[Analyse HijackThis]

saqhah · le 30 novembre 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:20, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Tiflo\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 91.121.92.131 l2authd.lineage2.com

O1 - Hosts: 91.121.92.131 L2testauthd.lineage2.com

O1 - Hosts: 91.121.50.64 nProtect.lineage2.com

O1 - Hosts: 91.121.50.64 update.nProtect.com

O1 - Hosts: 91.121.50.64 update.nProtect.net

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB73C8-9E91-4EF0-9097-CA91BEF7C339}: NameServer = 212.27.40.240,212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\..\{DDBFAE03-B5A9-4A50-9DCD-4AFCF35FF9A7}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CCS\Services\Tcpip\..\{E522B35B-EE64-49C9-BA13-98CB8CB0725B}: NameServer = 212.27.40.240,212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE302BA-C538-4E66-BA64-B84F6DBA7C58}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS1\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS2\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS3\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 9653 bytes

Voici mon logfile, cela fait un moment que j'en ai pas fait ^^ De plus j'ai un problème pour allumer mon pc (Malware? Possible). Le problème est que lorsque j'allume mon c, j'ai une page noire avec un message qui circule(Mode non optimal, mode conseillé 1680*1050), 60hz) Bien evidemment je suis dans ce mode...

Enfin voilou merci

Saqh

no.ppp · le 30 novembre 2008

Bonjour saqhah,

Ton fichier Hosts a été modifié par tes soins ?

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer l'installation
Désactive toutes tes protections résidentes !
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Choisis F pour Français, et valide par Entrée
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré. (C:\TB.txt)
Réactive toutes tes protections résidentes !

saqhah · le 30 novembre 2008

Il me semble l'avoir modifié mais il y a longtemps pour jouer sur un serveur privé ^^

-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : Default System BIOS

USER : Tiflo ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:9 Go)

D:\ (USB)

E:\ (USB)

F:\ (USB)

G:\ (USB)

H:\ (Local Disk) - NTFS - Total:139 Go (Free:0 Go)

I:\ (CD or DVD)

J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )

Option : [1] ( 30/11/2008|13:37 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT

C:\Program Files\DAEMON Tools Toolbar\Resources

C:\Program Files\DAEMON Tools Toolbar\uninst.exe

C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt

C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.png

C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png

C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioError.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioError_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioSmallDisp.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioSmallDisp_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioWait.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioWait_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

-----------\\ Extensions

(Tiflo) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot

(Tiflo) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.daemon-search.com/startpage"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 30/11/2008|13:37 - Option : [1]

-----------\\ Fin du rapport a 13:37:55,12

Modifié le 30 novembre 2008 par saqhah

no.ppp · le 30 novembre 2008

Re,

OK, d'accord, si tu veux le remettre d'origine, dis-le moi.

Redémarre en mode sans échec (tapote F8 au démarrage)

Relance Toolbar-S&D
Choisis 2 puis valide en appuyant par Entrée
Ne ferme pas la fenêtre pendant le scan !
Un rapport sera généré, poste son contenu ici.

Télécharge random's system information tool (RSIT) (de random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

saqhah · le 30 novembre 2008

Je veux bien le remettre

Par contre j'ai un soucis, je n'arrive pas a demarrer en mode sans echec.

J'ai 2 os sur mon pc, linux sous ubunutu et win xp.

Je n'arrive pas à obtenir le choix de demarrage de windows....

ps: c'est bon j'ai réussi à lancer le mode sans echec

-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : Default System BIOS

USER : Tiflo ( Administrator )

BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:111 Go (Free:9 Go)

D:\ (USB)

E:\ (USB)

F:\ (USB)

G:\ (USB)

H:\ (Local Disk) - NTFS - Total:139 Go (Free:0 Go)

I:\ (CD or DVD)

J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )

Option : [2] ( 30/11/2008|15:54 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT

Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources

Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe

Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

[installShield Silent]
Version=v6.00.000

File=Log File

[ResponseResult]

ResultCode=0

Modifié le 30 novembre 2008 par saqhah

no.ppp · le 30 novembre 2008

Bonsoir,

Tu peux désinstaller Toolbar SD via "Ajout/Suppression de programmes"

Supprime C:\TB.txt et C:\Toolbar SD

Puis-je avoir le log RSIT stp ?

C'est assez "spécial" le démarrage en MSE en multi boot mais si tu as trouvé, c'est très bien

saqhah · le 30 novembre 2008

les infos:

info.txt logfile of random's system information tool 1.04 2008-11-30 15:55:38

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}

Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove

Aliens vs. Predator 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"

Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c63

ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

AVIVO-->MsiExec.exe /X{5399ACAF-7B15-43D5-9233-4E797B184FD2}

Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

C.I.L. version 2.1-->"C:\Program Files\AlexSoft\CIL\unins000.exe"

Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Chessmaster Grandmaster Edition-->C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x040c

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly

Gears of War-->C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\Setup.exe -runfromtemp -l0x040c

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Tiflo\Bureau\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}

Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}

Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}

Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

OLITEC - Moniteur réseau 802.11g-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D526683-0E00-4EF9-9179-54B18C41C2AE}\setup.exe" -l0x40c -removeonly

OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}

Opera 9.51-->MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}

Parallel Port Joystick-->C:\WINDOWS\unvise32.exe C:\Program Files\Parallel Port Joystick\uninstal.log

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

Wow Cartographe 1.08b-->C:\Program Files\WowCartographe\uninst.exe

Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

91.121.92.131 l2authd.lineage2.com

91.121.92.131 L2testauthd.lineage2.com

91.121.50.64 nProtect.lineage2.com

91.121.50.64 update.nProtect.com

91.121.50.64 update.nProtect.net

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Adobe\AGL

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=4

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

et le log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tiflo at 2008-11-30 20:41:23

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 9 GB (8%) free of 114 GB

Total RAM: 2047 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:41:29, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Tiflo\Bureau\RSIT.exe

C:\Documents and Settings\Tiflo\Bureau\Tiflo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 91.121.92.131 l2authd.lineage2.com

O1 - Hosts: 91.121.92.131 L2testauthd.lineage2.com

O1 - Hosts: 91.121.50.64 nProtect.lineage2.com

O1 - Hosts: 91.121.50.64 update.nProtect.com

O1 - Hosts: 91.121.50.64 update.nProtect.net

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CB73C8-9E91-4EF0-9097-CA91BEF7C339}: NameServer = 212.27.40.240,212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\..\{DDBFAE03-B5A9-4A50-9DCD-4AFCF35FF9A7}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CCS\Services\Tcpip\..\{E522B35B-EE64-49C9-BA13-98CB8CB0725B}: NameServer = 212.27.40.240,212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\..\{EDE302BA-C538-4E66-BA64-B84F6DBA7C58}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS1\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS2\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS3\Services\Tcpip\..\{09A6FB3C-D586-4767-8A34-4D5BA708B998}: NameServer = 212.27.53.252,212.27.54.252

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 7729 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-20 2582136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll [2008-08-20 651760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-04-13 1822720]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2007-10-04 307200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-21 1410296]

"LightScribe Control Panel"=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancer l'utilitaire Olitec.lnk]

C:\PROGRA~1\OLITEC~1.11G\WlanUtil.exe [2004-10-19 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

C:\PROGRA~1\WinZip\WZQKPICK.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tiflo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tiflo^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]

C:\PROGRA~1\Xfire\xfire.exe [2008-11-20 2986320]

C:\Documents and Settings\Tiflo\Menu Démarrer\Programmes\Démarrage

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Internet Download Manager\IDMan.exe"="C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Documents and Settings\Tiflo\Bureau\WifiController\WiFiController\PC\WiFiServer.exe"="C:\Documents and Settings\Tiflo\Bureau\WifiController\WiFiController\PC\WiFiServer.exe:*:Enabled:WiFiServer"

"C:\Documents and Settings\Tiflo\Bureau\PES2008.exe"="C:\Documents and Settings\Tiflo\Bureau\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"

"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"

"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"

"C:\Program Files\SopCast\sopvod.exe"="C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod"

"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"

"C:\Documents and Settings\Tiflo\Bureau\TryWoW.exe"="C:\Documents and Settings\Tiflo\Bureau\TryWoW.exe:*:Enabled:Blizzard Downloader"

"L:\Unreal Tournament 3\Unreal Tournament III\Binaries\UT3.exe"="L:\Unreal Tournament 3\Unreal Tournament III\Binaries\UT3.exe:*:Enabled:UT3"

"C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Documents and Settings\Tiflo\Bureau\pes2009.exe"="C:\Documents and Settings\Tiflo\Bureau\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

"C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe"="C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War"

"H:\Jeux\pure\Pure.Multi-3.Full-Rip.Skullptura.lahrech\Pure\Pure.exe"="H:\Jeux\pure\Pure.Multi-3.Full-Rip.Skullptura.lahrech\Pure\Pure.exe:*:Enabled:Pure"

"L:\pes 2009\Crack\pes2009.exe"="L:\pes 2009\Crack\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-30 15:55:30 ----D---- C:\rsit

2008-11-30 15:50:27 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-30 13:37:33 ----A---- C:\TB.txt

2008-11-30 13:37:13 ----D---- C:\ToolBar SD

2008-11-27 22:57:11 ----SHD---- C:\WINDOWS\ftpcache

2008-11-20 21:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll

2008-11-20 12:36:11 ----D---- C:\Program Files\WowCartographe

2008-11-12 20:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 20:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 20:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-09 21:22:32 ----D---- C:\Program Files\Direct X

2008-11-08 12:43:32 ----A---- C:\WINDOWS\disney.ini

2008-11-07 23:20:02 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe

2008-11-07 19:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy

2008-11-07 19:59:04 ----D---- C:\Program Files\WorldOfGoo

2008-11-06 20:31:45 ----D---- C:\Documents and Settings\Tiflo\Application Data\Microsoft Games

2008-11-06 20:24:51 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-06 20:24:41 ----D---- C:\Documents and Settings\Tiflo\Application Data\Nero

2008-11-05 21:52:23 ----A---- C:\WINDOWS\Irremote.ini

2008-11-05 21:50:00 ----D---- C:\Program Files\Windows Sidebar

2008-11-05 21:39:06 ----D---- C:\Program Files\Nero

2008-11-05 21:38:40 ----D---- C:\Documents and Settings\All Users\Application Data\Nero

2008-11-05 21:38:39 ----D---- C:\Program Files\Fichiers communs\Nero

2008-11-05 21:38:15 ----D---- C:\Program Files\Fichiers communs\LightScribe

2008-11-05 20:16:14 ----D---- C:\Documents and Settings\Tiflo\Application Data\Disney Interactive Studios

2008-11-03 23:27:26 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2008-11-03 23:27:26 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2008-11-03 23:27:25 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2008-11-03 23:27:25 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2008-11-03 23:27:25 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2008-11-03 23:27:24 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2008-11-03 20:49:11 ----D---- C:\Program Files\World of Warcraft

2008-11-03 17:38:50 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2008-11-03 17:38:50 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2008-11-03 17:38:50 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2008-11-03 17:38:50 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2008-11-03 17:38:49 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2008-11-03 17:38:49 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2008-11-03 17:38:49 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2008-11-03 17:37:55 ----D---- C:\WINDOWS\Logs

======List of files/folders modified in the last 1 months======

2008-11-30 16:01:16 ----D---- C:\Program Files\Mozilla Firefox

2008-11-30 15:57:36 ----D---- C:\WINDOWS\Temp

2008-11-30 15:54:56 ----RD---- C:\Program Files

2008-11-30 15:50:47 ----D---- C:\Documents and Settings

2008-11-30 15:50:27 ----D---- C:\WINDOWS

2008-11-30 14:01:07 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-30 13:59:59 ----D---- C:\Documents and Settings\Tiflo\Application Data\OpenOffice.org2

2008-11-30 13:37:44 ----D---- C:\WINDOWS\Prefetch

2008-11-30 13:18:58 ----D---- C:\Program Files\eMule

2008-11-30 12:59:09 ----D---- C:\WINDOWS\system32

2008-11-30 12:59:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-30 12:55:35 ----D---- C:\Program Files\Steam

2008-11-30 12:55:06 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-27 19:51:41 ----SHD---- C:\WINDOWS\Installer

2008-11-27 19:51:41 ----SHD---- C:\Config.Msi

2008-11-27 19:16:00 ----D---- C:\Program Files\Xfire

2008-11-27 18:44:59 ----D---- C:\Documents and Settings\Tiflo\Application Data\Xfire

2008-11-27 10:28:48 ----D---- C:\Program Files\Electronic Arts

2008-11-26 15:28:39 ----D---- C:\WINDOWS\system

2008-11-26 14:45:14 ----D---- C:\WINDOWS\system32\DirectX

2008-11-26 14:45:07 ----RSD---- C:\WINDOWS\assembly

2008-11-26 14:44:12 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-26 14:44:04 ----D---- C:\Program Files\Microsoft Games

2008-11-22 18:01:59 ----D---- C:\Documents and Settings\Tiflo\Application Data\codeblocks

2008-11-22 17:38:41 ----D---- C:\WINDOWS\system32\drivers

2008-11-22 17:13:21 ----HD---- C:\WINDOWS\inf

2008-11-21 07:43:32 ----D---- C:\WINDOWS\Debug

2008-11-20 15:32:17 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-18 12:44:16 ----D---- C:\WINDOWS\Help

2008-11-17 21:04:24 ----D---- C:\Program Files\KONAMI

2008-11-13 20:00:20 ----D---- C:\WINDOWS\WinSxS

2008-11-12 20:03:01 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-09 20:53:31 ----D---- C:\Program Files\DAEMON Tools Lite

2008-11-08 16:46:44 ----D---- C:\Program Files\ATI

2008-11-07 22:52:40 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment

2008-11-07 21:13:23 ----RSD---- C:\WINDOWS\Fonts

2008-11-07 21:11:47 ----D---- C:\Program Files\Ubisoft

2008-11-06 20:31:45 ----SD---- C:\Documents and Settings\Tiflo\Application Data\Microsoft

2008-11-05 21:38:39 ----D---- C:\Program Files\Fichiers communs

2008-11-05 21:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip

2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-03 17:39:40 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2008-11-03 17:37:54 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2008-11-03 17:37:07 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2008-11-03 17:36:45 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2008-11-03 17:36:45 ----A---- C:\WINDOWS\system32\pbsvc.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]

R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 247296]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]

S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

S3 a7xwzl7j;a7xwzl7j; C:\WINDOWS\system32\drivers\a7xwzl7j.sys []

S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]

S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]

S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V); C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]

S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]

S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-19 479200]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]

S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]

S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]

S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2008-06-09 73728]

S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]

S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-03 66872]

S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-03 107832]

S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-11 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-20 137200]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Modifié le 30 novembre 2008 par saqhah

no.ppp · le 30 novembre 2008

Re,

Une partie de la procédure se faisant en Mode Sans Échec, je t'invite vivement à sauvegarder la page dans un fichier car tu n'auras pas accès à Internet. Tu peux également l'enregistrer dans un fichier .txt ou l'imprimer. L'enregistrement de la page Web reste la meilleure solution car tu garderas la mise en forme du texte.

Ouvre ton navigateur.
Clique sur Fichier > Enregistrer sous
Dans Type, choisis : Archive web, fichier seul (*.mht) ou Page Web, complète selon que tu utilises Internet Explorer ou FireFox
Clique sur Enregistrer

Télécharge R-Hosts.exe (de S!Ri)

Double-clique sur "R-Hosts.exe"
Clique sur "Restaurer"
Accepte par "OK"

Télécharge et installe MalwareByte's (de RubbeR DuckY)

Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour" : si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Ne jamais redémarrer en mode sans échec via MSConfig
Redémarre en Mode Sans Échec (tapote F8 au démarrage)
Lance une analyse complète.
A la fin du scan, clique sur "Afficher les résultats" > "Supprimer la sélection" ou "Remove Selected"
Copie/colle le rapport final.

Modifié le 30 novembre 2008 par no.ppp

saqhah · le 30 novembre 2008

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1439

Windows 5.1.2600 Service Pack 3

30/11/2008 22:20:30

mbam-log-2008-11-30 (22-20-30).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Eléments examinés: 151453

Temps écoulé: 20 minute(s), 8 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

no.ppp · le 30 novembre 2008

Re,

Très bien. Comment va ta machine ?

Télécharge ATF-Cleaner

Double clique sur le programme

Coche "Select All" et clique sur le bouton "Empty Selected"

Si tu utilises le navigateur Firefox :

Clique "Firefox" en haut et coche : "Select All"
Clique sur "Empty Selected"

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique "Opera" en haut et coche : "Select All"
Clique sur "Empty Selected"

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique sur "Exit" du menu prinicipal pour fermer le programme.

Kaspersky

Fais un scan en ligne Kaspersky avec Internet Explorer
Clique sur Démarrer Online Scanner
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée",

Vas dans Ajout/Suppression de programmes, puis désinstalle "On-Line Scanner".

Ensuite, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

Connexion

Pas encore inscrit ?

[Analyse HijackThis]

Messages recommandés

saqhah

no.ppp

saqhah

no.ppp

saqhah

no.ppp

saqhah

no.ppp

saqhah

no.ppp

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer