Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Rapport hijackthis : probleme d'infection? résolu !

joel25

Par joel25
dans Analyses et éradication malwares

 Partager

Messages recommandés

joel25 Member

joel25

Posté(e)
Posté(e) (modifié)

bonjour!

 

tout d'abord je vous souhaite tous mes voeux pour 2010 !

voila je pense avoir un bestiole sur mon ordi qui m'enpeche de m'en servir correctement .

je poste le rapport:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:55:27, on 05/01/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

C:\Documents and Settings\1\Mes documents\HiJackThis.exe

C:\Program Files\Internet Explorer\Iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206025881933

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

 

--

End of file - 9870 bytes

 

merci d'avance de votre aide !

 

joel

Modifié par joel25

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Poste moi le rapport suivant stp >>

 

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

  • Sections
  • IAT/EAT
  • **Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

joel25 Member

joel25

Posté(e)
  • Auteur
Posté(e)

voila!

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-05 13:21:09

Windows 5.1.2600 Service Pack 2

Running: s4zlyt9y.exe; Driver: C:\DOCUME~1\1\LOCALS~1\Temp\fwxyapod.sys

 

 

---- System - GMER 1.0.15 ----

 

Code 85DAB1B8 ZwEnumerateKey

Code 85DAB350 ZwFlushInstructionCache

Code 85DA99AE IofCallDriver

Code 85DA8A3E IofCompleteRequest

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 861D01E8

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

 

Device \Driver\NetBT \Device\NetBT_Tcpip_{88729C73-DB8D-4880-B78F-C0A2F3A48A4D} 85DC7688

 

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\usbuhci \Device\USBPDO-0 85F311E8

Device \Driver\usbuhci \Device\USBPDO-1 85F311E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 861D21E8

Device \Driver\dmio \Device\DmControl\DmConfig 861D21E8

Device \Driver\dmio \Device\DmControl\DmPnP 861D21E8

Device \Driver\dmio \Device\DmControl\DmInfo 861D21E8

Device \Driver\usbuhci \Device\USBPDO-2 85F311E8

Device \Driver\usbuhci \Device\USBPDO-3 85F311E8

Device \Driver\usbehci \Device\USBPDO-4 85F021E8

 

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device ACPI.sys (Pilote ACPI pour NT/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 861681E8

Device \Driver\atapi \Device\Ide\IdePort0 861671E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 861671E8

Device \Driver\atapi \Device\Ide\IdePort1 861671E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 861671E8

Device \Driver\NetBT \Device\NetBt_Wins_Export 85DC7688

Device \Driver\PCI_NTPNP8090 \Device\0000004a sptd.sys

Device \Driver\PCI_NTPNP8090 \Device\0000004a sptd.sys

Device \Driver\NetBT \Device\NetbiosSmb 85DC7688

 

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\usbuhci \Device\USBFDO-0 85F311E8

Device \Driver\usbuhci \Device\USBFDO-1 85F311E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85A671E8

Device \Driver\usbuhci \Device\USBFDO-2 85F311E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 85A671E8

Device \Driver\usbuhci \Device\USBFDO-3 85F311E8

Device \Driver\usbehci \Device\USBFDO-4 85F021E8

Device \Driver\Ftdisk \Device\FtControl 861681E8

Device \Driver\a7w6gk3y \Device\Scsi\a7w6gk3y1 85EF31E8

Device \Driver\viamraid \Device\Scsi\viamraid1 861D11E8

Device \Driver\a7w6gk3y \Device\Scsi\a7w6gk3y1Port3Path0Target0Lun0 85EF31E8

Device \FileSystem\Cdfs \Cdfs 85D9A1E8

 

---- Modules - GMER 1.0.15 ----

 

Module \systemroot\system32\drivers\H8SRTwqgodovyqm.sys (*** hidden *** ) F4740000-F475D000 (118784 bytes)

---- Processes - GMER 1.0.15 ----

 

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [564] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTkktemoqxyu.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [564] 0x00BF0000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [796] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [948] 0x00C30000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1172] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1224] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1272] 0x10000000

Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1588] 0x10000000

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\system32\drivers\H8SRTwqgodovyqm.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTwqgodovyqm.sys

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTwqgodovyqm.sys

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTqsiorbvxub.dll

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrqtepxmkha.dat

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTkktemoqxyu.dll

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 52\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7C 0xBD 0x79 0x17 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x4D 0x79 0x01 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x98 0xFE 0x88 0x1B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTwqgodovyqm.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTwqgodovyqm.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTqsiorbvxub.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrqtepxmkha.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTkktemoqxyu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 52\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7C 0xBD 0x79 0x17 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x4D 0x79 0x01 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x98 0xFE 0x88 0x1B ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5DE6991-0B8F-375A-3805-903DD45C1DB3}

 

---- Files - GMER 1.0.15 ----

 

File C:\Documents and Settings\1\Local Settings\Temp\H8SRT74de.tmp 471664 bytes executable

File C:\Documents and Settings\1\Local Settings\Temp\H8SRTd6cf.tmp 343040 bytes executable

File C:\Documents and Settings\1\Local Settings\Temp\h8srtmainqt.dll 16474 bytes

 

---- EOF - GMER 1.0.15 ----

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Ok ton pc est infecté par le rootkit TDSS.

Tu vas procéder ainsi (dans l'ordre) >>

1°) Ton pc n'étant plus protégé, je te conseille vivement de ne pas le connecter jusqu'à ce qu'il soit nettoyé.

 

  • Fais un clic sur le bouton droit de ta souris ICI
  • Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  • Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> joel25.exe
  • Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  • Assure toi que tous les programmes soient fermés avant de lancer le fix!
  • Fait un double clique sur joel25.exe.
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  • Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

 

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

RcAuto1.gif

 

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:

whatnext.png

  • Tape sur la touche Y (Yes) pour poursuivre avec la recherche de nuisibles.
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  • Si le rapport est trop long, poste le en deux fois.
  • Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt

2°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
    20091211135631.png
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Poste les deux rapports stp :P

joel25 Member

joel25

Posté(e)
  • Auteur
Posté(e)

voila le rapport de MBAM:

Malwarebytes' Anti-Malware 1.43

Version de la base de données: 3495

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

05/01/2010 15:16:37

mbam-log-2010-01-05 (15-16-37).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 216231

Temps écoulé: 49 minute(s), 53 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\1\Mes documents\telechargements\registrydoktor-v05fr.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTwqgodovyqm.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

je met celui de combofix dans le message suivant !

 

joel

 

ComboFix 10-01-04.01 - 1 05/01/2010 14:08:00.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.593 [GMT 1:00]

Lancé depuis: c:\documents and settings\1\Bureau\joel25.exe

.

ADS - svchost.exe: deleted 228 bytes in 1 streams.

ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams.

ADS - explorer.exe: deleted 228 bytes in 1 streams.

ADS - win32k.sys: deleted 228 bytes in 1 streams.

ADS - netcfgx.dll: deleted 228 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\H8SRTwqgodovyqm.sys

c:\windows\system32\H8SRTbiqxolcvjn.dll

c:\windows\system32\H8SRTkktemoqxyu.dll

c:\windows\system32\H8SRTqsiorbvxub.dll

c:\windows\system32\H8SRTrqtepxmkha.dat

c:\windows\system32\srcr.dat

c:\windows\unins000.dat

c:\windows\unins000.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-04 16:30 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-01-04 16:30 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-01-04 16:30 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-01-04 16:30 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-01-04 16:30 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-01-04 16:30 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-01-04 16:30 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-01-04 16:30 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2010-01-04 16:30 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2010-01-03 09:35 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\vsapi32.dll

2010-01-03 09:35 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\BPMNT.dll

2010-01-03 09:35 . 2007-12-24 16:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-01-03 09:35 . 2007-12-24 16:37 138384 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\tmcomm.sys

2010-01-03 09:35 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\ssapi32.dll

2010-01-03 09:35 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\tsc.exe

2010-01-03 09:35 . 2010-01-03 09:35 116048 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\TmEngDrv.dll

2010-01-02 22:08 . 2010-01-05 09:01 880 ----a-w- c:\windows\system32\krl32mainweq.dll

2009-12-26 08:53 . 2009-08-25 17:01 28672 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

2009-12-17 17:57 . 2009-12-17 17:57 -------- d-----w- c:\program files\ScreenMates

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 10:48 . 2010-01-03 09:34 -------- d-----w- c:\documents and settings\1\Application Data\HouseCall 6.6

2010-01-02 21:02 . 2009-11-03 09:39 -------- d-----w- c:\documents and settings\1\Application Data\vlc

2010-01-01 12:22 . 2006-01-07 09:40 -------- d-----w- c:\program files\eMule

2009-12-17 15:41 . 2006-10-23 15:27 -------- d-----w- c:\documents and settings\1\Application Data\dvdcss

2009-11-27 07:42 . 2009-03-22 21:03 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-26 16:49 . 2007-06-14 20:29 -------- d-----w- c:\program files\Windows Live

2009-11-26 16:47 . 2009-03-22 20:54 -------- d-----w- c:\program files\Microsoft

2009-11-24 06:53 . 2006-04-14 16:51 -------- d-----w- c:\program files\Java

2009-11-24 06:53 . 2009-11-24 06:53 152576 ----a-w- c:\documents and settings\1\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-24 06:53 . 2009-11-24 06:53 79488 ----a-w- c:\documents and settings\1\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-12 10:30 . 2009-11-10 14:50 -------- d-----w- c:\program files\IDA

2009-11-11 07:38 . 2009-11-10 14:51 -------- d-----w- c:\documents and settings\1\Application Data\Internet Download Accelerator

2009-10-25 07:20 . 2001-08-28 14:00 72126 ----a-w- c:\windows\system32\perfc00C.dat

2009-10-25 07:20 . 2001-08-28 14:00 460986 ----a-w- c:\windows\system32\perfh00C.dat

2009-10-22 05:00 . 2009-10-22 05:00 152576 ----a-w- c:\documents and settings\1\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-10-11 03:17 . 2008-11-24 19:14 411368 ----a-w- c:\windows\system32\deploytk.dll

2006-04-24 18:43 . 2006-01-01 13:38 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe

2006-12-17 14:30 . 2006-12-17 14:26 26912 --sha-w- c:\windows\fidbox.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NoTraceAUTO"="c:\documents and settings\1\Mes documents\NoTrace.exe" [2007-04-22 215040]

"AlcoholAutomount"="c:\program files\Alcohol 52\axcmd.exe" [2007-07-02 219008]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"TrayServer"="c:\program files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 90112]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-29 110592]

EPSON Status Monitor 3 Environment Check.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 217600]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-4-1 67128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=

"c:\\Program Files\\Micro Application\\Maxi Mah-Jong\\Mahjongg.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/01/2010 17:30 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/01/2010 17:30 20560]

R2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [27/11/2008 15:17 1712128]

S3 cdspacex;cdspacex;c:\windows\system32\DRIVERS\CDSPACEX.sys --> c:\windows\system32\DRIVERS\CDSPACEX.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [09/06/2008 20:30 1527900]

S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]

S3 ids0005c;ids0005c;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [?]

S3 ids00102;ids00102;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys [?]

S3 klstm;klstm;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [?]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [14/06/2008 09:13 576680]

S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\system32\drivers\RESC_DWB.SYS [24/04/2003 11:03 74828]

S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\DRIVERS\TwoRabts.sys --> c:\windows\system32\DRIVERS\TwoRabts.sys [?]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [12/03/2008 08:42 50048]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/08/2007 19:47 685816]

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-02 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job

- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 16:57]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.wanadoo.fr

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download ALL with IDA

IE: Download with IDA

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: { - c:\program files\Messenger\msmsgs.exe

TCP: {88729C73-DB8D-4880-B78F-C0A2F3A48A4D} = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr

FF - component: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll

FF - plugin: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 200000

FF - user.js: content.notify.interval - 100000

FF - user.js: content.switch.threshold - 650000

FF - user.js: nglayout.initialpaint.delay - 300

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

HKCU-Run-Internet Download Accelerator - c:\program files\IDA\ida.exe

AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-05 14:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5DE6991-0B8F-375A-3805-903DD45C1DB3}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]

@DACL=

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(3544)

c:\progra~1\Wanadoo\SEARCH~1.DLL

c:\program files\Multi_Media\tbMul1.dll

c:\windows\System32\msls31.dll

c:\windows\System32\shdoclc.dll

c:\windows\System32\msimtf.dll

c:\windows\System32\MSCTF.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\mes données\OSE.dll

c:\program files\mes données\MOSAIC.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

c:\windows\System32\FTRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Raxco\PerfectDisk10\PDAgent.exe

c:\program files\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\windows\system32\wscntfy.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Heure de fin: 2010-01-05 14:22:23 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-05 13:22

 

Avant-CF: 22 520 487 936 octets libres

Après-CF: 22 596 874 240 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

- - End Of File - - 4205340D4B2185EB4612E74E497528B1

 

voila j'attends la suite !

merci de ton aide

joel

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

C'est niquel! on finit comme ceci (c'est rapide). Génère un rapport comme ceci >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

joel25 Member

joel25

Posté(e)
  • Auteur
Posté(e)

Logfile of random's system information tool 1.06 (written by random/random)

Run by 1 at 2010-01-05 17:16:31

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 21 GB (14%) free of 156 GB

Total RAM: 959 MB (56% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16:56, on 05/01/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\1\Mes documents\RSIT.exe

C:\Documents and Settings\1\Mes documents\1.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206025881933

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

 

--

End of file - 9556 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}]

Download Manager Browser Helper Object - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL [2006-06-27 520192]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-23 370296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-13 325048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5146c40-189a-4311-bda9-fbae3e023187}]

Multi_Media toolbar - C:\Program Files\Multi_Media\tbMul1.dll [2007-08-04 1326104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{b5146c40-189a-4311-bda9-fbae3e023187} - Multi_Media toolbar - C:\Program Files\Multi_Media\tbMul1.dll [2007-08-04 1326104]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

"TrayServer"=C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe [2007-07-17 90112]

"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2008-02-15 1052672]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"NoTraceAUTO"=C:\Documents and Settings\1\Mes documents\NoTrace.exe [2007-04-22 215040]

"AlcoholAutomount"=C:\Program Files\Alcohol 52\axcmd.exe [2007-07-02 219008]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

"Internet Download Accelerator"=C:\Program Files\IDA\ida.exe -autorun []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe"="C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg"

"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

"C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe"="C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows"

"C:\Program Files\Micro Application\Maxi Mah-Jong\Mahjongg.exe"="C:\Program Files\Micro Application\Maxi Mah-Jong\Mahjongg.exe:*:Enabled:Mahjongg"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

======List of files/folders created in the last 1 months======

 

2010-01-05 17:16:30 ----D---- C:\rsit

2010-01-05 16:20:14 ----D---- C:\Program Files\Avira

2010-01-05 16:20:14 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2010-01-05 14:24:02 ----D---- C:\Documents and Settings\1\Application Data\Malwarebytes

2010-01-05 14:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-01-05 14:23:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-05 14:22:24 ----A---- C:\ComboFix.txt

2010-01-05 13:57:28 ----A---- C:\Boot.bak

2010-01-05 13:57:19 ----RASHD---- C:\cmdcons

2010-01-05 13:55:53 ----A---- C:\WINDOWS\zip.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\SWSC.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\SWREG.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\sed.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\PEV.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\NIRCMD.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\MBR.exe

2010-01-05 13:55:53 ----A---- C:\WINDOWS\grep.exe

2010-01-05 13:55:35 ----D---- C:\WINDOWS\ERDNT

2010-01-05 13:53:34 ----D---- C:\Qoobox

2010-01-03 10:34:30 ----D---- C:\Documents and Settings\1\Application Data\HouseCall 6.6

2010-01-02 23:03:07 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini

2009-12-17 18:57:33 ----D---- C:\Program Files\ScreenMates

 

======List of files/folders modified in the last 1 months======

 

2010-01-05 17:14:24 ----D---- C:\Program Files\Mozilla Firefox

2010-01-05 16:41:33 ----D---- C:\WINDOWS\Temp

2010-01-05 16:41:30 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-05 16:41:24 ----D---- C:\WINDOWS

2010-01-05 16:40:10 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-05 16:20:24 ----HD---- C:\WINDOWS\inf

2010-01-05 16:20:24 ----D---- C:\WINDOWS\system32\drivers

2010-01-05 16:20:14 ----RD---- C:\Program Files

2010-01-05 16:19:44 ----D---- C:\WINDOWS\WinSxS

2010-01-05 16:19:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2010-01-05 16:19:41 ----SHD---- C:\WINDOWS\Installer

2010-01-05 16:14:53 ----D---- C:\Documents and Settings\1\Application Data\vlc

2010-01-05 16:10:02 ----D---- C:\WINDOWS\system32

2010-01-05 15:29:54 ----SHD---- C:\System Volume Information

2010-01-05 15:29:54 ----D---- C:\WINDOWS\system32\Restore

2010-01-05 15:17:57 ----HDC---- C:\WINDOWS\$NtUninstallQ331953$

2010-01-05 14:21:10 ----SD---- C:\WINDOWS\Tasks

2010-01-05 14:16:12 ----A---- C:\WINDOWS\system.ini

2010-01-05 14:14:39 ----D---- C:\WINDOWS\system32\config

2010-01-05 14:12:12 ----D---- C:\WINDOWS\AppPatch

2010-01-05 14:12:10 ----D---- C:\Program Files\Fichiers communs

2010-01-05 14:08:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-05 13:57:28 ----RASH---- C:\boot.ini

2010-01-05 10:05:15 ----D---- C:\WINDOWS\Prefetch

2010-01-01 13:22:28 ----D---- C:\Program Files\eMule

2009-12-17 16:41:41 ----D---- C:\Documents and Settings\1\Application Data\dvdcss

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-05 28520]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-26 5632]

R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-05-03 188672]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-05 56816]

R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-09 71184]

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-08-02 19200]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]

R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-01 9856]

R3 QCMerced;Logitech QuickCam Messenger; C:\WINDOWS\System32\DRIVERS\LVCM.sys [2003-06-27 472332]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-10-07 174592]

R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112]

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

S3 CamAv;SAMSUNG Video Capture; C:\WINDOWS\System32\Drivers\CamAv.sys []

S3 CAMFLT;%CAMFLT.SvcDesc%; C:\WINDOWS\system32\drivers\CAMFLT.sys []

S3 catchme;catchme; \??\C:\joel25\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 cdspacex;cdspacex; C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys []

S3 CoachAud;Coach Audio; C:\WINDOWS\system32\DRIVERS\CoachAud.sys [2004-11-24 10368]

S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]

S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 44256]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []

S3 ids00026;ids00026; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []

S3 ids0005c;ids0005c; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []

S3 ids00102;ids00102; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys []

S3 klstm;klstm; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []

S3 RescueDrv;Inventel Access Point USB Rescue Driver; C:\WINDOWS\System32\Drivers\resc_dwb.sys [2003-04-24 74828]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 TSP;TSP; \??\C:\WINDOWS\system32\Drivers\klif.sys []

S3 TwoRabts;Two Rabbits Live Bus; C:\WINDOWS\system32\DRIVERS\TwoRabts.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-08-07 685816]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-05 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-05 185089]

R2 EFUploadSrv;ExtraFilm upload service; C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe [2008-11-27 1712128]

R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [2002-01-30 77824]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-12-14 61440]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-01-13 918792]

R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-06-14 576680]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-01-13 1021192]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.06 2010-01-05 17:16:58

 

======Uninstall list======

 

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'

30+ Free Patience-->C:\Program Files\30+ Free Patience\uninstall.exe

ACDSee for PENTAX 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

aiofw-->MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083}

aioocr-->MsiExec.exe /I{3BED0238-3A25-41AE-BC23-316914B5B048}

aioprnt-->MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655}

aioscnnr-->MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D}

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ArcSoft MediaConverter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5BD1F9C-8BBA-410E-837D-94D523269F8F}\SETUP.EXE" -l0x40c

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"

center-->MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF}

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

CyberGestion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C964A549-C74A-11D3-B88A-00A0C9379093}\setup.exe"

Dual Mode Digital Camera Z-->C:\Program Files\InstallShield Installation Information\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}\setup.exe -runfromtemp -l0x040c -removeonly

DVD Decrypter 3.5.4.0 Fr-->C:\Program Files\DVD Decrypter\UnInstall_DVDdecrypt.exe

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly

EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

Extrafilm Designer FR-->C:\Program Files\Extrafilm Designer FR\Uninstall.exe

ExtraFilm FotoFacil-->C:\Program Files\ExtraFilm FotoFacil\Uninstall.exe

Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\instslct.exe /p

Front Page Sports: Trophy Rivers-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\TRivers\Uninst.isu

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

Gekko Mahjongg-->C:\PROGRA~1\MICROA~1\MAXIMA~1\Data\System\Unwise32.exe C:\PROGRA~1\MICROA~1\MAXIMA~1\Data\System\Install.log

Help_CTR-->MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}

helptut-->MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3}

helpug-->MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}

HijackThis 2.0.2-->"C:\Documents and Settings\1\Mes documents\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HouseCall 6.6-->"C:\Documents and Settings\1\Application Data\HouseCall 6.6\uninstaller.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

K-Lite Codec Pack 2.32 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

ksdip-->MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395}

Kyodai Mahjongg 2006 v1.21-->"C:\Program Files\Kyodai Mahjongg 2006\unins000.exe"

Logiciel pour imprimante multifonction KODAK-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_baf07\Setup.exe /APR-REMOVE

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL

Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG

Logitech QuickCam-->MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}

Ma-Config.com-->MsiExec.exe /X{B312D12A-0320-4462-B6F7-C9B69EB3DB5C}

MAGIX Video deluxe 2008 Trial 7.0.3.0 (F)-->C:\Program Files\MAGIX\Video_deluxe_2008_e-version\instslct.exe /p

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

mes données 1.0.0.7-->C:\Program Files\mes données\uninst.exe

Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Moorhuhn 2 V1.1-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Phenomedia AG\Moorhuhn 2\Uninst.isu"

Moorhuhn 3 DL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF895069-BD9A-11D5-986D-00500443CF9F}\Setup.exe" -l0x7

Moorhuhn Invasion Vollversion-->C:\PROGRA~1\PHENOM~1\MOORHU~3\UNWISE.EXE C:\PROGRA~1\PHENOM~1\MOORHU~3\INSTALL.LOG

Moorhuhn Piraten - Demo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A22B3BA-E751-4F37-8ACB-C34B81FFABAA}\Setup.exe" -l0x7

Moorhuhn Soccer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59DC43FF-8F26-40B2-A566-C69C9457BF7D}\setup.exe" -l0x7

MOORHUHN WANTED XXL-->c:\games\MOORHUHN WANTED XXL\Uninstal.exe

Moorhuhn Wanted XXL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A116D023-A3BC-4C70-A8B8-9FE77850F0D9}\Setup.exe" -l0x7 DUIM

Moorhuhn Winter-Edition-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Phenomedia AG\Moorhuhn Winter-Edition\Uninst.isu"

Moorhuhn X - XS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}\Setup.exe" -l0x7 -UNINST

Moorhuhn X - XXL-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Moorhuhn X - XXL\UNINSTAL.DAT

Moorhuhnjagd-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Phenomedia\Moorhuhnjagd\Uninst.isu"

Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

Multi Media Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG

Multimedia Keyboard & Mouse Driver-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F36AE663-540B-474C-9702-34B533B5EFD0} /l1033

Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x40c

PerfectDisk 10 Professional-->MsiExec.exe /I{7B738CD9-D107-48C7-8E65-2E6639A39C8D}

PhotoBox 3.2.5-->"C:\Program Files\PhotoBox\uninstall.exe"

Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

PMP DV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF68A865-76E3-4F34-ADD3-B38EFA5E6E62}\Setup.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

PPTminimizer-->"C:\Program Files\PPTminimizer\unins000.exe"

QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Registry Mechanic 6.0-->"C:\Program Files\Registry Mechanic\unins000.exe"

RocketDock 1.3.0-->"C:\Program Files\RocketDock\unins000.exe"

S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'

S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'

S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'

S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'

S3 S3TrayPlus-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'

Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall

SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe

SoftPepper Video Converter 2.0-->C:\Program Files\SoftPepper Video Converter 2.0\uninst.exe

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"

TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u C:\Program Files\TrueCrypt\

UniChrome Pro IGP Display Driver and Utilities-->C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns

Update for Office 2007 (KB934391)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb955433)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}

VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"

Virtual Magnifying Glass-->"C:\Program Files\Virtual Magnifying Glass\uninstall.exe"

VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

Winkaa 1.0 1.0-->"C:\Program Files\Emoticons-plus.com\Winkaa 1.0\uninstall.exe"

 

======Security center information======

 

AV: AntiVir Desktop

 

======System event log======

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 7036

Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

 

Record Number: 6858

Source Name: Service Control Manager

Time Written: 20091117082528.000000+060

Event Type: Informations

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 7036

Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.

 

Record Number: 6857

Source Name: Service Control Manager

Time Written: 20091117082528.000000+060

Event Type: Informations

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 7036

Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

 

Record Number: 6856

Source Name: Service Control Manager

Time Written: 20091117082527.000000+060

Event Type: Informations

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

 

Record Number: 6855

Source Name: Service Control Manager

Time Written: 20091117082527.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 7036

Message: Le service PDEngine est entré dans l'état : en cours d'exécution.

 

Record Number: 6854

Source Name: Service Control Manager

Time Written: 20091117082525.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 1104

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Completed all work. Shutting down.

 

 

Record Number: 8631

Source Name: .NET Runtime Optimization Service

Time Written: 20090322225652.000000+060

Event Type: Informations

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 1102

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

 

 

Record Number: 8630

Source Name: .NET Runtime Optimization Service

Time Written: 20090322225652.000000+060

Event Type:

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 1100

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

 

 

Record Number: 8629

Source Name: .NET Runtime Optimization Service

Time Written: 20090322225652.000000+060

Event Type: Informations

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 1102

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

 

 

Record Number: 8628

Source Name: .NET Runtime Optimization Service

Time Written: 20090322225652.000000+060

Event Type:

User:

 

Computer Name: 1-5603EEKF3ZU1R

Event Code: 1100

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

 

 

Record Number: 8627

Source Name: .NET Runtime Optimization Service

Time Written: 20090322225652.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\PROGRA~1\MICROS~2\Office;C:\Program Files\Fichiers communs\GTK\2.0\bin;;C:\PROGRA~1\DISKEE~1\DISKEE~1;C:\Program Files\Samsung\Samsung PC Studio 3

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"KDS_LANGUAGE"=5

 

-----------------EOF-----------------

 

voila c'est fait !

au fait j'ai remis antivir est maintenant il marche !

joel

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

re!

 

Très bien! juste quelques détails à régler >>

 

Désactive le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Tea Timer" .

Tu ne dois plus voir l'icône du Teatimer dans la barre de tâches!

Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure qui suit!

 

Passe par le Panneau de Configuration >> Ajouter/Supprimer des programmes et désinstalle : Multi_Media toolbar (note: il est possible que certaines lignes citées ci-dessous n'apparaissent plus dans le rapport hijackthis après ca)

 

1°) Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

 

O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll

 

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

-Ferme tous les programmes et clique sur "Fix Checked"

 

Supprime le dossier suivant après ca >> C:\Program Files\Multi_Media

 

2°) Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et copie/colle ceci >

 

ComboFix /uninstall (il ya un espace entre x et / si tu recopies la commande manuellement)

 

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

3°) Très important: Les mises à jour >>

 

Ne fais pas l'impasse sur ces mises à jour car elle permettent de sécuriser ton pc.

 

Sur ce pc il y a la version 6.00 d'Internet Explorer: une vraie passoire pleine de failles de sécurité!! même si tu n'utilises pas IE, il arrive qu'on soit obligé de le lancer. Il est nécéssaire de passer à la version 8 => http://www.microsoft.com/france/windows/pr...e8/default.aspx

Par ailleurs installe le Service Pack 3 car il amène son lot de mises à jour importantes pour la stabilité et la sécurité du pc. Voici le lien pour l'installer => http://download.windowsupdate.com/msdownlo...1B867F9CA93.exe

 

Adobe Reader 7.1. sur ton pc. Mise à jour ici (v9.2 )>> http://get.adobe.com/fr/reader/

Note à propos d'Adobe Reader: si tu utilises ce programme pour pouvoir visualiser des documents au format pdf, il y a bien plus léger!! Foxit Reader par ex >> http://telechargement.zebulon.fr/foxit-pdf-reader.html

Attention à bien décocher les cases qui conseillent l'installation de Ask Toolbar et ebay

si tu optes pour ce dernier, inutile de faire la mise à jour d'Adobe Reader (désinstalle le simplement)

 

Du nettoyage à faire dans les anciennes versions de la Console Java de Sun >>

Télécharge JavaRa.zip de Paul McLain et Fred de Vries.

  • Décompresse le fichier sur ton bureau (clic droit > Extraire tout)
  • Double-clique sur le répertoire JavaRa obtenu
  • Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
  • Une boite va s'ouvrir te demandant de sélectionner le langage, fais ton choix puis clique sur Selectionner.
  • Clique sur Recherche de mises à jour
  • Sélectionne Metre à jour via jucheck.exe puis clique sur Rechercher
  • Autorise le processus à se connecter s'il te le demande, clique sur Installer et suis les instructions d'installation. Cela prendra quelques minutes.
  • Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Effacer les anciennes versions
  • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
  • Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log (c:\JavaRa.log)
  • Ferme l'application

Note: Tu pourras conserver ce petit programme car il permet d'automatiser la mise à jour de la Console Java ainsi que la désinstallation des anciennes versions.

 

4°) Le pare-feu intégré à Windows n'est pas efficace! il est important d'en installer un vrai pour protéger ton pc >>

 

Voila quelques liens pour des pare-feux gratuits

 

Zone Alarm (2 versions )

Lien de téléchargement de la version FREE : http://dl2.zonelabs.com/bin/free/3301_fr/z..._737_000_fr.exe

Lien de téléchargement de la version PRO : http://www.zonelabs.com/store/content/cata...lid=dbtopnav_za

La version pro est payante après une période d'essai.

Tuto de Tesgaz pour la version pro : http://speedweb1.free.fr/frames2.php?page=tuto1

Tuto de Odsen pour la version free : http://benoit.aun.free.fr/securite-facile-php/zonealarm.php

 

Kerio

Lien de téléchargement : http://www.sunbelt-software.com/evaluation/440/kerio.exe

Tuto de Malekal_morte : http://www.malekal.com/kerio_firewall.html

 

Jetico

Lien de téléchargement éditeur : http://www.jetico.com/

Lien de téléchargement sur Zebulon (en fr) : http://telechargement.zebulon.fr/license-1-225.html

Tuto de Odsen : http://benoit.aun.free.fr/securite-facile-php/jetico.php

 

Outpost firewall free

Lien de téléchargement éditeur : http://www.agnitum.com/products/outpostfree/download.php

Tuto de Odsen (lien site) : http://securite-facile.ovh.org/outpost.php

 

La liste n'est pas exhaustive, il en existe d'autres gratuits, et d'autres avec plus de fonctions payants. Télécharge l'exécutable d'installation du pare-feu que tu auras choisi. Lance l'installation de ton pare-feu et suis les instructions supplémentaires s'il y en a. Aide toi des tutos.

 

Je te conseille Zone Alarme ou Kério en version gratuite pour commencer, tu pourras en changer par la suite pour un pare-feu plus élaboré quand tu auras le temps de t'y plonger. Un pare-feu bien configuré, est garant de la sécurité du pc et de ta tranquilité .

 

Courage: c'est important pour sécuriser le pc :P

joel25 Member

joel25

Posté(e)
  • Auteur
Posté(e)

salut!

j'ai presque tout installer , il me manque le pare-feu et sp3 j'ai juste un peu peur car quand je demarre l'instal de sp3 il me dit de sauvegarder mes données!! y a t'il des risques pour mes dossiers genre photos perso....

pour Ie8 j'ai pas d'icones que se soit sur le bureau où dans mes programme,normal?

 

bon je te met deja le rapport java:

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Wed Jan 06 16:46:36 2010

 

Found and removed: C:\Program Files\Java\jre1.5.0_06

 

Found and removed: C:\Program Files\Java\jre1.5.0_10

 

Found and removed: C:\Program Files\Java\jre1.5.0_11

 

Found and removed: C:\Program Files\Java\jre1.6.0_03

 

Found and removed: C:\Program Files\Java\jre1.6.0_05

 

Found and removed: C:\Program Files\Java\jre1.6.0_07

 

Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_10

 

Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_11

 

Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_13

 

Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_15

 

Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_16

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Wed Jan 06 16:47:58 2010

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

 

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

 

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

 

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

 

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

 

Found and removed: Software\Classes\JavaPlugin.160_03

 

Found and removed: Software\Classes\JavaPlugin.160_05

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

 

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

 

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

 

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

 

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

 

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

 

------------------------------------

 

Finished reporting.

 

 

 

merci de ton aide

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Re!

 

il me manque le pare-feu et sp3 j'ai juste un peu peur car quand je demarre l'instal de sp3 il me dit de sauvegarder mes données!!

pas de souci à priori! ceci dit, une sauvegarde de tes données personnelles sur support amovible (dvd/clé usb etc...) est une bonne chose: on est jamais assez prudent :P

pour Ie8 j'ai pas d'icones que se soit sur le bureau où dans mes programme,normal?

Tu veux dire que tu as installé IE8, mais que tu n'as pas de raccourci sur ton Bureau ?

Tu peux en créer un toi même si c'est le cas: rends toi dans le répertoire suivant >> C:\Program Files\Internet Explorer puis fais un clic droit sur le fichier nommé iexplore.exe et choisis Envoyer vers >> Bureau (créer un raccourci)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...