

FusionSoft DVD Player XP Version 4.5-->"C:\Program Files\FusionSoft DVD Player XP\unins000.exe"

Google Desktop Search-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

HijackThis 2.0.2-->"J:\no bug\securité\hijackthis\HijackThis.exe" /uninstall

HP Appareils photos Photosmart 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat

HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}

HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat

HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP LCD Monitor Driver Software 2.00-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A258F8EC-1BA2-48F1-9559-66B95C202A55}\Setup.exe" -l0x40c

HP Multimedia Keyboard Software-->C:\HP\KBD\KBD.EXE uninstalled

HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat

HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat

HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}

HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

InterVideo Home Theater-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL

InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50}

J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Light Alloy 2.5-->C:\WINDOWS\muninst.exe "Light Alloy 2.5"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}

Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x40c

MyDsc2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x40c

Navilog1 3.2.1-->"C:\Program Files\Navilog1\unins000.exe"

Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OmniMouse Driver 4.06-->C:\Program Files\NASDAK\OmniMouse Driver\4.06\unins000.EXE

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}

PS2-->C:\WINDOWS\system32\ps2.exe uninstall

Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"

Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RCT3 Soaked-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x40c

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x40c

SC Video Cut and Split 2.4.0.0-->"C:\Program Files\SoftwareClub.ws\SC Video Cut and Split\unins000.exe"

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

V4.0-->"C:\Program Files\RM-X Player V4\unins000.exe"

VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: AVG 7.5.524 (outdated)

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;c:\Python22

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2f02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

 

-----------------EOF-----------------

 

 

Merci d'avance,

[chrifleur]

tu as utilisé plusieurs outils de désinfection

VundoFix

Clean...etc

pourquoi? les as tu utilisés sous contrôle ou seul? si avec un helper peux tu me fournir le lien de la désinfection?

 

suis ce tutoriel et poste le rapport obtenu

http://forum.pcastuces.com/malwarebytes_an...oriel-f31s3.htm

[mcyann]

Bonjour,

 

C'est interdit d'utiliser plusieurs outils de désinfection?

Ceci dit, oui, j'en ais utilisé plusieurs. Et tout seul, en suivant les indications du forum (je préfère regarder les post qui correspondent a mon pb, essayer et poster moi même ensuite si je n'y arrive pas).

Je refait si tu veux un scan avec malwarebyte et je poste le rapport.

 

Merci

[chrifleur]

non ce n'est pas interdit mais ces outils peuvent être dangereux si mal utilisés ou utilisés à mauvais escient.

si tu as conservé les rapports, poste les moi, stp

[STBREIZH]

Et ben j'espère que tu as une machine puissante parce qu'apparemment avec tout ce qui ce lance au démarage, c'est pas étonnant que ton explorer plante

 

Un conseil passe en mode sans échec, tape msconfig dans la commande éxécuter et désactive les trois quart des trucs inutiles genre les services hp, google et autre je pense que tu devrais y voir plus clair

[mcyann]

Bonjour,

 

en fait ça ne change rien, j'ai même tout désactiver, même punition!

 

Le pb vient d'ailleurs (j'ai même fait une réparation de windows sans que ça change le pb).

 

Voila

[STBREIZH]

Humm, si un réparation ne change rien je pense que tu va être bon pour un formatage..

[STBREIZH]

Petite vérif quand même :

 

Tape Regedit dans la commande éxécuter

 

Avant toute modification de la clef, sauvegarde la clef avec le menu:

Registre Exporter le fichier du Registre.

 

Cette clef se trouve dans:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

ligne :

"Shell"="RUNSHELL.EXE"

faut la remplAcé par

"Shell"="Explorer.exe"

 

 

Il peut avoir aussi des programmes qui plantent l'os dans les clefs:

 

Pour tous les utilisateur du PC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

Pour un seul utilisateur du Pc

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]