saturation UC

houch · le 2 février 2009

Bonjour

Mon ordi fonctionne bien masi dés que j'ouvre un programme quel qu'il soit mon uc est à 100 % et emet un siflement trés aigu. Est un virus ou pas ?

pear · le 2 février 2009

Bonjour,

Suivez ces pistes:

Explorateur figé,Cpu à 100%

)Démarrer->Exécuter-> regedit

Modifier

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

Donner à DesktopProcess la valeur dword:00000001

ou la créer.

Copiez collez dans le bloc notes,sans ligne vierge au début,

Enregistrez sous cpu.reg,sur le bureau

Fusionnez (Clic droit sur le fichier .reg)

Regedit4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InProcServer32]

[-HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}]

:Le problème peut provenir des Updates Automatiques. .

Copiez collez ce qui suit dans le bloc notes.

Enregistrez sur le bureau sous SvcHost.bat.

Double cliquez sur le fichier.

regsvr32 comcat.dll /s

regsvr32 shdoc401.dll /s

regsvr32 shdoc401.dll /i /s

regsvr32 asctrls.ocx /s

regsvr32 oleaut32.dll /s

regsvr32 shdocvw.dll /I /s

regsvr32 shdocvw.dll /s

regsvr32 browseui.dll /s

regsvr32 browseui.dll /I /s

regsvr32 msrating.dll /s

regsvr32 mlang.dll /s

regsvr32 hlink.dll /s

regsvr32 mshtmled.dll /s

regsvr32 urlmon.dll /s

regsvr32 plugin.ocx /s

regsvr32 sendmail.dll /s

regsvr32 scrobj.dll /s

regsvr32 mmefxe.ocx /s

regsvr32 corpol.dll /s

regsvr32 jscript.dll /s

regsvr32 msxml.dll /s

regsvr32 imgutil.dll /s

regsvr32 thumbvw.dll /s

regsvr32 cryptext.dll /s

regsvr32 rsabase.dll /s

regsvr32 inseng.dll /s

regsvr32 iesetup.dll /i /s

regsvr32 cryptdlg.dll /s

regsvr32 actxprxy.dll /s

regsvr32 dispex.dll /s

regsvr32 occache.dll /s

regsvr32 occache.dll /i /s

regsvr32 iepeers.dll /s

regsvr32 urlmon.dll /i /s

regsvr32 cdfview.dll /s

regsvr32 webcheck.dll /s

regsvr32 mobsync.dll /s

regsvr32 pngfilt.dll /s

regsvr32 licmgr10.dll /s

regsvr32 icmfilter.dll /s

regsvr32 hhctrl.ocx /s

regsvr32 inetcfg.dll /s

regsvr32 tdc.ocx /s

regsvr32 MSR2C.DLL /s

regsvr32 msident.dll /s

regsvr32 msieftp.dll /s

regsvr32 xmsconf.ocx /s

regsvr32 ils.dll /s

regsvr32 msoeacct.dll /s

regsvr32 inetcomm.dll /s

regsvr32 msdxm.ocx /s

regsvr32 dxmasf.dll /s

regsvr32 l3codecx.ax /s

regsvr32 acelpdec.ax /s

regsvr32 mpg4ds32.ax /s

regsvr32 voxmsdec.ax /s

regsvr32 danim.dll /s

regsvr32 Daxctle.ocx /s

regsvr32 lmrt.dll /s

regsvr32 datime.dll /s

regsvr32 dxtrans.dll /s

regsvr32 dxtmsft.dll /s

regsvr32 WEBPOST.DLL /s

regsvr32 WPWIZDLL.DLL /s

regsvr32 POSTWPP.DLL /s

regsvr32 CRSWPP.DLL /s

regsvr32 FTPWPP.DLL /s

regsvr32 FPWPP.DLL /s

regsvr32 WUAPI.DLL /s

regsvr32 WUAUENG.DLL /s

regsvr32 ATL.DLL /s

regsvr32 WUCLTUI.DLL /s

regsvr32 WUPS.DLL /s

regsvr32 WUWEB.DLL /s

regsvr32 wshom.ocx /s

regsvr32 wshext.dll /s

regsvr32 vbscript.dll /s

regsvr32 scrrun.dll mstinit.exe /setup /s

regsvr32 msnsspc.dll /SspcCreateSspiReg /s

regsvr32 msapsspc.dll /SspcCreateSspiReg /s

regsvr32 /s urlmon.dll

regsvr32 /s mshtml.dll

regsvr32 /s shdocvw.dll

regsvr32 /s browseui.dll

regsvr32 /s jscript.dll

regsvr32 /s vbscript.dll

regsvr32 /s scrrun.dll

regsvr32 /s msxml.dll

regsvr32 /s actxprxy.dll

regsvr32 /s softpub.dll

regsvr32 /s wintrust.dll

regsvr32 /s dssenh.dll

regsvr32 /s rsaenh.dll

regsvr32 /s gpkcsp.dll

regsvr32 /s sccbase.dll

regsvr32 /s slbcsp.dll

regsvr32 /s cryptdlg.dll

regsvr32 /s schannel.dll

regsvr32 /s oleaut32.dll

regsvr32 /s ole32.dll

regsvr32 /s shell32.dll

regsvr32 /s initpki.dll

regsvr32 /s msscript.ocx

regsvr32 /s dispex.dll

regsvr32 jscript.dll /s

del %temp% /Q /F

net stop wuauserv

ren %windir%\system32\catroot2 catroot2.old

cd /d %windir%\SoftwareDistribution

rd /s DataStore /Q

regsvr32 wuapi.dll /s

regsvr32 wups.dll /s

regsvr32 wuaueng.dll /s

regsvr32 wucltui.dll /s

regsvr32 wuweb.dll /s

regsvr32 msxml.dll /s

regsvr32 msxml2.dll /s

regsvr32 msxml3.dll /s

regsvr32 urlmon.dll /s

net start wuauserv

exit

)Autre solution-> réparer le profil: .

http://erga.free.fr/index.php?doc=explorer

Bien qu'une infection soit peu probable, on va tout de même vérifier:

Téléchargezrandom's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

Modifié le 3 février 2009 par pear

houch · le 2 février 2009

log.txt

Logfile of random's system information tool 1.05 (written by random/random)

Run by Stéphane at 2009-02-02 10:50:59

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 9 GB (31%) free of 29 GB

Total RAM: 1535 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:51:11, on 02/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Portrait Displays\Pivot Software\floater.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

D:\EasyPHP 2.0b1\EasyPHP.exe

D:\EASYPH~1.0B1\Apache\bin\apache.exe

D:\EASYPH~1.0B1\MySql\bin\mysqld.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\REGEDIT.exe

C:\Documents and Settings\Stéphane\Local Settings\Temporary Internet Files\Content.IE5\CLBKTC1N\RSIT[1].exe

C:\Program Files\trend micro\Stéphane.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB5; Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.funlabo.com/moto/cascades-motos.htm"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-554085901-3065808025-3036636359-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Armelle')

O4 - HKUS\S-1-5-21-554085901-3065808025-3036636359-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Armelle')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/e/38.05/57g...0/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab

O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SNAWApache - Unknown owner - C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: sugarMysql - Unknown owner - C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe (file missing)

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/STPHAN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--

End of file - 10970 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-01 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-01 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-01 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LTSMMSG"=C:\WINDOWS\LTSMMSG.exe [2002-08-02 32768]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]

"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]

"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]

"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-02 68856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [2002-12-02 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE [2003-09-04 135214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-18 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-08-16 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]

C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-04-23 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VAIO Action Setup (Serveur).lnk]

C:\PROGRA~1\Sony\VAIOAC~1\VAServ.exe [2002-11-07 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Norton Ghost"=2

"wscsvc"=2

"Fax"=2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw"

"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Disabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\AVPersonal\AVWIN.EXE"="C:\Program Files\AVPersonal\AVWIN.EXE:*:Enabled:AntiVir"

"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player"

"C:\Program Files\KiSS Technology\KiSS PC-Link\KiSS PC-Link.exe"="C:\Program Files\KiSS Technology\KiSS PC-Link\KiSS PC-Link.exe:*:Enabled:Server Application For KiSS PC-LINK"

"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Documents and Settings\Armelle\Bureau\incredimail_install.exe"="C:\Documents and Settings\Armelle\Bureau\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"

"D:\Installation\free\EasySync.exe"="D:\Installation\free\EasySync.exe:*:Enabled:EasySync"

"D:\Videos\EasySync.exe"="D:\Videos\EasySync.exe:*:Enabled:EasySync"

"D:\Videos\Greys Anatomy Season 2\EasySync.exe"="D:\Videos\Greys Anatomy Season 2\EasySync.exe:*:Enabled:EasySync"

"D:\Videos\freebox\EasySync.exe"="D:\Videos\freebox\EasySync.exe:*:Enabled:EasySync"

"C:\Program Files\JAlbum 6.5\JAlbumWin.exe"="C:\Program Files\JAlbum 6.5\JAlbumWin.exe:*:Enabled:JAlbumWin"

"C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe"="C:\Program Files\Anti-Trojan-55\Anti-Trojan.exe:*:Enabled:Anti-Trojan 5.5 Professional"

"C:\Program Files\Xi\NetXfer\NetTransport.exe"="C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager"

"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"

"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"

"C:\Program Files\WDGold Lite\WDGold Lite.exe"="C:\Program Files\WDGold Lite\WDGold Lite.exe:*:Enabled:Gestion des contacts"

"C:\Documents and Settings\Stéphane\Local Settings\Temp\Rar$EX00.500\distrib_cligraphcrm_0.96\CLIGRAPHCRM\server\apache\bin\httpd.exe"="C:\Documents and Settings\Stéphane\Local Settings\Temp\Rar$EX00.500\distrib_cligraphcrm_0.96\CLIGRAPHCRM\server\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"

"C:\Program Files\sugarcrm-5.0.0g\mysql\bin\mysqld.exe"="C:\Program Files\sugarcrm-5.0.0g\mysql\bin\mysqld.exe:*:Enabled:mysqld"

"C:\Program Files\sugarcrm-5.0.0g\apache2\bin\Apache.exe"="C:\Program Files\sugarcrm-5.0.0g\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"D:\Installation\CRM\mysql\bin\mysqld.exe"="D:\Installation\CRM\mysql\bin\mysqld.exe:*:Enabled:mysqld"

"D:\Installation\CRM\apache2\bin\Apache.exe"="D:\Installation\CRM\apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"F:\setup\HPZNET01.EXE"="F:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"

"F:\setup\HPONICIFS01.EXE"="F:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"

"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:

shell\Open\command - resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2d697b-196d-11d9-b11a-806d6172696f}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:

shell\Open\command - resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d64a4c8e-9f51-11dd-a054-00e018fccfb9}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:

shell\Open\command - resycled\boot.com k:

======File associations======

.js - edit -

======List of files/folders created in the last 1 months======

2009-02-02 10:50:59 ----D---- C:\rsit

2009-01-23 20:56:51 ----D---- C:\Program Files\FRANCEPROSPECT

2009-01-15 10:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-01-14 19:38:30 ----D---- C:\WINDOWS\ie7updates

2009-01-14 19:37:27 ----D---- C:\WINDOWS\WBEM

2009-01-14 19:34:58 ----A---- C:\WINDOWS\imsins.BAK

2009-01-12 20:43:27 ----D---- C:\Program Files\AskBarDis

2009-01-12 20:43:17 ----D---- C:\Program Files\Foxit Software

2009-01-12 20:43:17 ----D---- C:\Documents and Settings\Stéphane\Application Data\Foxit

2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-12 20:40:10 ----A---- C:\WINDOWS\system32\java.exe

2009-01-12 18:06:20 ----D---- C:\Documents and Settings\Stéphane\Application Data\Malwarebytes

2009-01-12 18:06:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-12 18:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-12 16:54:48 ----D---- C:\Program Files\Trend Micro

2009-01-12 16:08:58 ----A---- C:\WINDOWS\system32\tmp.txt

2009-01-12 16:08:55 ----A---- C:\rapport.txt

2009-01-12 15:45:53 ----A---- C:\WINDOWS\ntbtlog.txt

2009-01-12 14:08:51 ----D---- C:\Program Files\Avira

2009-01-12 14:08:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-01-12 11:16:24 ----A---- C:\WINDOWS\ST5UNST.EXE

2009-01-12 07:50:58 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-11 20:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2009-01-11 20:36:58 ----D---- C:\WINDOWS\system32\Kaspersky Lab

2009-01-11 20:32:01 ----D---- C:\Program Files\AhnLab

2009-01-10 11:59:37 ----D---- C:\Program Files\CCleaner

2009-01-10 11:13:07 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

2009-01-10 11:13:06 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

2009-01-10 11:11:55 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

2009-01-10 11:11:55 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)

2009-01-09 19:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-09 19:42:56 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-01-08 12:59:14 ----D---- C:\Program Files\Oxemis

2009-01-05 19:05:08 ----D---- C:\Documents and Settings\Stéphane\Application Data\Oxemis

======List of files/folders modified in the last 1 months======

2009-02-02 10:51:05 ----D---- C:\WINDOWS\Prefetch

2009-02-02 09:21:48 ----D---- C:\WINDOWS\Temp

2009-02-01 17:11:25 ----A---- C:\WINDOWS\NeroDigital.ini

2009-02-01 17:11:15 ----D---- C:\Documents and Settings\Stéphane\Application Data\Azureus

2009-02-01 08:54:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2009-01-26 21:25:02 ----D---- C:\WINDOWS\system32

2009-01-25 11:41:46 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-23 20:58:55 ----SHD---- C:\WINDOWS\Installer

2009-01-23 20:58:55 ----D---- C:\Config.Msi

2009-01-23 20:56:51 ----RD---- C:\Program Files

2009-01-23 10:38:35 ----D---- C:\WINDOWS

2009-01-19 12:42:07 ----HD---- C:\WINDOWS\inf

2009-01-19 12:42:06 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-19 12:42:02 ----HD---- C:\WINDOWS\$hf_mig$

2009-01-15 10:32:36 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-15 10:32:24 ----D---- C:\WINDOWS\system32\drivers

2009-01-14 19:42:33 ----D---- C:\WINDOWS\Help

2009-01-14 19:42:33 ----D---- C:\Program Files\Internet Explorer

2009-01-14 19:38:40 ----D---- C:\WINDOWS\system32\fr-fr

2009-01-14 19:36:52 ----HDC---- C:\WINDOWS\ie7

2009-01-14 19:12:45 ----D---- C:\WINDOWS\Debug

2009-01-13 09:58:17 ----D---- C:\WINDOWS\WinSxS

2009-01-13 08:48:32 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-13 08:22:17 ----D---- C:\Program Files\MDIConvertor

2009-01-12 22:49:01 ----D---- C:\WINDOWS\system32\Macromed

2009-01-12 22:49:01 ----D---- C:\Program Files\Yahoo!

2009-01-12 20:49:04 ----D---- C:\Program Files\Java

2009-01-12 20:44:57 ----AC---- C:\WINDOWS\AcrobatSetupStatus.ini

2009-01-12 20:44:54 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-01-12 15:53:34 ----SHD---- C:\RECYCLER

2009-01-11 21:20:26 ----RASH---- C:\boot.ini

2009-01-11 21:20:26 ----A---- C:\WINDOWS\win.ini

2009-01-11 21:20:26 ----A---- C:\WINDOWS\system.ini

2009-01-10 12:03:45 ----D---- C:\WINDOWS\Minidump

2009-01-10 11:58:08 ----D---- C:\Program Files\Fichiers communs

2009-01-10 11:58:03 ----RSD---- C:\WINDOWS\Fonts

2009-01-10 11:57:58 ----A---- C:\WINDOWS\bizpub32.INI

2009-01-10 11:46:11 ----D---- C:\Program Files\Anti-Trojan-55

2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe

2009-01-06 09:12:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-06 09:12:50 ----D---- C:\WINDOWS\addins

2009-01-05 16:35:12 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]

R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465]

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]

R2 giveio;IC-Prog Driver; \??\D:\Installation\ICPROG\icprog.sys []

R2 litsgt;litsgt; C:\WINDOWS\system32\DRIVERS\litsgt.sys [2005-11-12 137344]

R2 tansgt;tansgt; C:\WINDOWS\system32\DRIVERS\tansgt.sys [2005-11-12 12032]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]

R3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-08-02 816043]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-07-22 13184]

R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-07-22 209280]

R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856]

R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568]

R3 SONYWBMS;Sony Memory Stick controller(WB); C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS [2002-11-19 36184]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\F:\INSTAL~E\Core\BVRPMPR5.SYS []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-12-09 223128]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2007-04-24 11776]

S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\System32\DRIVERS\LV532AV.SYS [2003-09-04 152576]

S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []

S3 Ser2pl;Sitecom Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-01-09 41088]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe [2007-04-25 73728]

R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S2 SNAWApache;SNAWApache; C:\Documents and Settings\Stéphane\Bureau\distrib_cligraphcrm_0.97\CLIGRAPHCRM\server\apache\bin\httpd.exe -k runservice []

S2 sugarMysql;sugarMysql; C:\PROGRA~1\SUGARC~1.0G\mysql\bin\mysqld.exe --defaults-file=C:\PROGRA~1\SUGARC~1.0G\mysql\my.ini sugarMysql []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]

S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.05 2009-02-02 10:51:14

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

AhnLab Smart Update i-->"C:\Program Files\AhnLab\ASP\Smart Update i\update\patch\03\SUpdateiSetup.exe" -Uninstall

AhnLab SpyZero-->"C:\Program Files\AhnLab\ASP\Smart Update i\update\patch\3b\spyzerosetup.exe" -Uninstall

Allok 3GP PSP MP4 iPod Video Converter 4.2.0709-->"C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"

Anti-Trojan 5.5-->"C:\Program Files\Anti-Trojan-55\unins001.exe"

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst

Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}

Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Azureus-->C:\Program Files\Azureus\Uninstall.exe

BitTorrent 3.2.1-->"C:\Program Files\BitTorrent\uninstall.exe"

BusinessCardsMX 3.93-->"C:\Program Files\MOJOSOFT\BusinessCardsMX3\unins000.exe"

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Click to DVD 1.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"

CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"

Coloriage-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\denouvel\Coloriage\UnInst01.log" "/APPNAME=Coloriage"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}

Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe"

CoreAAC Audio Decoder (remove only)-->"C:\WINDOWS\system32\CoreAAC-uninstall.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

EasyPHP 2.0b1-->"D:\EasyPHP 2.0b1\unins000.exe"

EBSoft - CONTACTA-->C:\WINDOWS\COSMODEV\WDDESI~1.EXE /uninst /EBSoft - CONTACTA /C:\Program Files\EBSoft\Contacta

Enregistrement en ligne VAIO (Français)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1036

ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"

FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

FRANCE PROSPECT Email 120-->MsiExec.exe /I{CBB4ED66-9C21-4DDF-A6D0-162081570A73}

Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe

Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe

Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall

Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat

HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP My Display-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x40c -removeonly

HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}

Labtec WebCam-->MsiExec.exe /I{0463B519-E4C8-4C16-84AA-4743D1ED91B5}

Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf

LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE

LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x040c -removeonly

Lucent Technologies Soft Modem AMR-->ltremove

Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}

Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}

Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}

Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}

MagicPDF 2.01-->"C:\Program Files\MagicPDF\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Manual CanoScan 3000,3000F-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\setup.exe" -l0x40c

MDI2PDF 2.4-->"C:\Program Files\MDIConvertor\unins000.exe"

Media Player Classic 6.4.8.4-->C:\Program Files\Media Player Classic\mpc_uninst.exe

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x40c

Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Network Smart Capture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\Setup.exe" -l0x40c

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe

OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}

OpenMG Limited Patch 3.1-02-10-22-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-01\HotFixSetup\setup.exe /u

OpenMG Limited Patch 3.1-02-10-23-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-23-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\setup.exe" -l0x40c UNINSTALL

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

OxiMailing-->MsiExec.exe /I{C37A19CE-1CEC-4460-8110-6D4F8BDB982E}

OxiSms-->MsiExec.exe /I{4315A3B7-9A2D-4228-9705-550C483A06A4}

PictureGear Studio 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62101}\Setup.exe"

Pivot Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x40c -removeonly

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}

SDK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sint Nicolaas 2.00 Uninstaller-->"C:\Program Files\Sinterklaas\uninst-SintNicolaas-200.exe"

SonicStage 1.5.05-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x40c UNINSTALL

Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TablEdit 2.65-->"C:\Program Files\TablEdit\unins000.exe"

TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui"

Tux Paint (remove only)-->"C:\Program Files\TuxPaint\uninstall.exe"

VAIO Action Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}\Setup.exe" -l0x40c

VAIO BrightColor Wallpaper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe"

VAIO Clock Screen Saver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\setup.exe"

VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\setup.exe"

VAIO System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2366D960-F00F-11D3-99D3-00C04FCCB775}\Setup.exe"

VAIO Web Phone-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{764FBCE2-1593-11D4-A51F-0800460222F0}\setup.exe" Add/Remove

VERITAS RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

VERITAS RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}

VideoLAN VLC media player 0.7.0-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"

VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VisualGPSce-->C:\Program Files\Microsoft ActiveSync\VisualGPSce\Uninstall.exe VisualGPSce

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}

Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

XviD 1.1 final uninstall-->"C:\Program Files\Xvid\unins001.exe"

======Hosts File======

127.0.0.1 localhost

192.168.0.12 HP001CC4B958FD

======Security center information======

AV: Avira AntiVir PersonalEdition Classic

System event log

Computer Name: NOM-XA4CSBG3HKY

Event Code: 7036

Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 84039

Source Name: Service Control Manager

Time Written: 20081209141726.000000+060

Event Type: Informations

User:

Computer Name: NOM-XA4CSBG3HKY

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 84038

Source Name: Service Control Manager

Time Written: 20081209141726.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: NOM-XA4CSBG3HKY

Event Code: 7036

Message: Le service HP Status Server est entré dans l'état : en cours d'exécution.

Record Number: 84037

Source Name: Service Control Manager

Time Written: 20081209141726.000000+060

Event Type: Informations

User:

Computer Name: NOM-XA4CSBG3HKY

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service HP Status Server.

Record Number: 84036

Source Name: Service Control Manager

Time Written: 20081209141726.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: NOM-XA4CSBG3HKY

Event Code: 7036

Message: Le service HP Port Resolver est entré dans l'état : en cours d'exécution.

Record Number: 84035

Source Name: Service Control Manager

Time Written: 20081209141726.000000+060

Event Type: Informations

User:

Application event log

Computer Name: NOM-XA4CSBG3HKY

Event Code: 701

Message: msnmsgr (3024) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'.

Record Number: 34690

Source Name: ESENT

Time Written: 20081201145935.000000+060

Event Type: Informations

User:

Computer Name: NOM-XA4CSBG3HKY

Event Code: 700

Message: msnmsgr (3024) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'.

Record Number: 34689

Source Name: ESENT

Time Written: 20081201145935.000000+060

Event Type: Informations

User:

Computer Name: NOM-XA4CSBG3HKY

Event Code: 701

Message: msnmsgr (3024) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'.

Record Number: 34688

Source Name: ESENT

Time Written: 20081201135935.000000+060

Event Type: Informations

User:

Computer Name: NOM-XA4CSBG3HKY

Event Code: 700

Message: msnmsgr (3024) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'.

Record Number: 34687

Source Name: ESENT

Time Written: 20081201135935.000000+060

Event Type: Informations

User:

Computer Name: NOM-XA4CSBG3HKY

Event Code: 701

Message: msnmsgr (3024) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Messenger\steph20092000@hotmail.com\SharingMetadata\Working\database_3AE8_2572_E825_2E17\dfsr.db'.

Record Number: 34686

Source Name: ESENT

Time Written: 20081201125935.000000+060

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

houch · le 2 février 2009

même pb sous tous les profils

pour la table de registre, j'ose pas...trouve pas la ligne DesktopProcess et je sais pas créer une valeur

pear · le 2 février 2009

pour la table de registre, j'ose pas...trouve pas la ligne DesktopProcess et je sais pas créer une valeur

Copier/coller ce qui suit dans le bloc notes,

sans ligne blanche au début.

Enregistrez sur le bureau sous regis.reg.

Cliquez droit sur le fichier ->fusionner

Acceptez la modification du Régistre:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]

"DesktopProcess"="dword:00000001"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InProcServer32]

[-HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}]

Téléchargez Toolbar-S&D sur le Bureau.

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Lancez l'installation du programme en exécutant le fichier téléchargé.

Redémarrez en mode sans échec

Double-cliquez sur le raccourci de Toolbar-S&D.

Sélectionnez la langue souhaitée en tapant la lettre de votre choix puis en validant avec la touche Entrée.

Choisisssez l'option 1 (Recherche).

Patientez jusqu'à la fin de la recherche.

Postez le rapport généré. (C:\TB.txt)

Relancez Toolbar-S&D en double-cliquant sur le raccourci. Tapez sur "2" et validez par"Entrée".

Ne fermez pas la fenêtre lors de la suppression !

Un rapport sera généré,

postez son contenu ici.

NOTE : Si le Bureau ne réapparait pas, appuyer simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Allez à l'onglet "Processus". Cliquez en haut à gauche sur Fichier ->"Exécuter..."

Tapez explorer et validez.

Ensuite postez unnouvel Hijackthis ,svp

houch · le 2 février 2009

rapport 1

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Athlon Processor )

BIOS : Award Medallion BIOS v6.0

USER : Stéphane ( Administrator )

BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:27 Go (Free:10 Go)

D:\ (Local Disk) - NTFS - Total:48 Go (Free:40 Go)

F:\ (CD or DVD)

G:\ (CD or DVD)

H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 02/02/2009|13:21 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis

C:\Program Files\AskBarDis\bar

C:\Program Files\AskBarDis\PopSwatter

C:\Program Files\AskBarDis\unins000.dat

C:\Program Files\AskBarDis\unins000.exe

C:\Program Files\AskBarDis\bar\bin

C:\Program Files\AskBarDis\bar\Cache

C:\Program Files\AskBarDis\bar\History

C:\Program Files\AskBarDis\bar\Settings

C:\Program Files\AskBarDis\bar\bin\askBar.dll

C:\Program Files\AskBarDis\bar\bin\askPopStp.dll

C:\Program Files\AskBarDis\bar\bin\psvince.dll

C:\Program Files\AskBarDis\bar\Cache\002CBDEB.bin

C:\Program Files\AskBarDis\bar\Cache\002CBF91.bin

C:\Program Files\AskBarDis\bar\Cache\002CC27F.bin

C:\Program Files\AskBarDis\bar\Cache\002CC3E6.bin

C:\Program Files\AskBarDis\bar\Cache\002CC56D.bin

C:\Program Files\AskBarDis\bar\Cache\002CC6C4.bin

C:\Program Files\AskBarDis\bar\Cache\002CC82C.bin

C:\Program Files\AskBarDis\bar\Cache\002CC9A3.bin

C:\Program Files\AskBarDis\bar\Cache\002CCB0A.bin

C:\Program Files\AskBarDis\bar\Cache\002CCC62.bin

C:\Program Files\AskBarDis\bar\Cache\002CEE61.bin

C:\Program Files\AskBarDis\bar\Cache\002D7053.bin

C:\Program Files\AskBarDis\bar\Cache\002FCEF3.bin

C:\Program Files\AskBarDis\bar\Cache\0032C6C7.bin

C:\Program Files\AskBarDis\bar\Cache\0999E6D6

C:\Program Files\AskBarDis\bar\Cache\10947414

C:\Program Files\AskBarDis\bar\Cache\files.ini

C:\Program Files\AskBarDis\bar\History\search

C:\Program Files\AskBarDis\bar\Settings\config.dat

C:\Program Files\AskBarDis\bar\Settings\config.dat.bak

C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm

C:\Program Files\AskBarDis\PopSwatter\History

C:\Program Files\AskBarDis\PopSwatter\History\allowed

C:\Program Files\AskBarDis\PopSwatter\History\notallow

C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\ICD1.tmp

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(St‚phane) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(St‚phane) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.fr/"'>http://www.google.fr/"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.google.com"'>http://www.google.com"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 02/02/2009|13:24 - Option : [1]

-----------\\ Fin du rapport a 13:24:19,62

rapport apres suppression

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Athlon Processor )

BIOS : Award Medallion BIOS v6.0

USER : Stéphane ( Administrator )

BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:27 Go (Free:10 Go)

D:\ (Local Disk) - NTFS - Total:48 Go (Free:40 Go)

F:\ (CD or DVD)

G:\ (CD or DVD)

H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 02/02/2009|13:28 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar

Supprime! - C:\Program Files\AskBarDis\PopSwatter

Supprime! - C:\Program Files\AskBarDis\unins000.dat

Supprime! - C:\Program Files\AskBarDis\unins000.exe

Supprime! - C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\ICD1.tmp

Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(St‚phane) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(St‚phane) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.fr/"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.google.com"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 02/02/2009|13:24 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 02/02/2009|13:29 - Option : [2]

-----------\\ Fin du rapport a 13:29:27,35

raport hijack

Logfile of random's system information tool 1.05 (written by random/random)

Run by Stéphane at 2009-02-02 13:44:11

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 9 GB (31%) free of 29 GB

Total RAM: 1535 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:44:18, on 02/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\LTSMMSG.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Portrait Displays\Pivot Software\floater.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Stéphane\Bureau\RSIT.exe

C:\Program Files\trend micro\Stéphane.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing