Alerte de sécurité [résolu]

[vincent12]

bonjour à tous les deux, j'interviens car j'ai exactement le même pproblème.

j'ai essayé d'installer un nouveau certificat mais rien n'y fait j'ai toujours ce message que s'affiche.

 

par contre pour tenter de trouver la solution je suis allé dans l'aide prpoposée par windows 7, là bien sur je ne peux pas renouveler mon certificat mais j'ai vu qu'il servait à afficher la conformité du serveur.

 

est-ce qu'à tout hasard tu serais chez SRF ou 9 comme FAI cela pourrait être une piste interressante si c'était le cas.

[Captainigloo]

Salut Me revoila

Voici ce que tu m'as demandé

 

un jour il faudra aprendre à lire un raport hijackthis

 

Bon courage

___________________________________

info.txt logfile of random's system information tool 1.06 2010-02-25 15:26:31

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}

Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}

Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}

Autopano Pro-->C:\Program Files\Kolor\Autopano Pro\Uninstall.exe

avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Command & Conquer 3 : La Fureur de Kane-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}

Compel Adaptec WinASPI-->"C:\Program Files\WinASPI\unins000.exe"

CoyoteReplay-->"C:\Program Files\CoyoteReplay\uninstall.exe"

DIGIPILLS Miniphoto-->"C:\Program Files\Miniphoto\uninstall.exe"

Enemy Territory - QUAKE Wars Demo 2 Lite Server-->C:\Program Files\InstallShield Installation Information\{C96F54F5-6904-4B36-8422-F060F867C8A6}\setup.exe -runfromtemp -l0x0409

Enemy Territory - QUAKE Wars Demo 2-->C:\Program Files\InstallShield Installation Information\{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}\setup.exe -runfromtemp -l0x0409

Eraser-->"C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE

Eraser-->C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe

ffdshow [rev 3026] [2009-07-05]-->"C:\Program Files\ffdshow\unins000.exe"

FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Free Video to Mp3 Converter version 2.7-->"C:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"

Hercules Classic Link Webcam-->C:\Program Files\InstallShield Installation Information\{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}\setup.exe -runfromtemp -l0x040c -removeonly

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}\setup\hpzscr01.exe -datfile hposcr44.dat -onestop -forcereboot

HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat

HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Java 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016F0}

Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Jewel Quest (remove only)-->"C:\Program Files\Jewel Quest\Uninstall.exe"

Luxor-->C:\PROGRA~1\GAMEHO~1\Luxor\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Luxor\INSTALL.LOG

Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}

Magic Ball 2-->C:\PROGRA~1\GAMEHO~1\MAGICB~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAGICB~1\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}

Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}

Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}

NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly

NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}

OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}

PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Recuva-->"C:\Program Files\Recuva\uninst.exe"

RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"

SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe

Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe

SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}

Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}

SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe

SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Sony Ericsson PC Suite 6.007.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"

Tunebite-->MsiExec.exe /I{1442BD5B-64FC-434E-942C-F2310C720C8D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}

Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}

Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}

VC80_CRT_x86-->MsiExec.exe /X{AFC02C27-473F-4EC5-9372-30771EFFB35F}

VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: avast! antivirus 4.8.1229 [VPS 081119-0]

AS: Spybot - Search and Destroy (disabled) (outdated)

AS: Windows Defender

AS: Spyware Terminator

AS: avast! antivirus 4.8.1229 [VPS 081119-0]

 

======System event log======

 

Computer Name: PC-de-Cyril

Event Code: 40968

Message: Le système de sécurité a reçu une requête d'authentification qui n'a pas pu être décodée. La requête a échoué.

Record Number: 69323

Source Name: LsaSrv

Time Written: 20080905161501.000000-000

Event Type: Avertissement

User:

 

Computer Name: PC-de-Cyril

Event Code: 40968

Message: Le système de sécurité a reçu une requête d'authentification qui n'a pas pu être décodée. La requête a échoué.

Record Number: 69183

Source Name: LsaSrv

Time Written: 20080905135520.000000-000

Event Type: Avertissement

User:

 

Computer Name: PC-de-Cyril

Event Code: 40968

Message: Le système de sécurité a reçu une requête d'authentification qui n'a pas pu être décodée. La requête a échoué.

Record Number: 69113

Source Name: LsaSrv

Time Written: 20080905124915.000000-000

Event Type: Avertissement

User:

 

Computer Name: PC-de-Cyril

Event Code: 40968

Message: Le système de sécurité a reçu une requête d'authentification qui n'a pas pu être décodée. La requête a échoué.

Record Number: 69027

Source Name: LsaSrv

Time Written: 20080905112350.000000-000

Event Type: Avertissement

User:

 

Computer Name: PC-de-Cyril

Event Code: 4226

Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Record Number: 68927

Source Name: Tcpip

Time Written: 20080905094548.468200-000

Event Type: Avertissement

User:

 

=====Application event log=====

 

Computer Name: PC-de-Cyril

Event Code: 10010

Message: Impossible de redémarrer l’application « C:\Program Files\Common Files\Symantec Shared\ccApp.exe » (pid 3660) - Le SID de l’application ne correspond pas à celui du conducteur..

Record Number: 870

Source Name: Microsoft-Windows-RestartManager

Time Written: 20080717114816.960442-000

Event Type: Avertissement

User: PC-de-Cyril\Cyril

 

Computer Name: PC-de-Cyril

Event Code: 8194

Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

 

Opération :

Données du rédacteur en cours de collecte

 

Contexte :

ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}

Nom du rédacteur: System Writer

ID d’instance du rédacteur: {93284e9b-0023-4e91-8edc-ba517922d951}

Record Number: 866

Source Name: VSS

Time Written: 20080717114748.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Cyril

Event Code: 5007

Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.

Record Number: 827

Source Name: WerSvc

Time Written: 20080717084006.000000-000

Event Type: Erreur

User:

 

Computer Name: PC-de-Cyril

Event Code: 1008

Message: Le service Windows Search tente de supprimer l’ancien catalogue.

 

Record Number: 822

Source Name: Microsoft-Windows-Search

Time Written: 20080717083957.000000-000

Event Type: Avertissement

User:

 

Computer Name: LH-KSFBIFOLU3HV

Event Code: 5007

Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.

Record Number: 792

Source Name: WerSvc

Time Written: 20071226065124.000000-000

Event Type: Erreur

User:

 

=====Security event log=====

 

Computer Name: PC-de-Cyril

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

 

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll

Record Number: 65299

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090719225303.069938-000

Event Type: Échec de l'audit

User:

 

Computer Name: PC-de-Cyril

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

 

Nom du fichier : \Device\HarddiskVolume2\Program Files\RocketDock\RocketDock.dll

Record Number: 65298

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090719225303.041938-000

Event Type: Échec de l'audit

User:

 

Computer Name: PC-de-Cyril

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

 

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll

Record Number: 65297

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090719225303.013938-000

Event Type: Échec de l'audit

User:

 

Computer Name: PC-de-Cyril

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

 

Nom du fichier : \Device\HarddiskVolume2\Program Files\RocketDock\RocketDock.dll

Record Number: 65296

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090719225302.985938-000

Event Type: Échec de l'audit

User:

 

Computer Name: PC-de-Cyril

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

 

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll

Record Number: 65295

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090719225218.025938-000

Event Type: Échec de l'audit

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\PC Connectivity Solution\;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

 

-----------------EOF-----------------

 

_____________________________________________

Logfile of random's system information tool 1.06 (written by random/random)

Run by Cyril at 2010-02-25 15:25:59

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 51 GB (34%) free of 148 GB

Total RAM: 3071 MB (57% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:29, on 25/02/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Users\Cyril\AppData\Roaming\MICROS~1\mqtgsvc.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Windows\System32\oodtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\System32\mobsync.exe

C:\Users\Cyril\AppData\Local\Temp\~temp\mlp217\mdm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Cyril\Downloads\RSIT.exe

C:\Program Files\trend micro\Cyril.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: load=C:\Users\Cyril\AppData\Roaming\MICROS~1\mqtgsvc.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252,208.67.220.220,212.27.32.177,212.27.54.252

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 10242 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\Maintenance en 1 clic.job

C:\Windows\tasks\PCConfidential.job

C:\Windows\tasks\RegPowerClean.job

C:\Windows\tasks\RPCReminder.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]

Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2008-12-04 144688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-15 761840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-20 4493312]

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-06 86016]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-06 8530464]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-10 2173440]

"OODefragTray"=C:\Windows\system32\oodtray.exe [2007-05-11 2512392]

"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

"NPSStartup"= []

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

""= []

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-07-10 3055616]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-01-17 102400]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"BindDirectlyToPropertySetStorage"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e62d2ca-f30a-11de-9f02-001c2557e85b}]

shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ec758f3-4061-11de-bb25-001c2557e85b}]

shell\AutoRun\command - M:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a55ce9-728a-11dd-a09f-001c2557e85b}]

shell\AutoRun\command - L:\SETUP.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eab1496-17e7-11df-9494-001c2557e85b}]

shell\Auto\command - L:\launcher.exe

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\launcher.exe

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-02-25 15:25:59 ----D---- C:\rsit

2010-02-25 08:31:15 ----D---- C:\Program Files\ffdshow

2010-02-25 08:31:15 ----A---- C:\Windows\system32\pthreadGC2.dll

2010-02-25 08:18:22 ----D---- C:\Program Files\WinASPI

2010-02-25 08:10:26 ----A---- C:\Windows\avsredirect.dll

2010-02-25 08:04:50 ----D---- C:\Users\Cyril\AppData\Roaming\CoyoteReplay

2010-02-25 08:04:49 ----D---- C:\Program Files\CoyoteReplay

2010-02-25 07:52:40 ----A---- C:\Windows\system32\secproc_isv.dll

2010-02-25 07:52:38 ----A---- C:\Windows\system32\secproc.dll

2010-02-25 07:52:28 ----A---- C:\Windows\system32\RMActivate_isv.exe

2010-02-25 07:52:26 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2010-02-25 07:52:26 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2010-02-25 07:52:25 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2010-02-25 07:52:25 ----A---- C:\Windows\system32\secproc_ssp.dll

2010-02-25 07:52:25 ----A---- C:\Windows\system32\RMActivate.exe

2010-02-25 07:52:25 ----A---- C:\Windows\system32\msdrm.dll

2010-02-25 07:52:22 ----A---- C:\Windows\system32\gameux.dll

2010-02-25 07:52:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-02-25 07:52:21 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-02-24 22:48:24 ----D---- C:\Users\Cyril\AppData\Roaming\HPAppData

2010-02-23 22:02:17 ----A---- C:\Windows\system32\tzres.dll

2010-02-23 22:02:06 ----A---- C:\Windows\system32\jscript.dll

2010-02-19 22:54:00 ----D---- C:\ProgramData\Sun

2010-02-19 22:53:30 ----A---- C:\Windows\system32\javaws.exe

2010-02-19 22:53:30 ----A---- C:\Windows\system32\javaw.exe

2010-02-19 22:53:30 ----A---- C:\Windows\system32\java.exe

2010-02-17 23:10:55 ----HD---- C:\$AVG

2010-02-16 23:55:04 ----D---- C:\ProgramData\Alwil Software

2010-02-14 19:59:25 ----D---- C:\ProgramData\Temp

2010-02-12 08:58:38 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-02-12 08:58:38 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-02-12 08:58:29 ----A---- C:\Windows\system32\quartz.dll

2010-02-12 08:58:29 ----A---- C:\Windows\system32\msvidc32.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\tsbyuv.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\msyuv.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\msrle32.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\mciavi32.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\iyuv_32.dll

2010-02-12 08:58:27 ----A---- C:\Windows\system32\msvfw32.dll

2010-02-12 08:58:27 ----A---- C:\Windows\system32\avifil32.dll

2010-02-06 16:21:54 ----D---- C:\Users\Cyril\AppData\Roaming\HpUpdate

2010-02-06 16:21:52 ----D---- C:\Windows\Hewlett-Packard

2010-02-06 15:36:46 ----D---- C:\ProgramData\HPSSUPPLY

2010-02-06 15:12:20 ----D---- C:\ProgramData\WEBREG

2010-02-06 14:59:07 ----D---- C:\Users\Cyril\AppData\Roaming\HP

2010-02-06 14:53:16 ----D---- C:\ProgramData\HP Product Assistant

2010-02-06 14:51:46 ----D---- C:\Program Files\Common Files\HP

2010-02-06 14:51:20 ----D---- C:\Program Files\Common Files\Hewlett-Packard

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hppldcoi.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hposwia_d02c.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hpost_d02c.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hposc_d02a.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\difxapi.dll

2010-02-06 14:49:57 ----A---- C:\Windows\system32\hpzids01.dll

2010-02-06 14:49:55 ----A---- C:\Windows\system32\hpf3l70v.dll

2010-02-06 14:49:18 ----HD---- C:\Config.Msi

2010-02-06 14:48:08 ----D---- C:\Program Files\HP

2010-02-06 14:45:52 ----D---- C:\ProgramData\HP

2010-02-06 12:42:46 ----D---- C:\Users\Cyril\AppData\Roaming\ArchiFacile

2010-01-30 15:57:02 ----D---- C:\Program Files\Bonjour

2010-01-30 15:15:56 ----D---- C:\Program Files\Common Files\Macrovision Shared

 

======List of files/folders modified in the last 1 months======

 

2010-02-25 15:26:14 ----D---- C:\Windows\Prefetch

2010-02-25 15:26:04 ----D---- C:\Windows\System32

2010-02-25 15:26:04 ----D---- C:\Windows\inf

2010-02-25 15:26:04 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-02-25 15:26:03 ----D---- C:\Windows\temp

2010-02-25 15:26:02 ----D---- C:\Program Files\trend micro

2010-02-25 15:24:04 ----D---- C:\Windows\Tasks

2010-02-25 15:20:59 ----HD---- C:\Windows\system32\drivers

2010-02-25 15:20:59 ----D---- C:\Windows\Panther

2010-02-25 12:36:36 ----D---- C:\ProgramData\Spyware Terminator

2010-02-25 12:36:00 ----D---- C:\Windows\system32\LogFiles

2010-02-25 12:35:18 ----D---- C:\Windows

2010-02-25 08:32:17 ----D---- C:\Program Files\AviSynth 2.5

2010-02-25 08:32:00 ----D---- C:\Windows\winsxs

2010-02-25 08:31:15 ----D---- C:\Program Files

2010-02-25 08:21:48 ----D---- C:\Windows\system32\catroot

2010-02-25 08:18:43 ----RSD---- C:\Windows\Fonts

2010-02-25 08:18:43 ----D---- C:\Windows\AppPatch

2010-02-25 08:18:43 ----D---- C:\Program Files\Windows Mail

2010-02-25 08:18:24 ----D---- C:\Windows\system

2010-02-25 08:04:49 ----D---- C:\Program Files\Mozilla Firefox

2010-02-25 07:53:36 ----D---- C:\Windows\system32\catroot2

2010-02-25 07:53:10 ----SHD---- C:\System Volume Information

2010-02-25 07:35:43 ----D---- C:\Users\Cyril\AppData\Roaming\Spyware Terminator

2010-02-24 23:18:01 ----D---- C:\ProgramData

2010-02-24 22:43:53 ----D---- C:\Users\Cyril\AppData\Roaming\dvdcss

2010-02-23 22:27:18 ----D---- C:\Windows\rescache

2010-02-23 22:03:03 ----D---- C:\Windows\system32\fr-FR

2010-02-23 19:29:44 ----D---- C:\Windows\system32\oodag

2010-02-21 22:25:45 ----D---- C:\Program Files\OpenOffice.org 3

2010-02-21 21:23:17 ----A---- C:\Windows\system32\PnkBstrB.exe

2010-02-20 08:33:02 ----D---- C:\Users\Cyril\AppData\Roaming\FileZilla

2010-02-19 22:53:59 ----SHD---- C:\Windows\Installer

2010-02-19 22:53:50 ----D---- C:\Program Files\Common Files\Java

2010-02-19 22:53:17 ----D---- C:\Program Files\Java

2010-02-19 20:31:40 ----D---- C:\Users\Cyril\AppData\Roaming\XnView

2010-02-17 10:40:43 ----D---- C:\ProgramData\Spybot - Search & Destroy

2010-02-17 00:00:26 ----D---- C:\Program Files\Alwil Software

2010-02-15 15:48:37 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-15 15:48:28 ----D---- C:\Program Files\CyberLink

2010-02-14 20:10:49 ----D---- C:\ProgramData\CyberLink

2010-02-12 09:00:33 ----D---- C:\ProgramData\Microsoft Help

2010-02-11 19:53:36 ----A---- C:\Windows\system32\aswBoot.exe

2010-02-08 11:40:43 ----D---- C:\Program Files\Internet Explorer

2010-02-06 14:58:51 ----A---- C:\Windows\win.ini

2010-02-06 14:57:57 ----D---- C:\Windows\twain_32

2010-02-06 14:51:46 ----D---- C:\Program Files\Common Files

2010-01-30 17:01:03 ----D---- C:\Users\Cyril\AppData\Roaming\Adobe

2010-01-30 15:57:56 ----D---- C:\Program Files\Adobe

2010-01-30 15:57:33 ----D---- C:\ProgramData\Adobe

2010-01-30 15:57:00 ----D---- C:\Program Files\Common Files\Adobe

2010-01-29 11:56:16 ----D---- C:\Windows\system32\Tasks

2010-01-29 09:08:57 ----SD---- C:\Users\Cyril\AppData\Roaming\Microsoft

2010-01-28 00:13:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-05-09 142592]

R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R3 camfilt2;camfilt2; C:\Windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-22 1788056]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-10 6144]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8230496]

R3 PAC7302;Hercules Classic Link; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]

R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128]

R3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2008-11-04 44320]

R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S3 a978ref3;a978ref3; C:\Windows\system32\drivers\a978ref3.sys []

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-03-15 14336]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\Windows\system32\DRIVERS\se58bus.sys [2006-09-05 61536]

S3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 ZSMC301b;Philips SPC315NC Webcam; C:\Windows\System32\Drivers\usbVM31b.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]

R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-04-07 233472]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]

R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-03 66872]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-05-09 487424]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-15 194032]

S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 654848]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

 

-----------------EOF-----------------

 

_______________________________________

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3788

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

25/02/2010 15:17:02

mbam-log-2010-02-25 (15-16-48).txt

 

Type de recherche: Examen complet (C:\|D:\|K:\|)

Eléments examinés: 271387

Temps écoulé: 1 hour(s), 4 minute(s), 13 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\Cyril\AppData\Roaming\CoyoteReplay\Settings\AviSynth\ax\RLOFRDec.ax (Trojan.Hiloti) -> No action taken.

C:\Users\Cyril\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.

[Captainigloo]

vincent12 a dit

 

bonjour à tous les deux, j'interviens car j'ai exactement le même pproblème.

j'ai essayé d'installer un nouveau certificat mais rien n'y fait j'ai toujours ce message que s'affiche.

 

par contre pour tenter de trouver la solution je suis allé dans l'aide prpoposée par windows 7, là bien sur je ne peux pas renouveler mon certificat mais j'ai vu qu'il servait à afficher la conformité du serveur.

 

est-ce qu'à tout hasard tu serais chez SRF ou 9 comme FAI cela pourrait être une piste interressante si c'était le cas.

 

 

 

Bonjour,

 

Je suis chez FREE

[Thanos]

salut

 

Au vu du rapport de MalwareBytes, tu n'as pas supprimé les éléments détectés! As tu refais un scan pour supprimer ? sinon ne recommence pas: on va faire autrement.

 

Télécharge OTM par OldTimer et enregistre ce fichier sur le Bureau.

• Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :first
  
  :processes
  explorer.exe
  mqtgsvc.exe
  mdm.exe
  
  :files
  C:\Users\Cyril\AppData\Roaming\CoyoteReplay\Settings\AviSynth\ax\RLOFRDec.ax 
  C:\Users\Cyril\Local Settings\Application Data\Microsoft\sessmgr.exe
  C:\Users\Cyril\AppData\Roaming\MICROS~1\mqtgsvc.exe
  C:\Users\Cyril\AppData\Local\Temp\~temp\mlp217\mdm.exe
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
  [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  "load"=""
  
  :commands
  [emptytemp]
  [start explorer]

  
  

• Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée puis choisis Coller.
  
• Clique sur le bouton rouge
  
• Ferme OTM
  
• Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

[Captainigloo]

Merci de ton aide Thanos

 

Voici le rapport OTM Le PC s'et arrête et a redémarre de lui même.

Avec un rapport ouvert, donc pas de soucis

 

All processes killed

Error: Unable to interpret <:first> in the current context!

========== PROCESSES ==========

No active process named explorer.exe was found!

No active process named mqtgsvc.exe was found!

No active process named mdm.exe was found!

========== FILES ==========

File/Folder C:\Users\Cyril\AppData\Roaming\CoyoteReplay\Settings\AviSynth\ax\RLOFRDec.ax not found.

File/Folder C:\Users\Cyril\Local Settings\Application Data\Microsoft\sessmgr.exe not found.

C:\Users\Cyril\AppData\Roaming\MICROS~1\mqtgsvc.exe moved successfully.

File/Folder C:\Users\Cyril\AppData\Local\Temp\~temp\mlp217\mdm.exe not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"load"|"" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Cyril

->Temp folder emptied: 468312 bytes

->Temporary Internet Files folder emptied: 4728930 bytes

->Java cache emptied: 74454464 bytes

->FireFox cache emptied: 54739375 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 3197696 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32179620 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 24681195 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 185,00 mb

 

 

OTM by OldTimer - Version 3.1.9.0 log created on 02252010_220335

 

Files moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[Thanos]

ok reposte un nouveau rapport RSIT à présent qu'on voit si les changements ont bien été pris en compte.

[Captainigloo]

Voici le rapport

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Cyril at 2010-02-25 23:02:34

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 68 GB (46%) free of 148 GB

Total RAM: 3071 MB (61% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:02:48, on 25/02/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Windows\System32\oodtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Cyril\Downloads\RSIT.exe

C:\Program Files\trend micro\Cyril.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 208.67.222.222,212.27.53.252,208.67.220.220,212.27.32.177,212.27.54.252

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 9621 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\Maintenance en 1 clic.job

C:\Windows\tasks\PCConfidential.job

C:\Windows\tasks\RegPowerClean.job

C:\Windows\tasks\RPCReminder.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]

Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2008-12-04 144688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-15 761840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-20 4493312]

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-06 86016]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-06 8530464]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-10 2173440]

"OODefragTray"=C:\Windows\system32\oodtray.exe [2007-05-11 2512392]

"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

"NPSStartup"= []

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

""= []

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-07-10 3055616]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-01-17 102400]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"BindDirectlyToPropertySetStorage"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e62d2ca-f30a-11de-9f02-001c2557e85b}]

shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ec758f3-4061-11de-bb25-001c2557e85b}]

shell\AutoRun\command - M:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a55ce9-728a-11dd-a09f-001c2557e85b}]

shell\AutoRun\command - L:\SETUP.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eab1496-17e7-11df-9494-001c2557e85b}]

shell\Auto\command - L:\launcher.exe

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\launcher.exe

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-02-25 22:03:35 ----D---- C:\_OTM

2010-02-25 15:25:59 ----D---- C:\rsit

2010-02-25 08:31:15 ----D---- C:\Program Files\ffdshow

2010-02-25 08:31:15 ----A---- C:\Windows\system32\pthreadGC2.dll

2010-02-25 08:18:22 ----D---- C:\Program Files\WinASPI

2010-02-25 08:10:26 ----A---- C:\Windows\avsredirect.dll

2010-02-25 08:04:50 ----D---- C:\Users\Cyril\AppData\Roaming\CoyoteReplay

2010-02-25 08:04:49 ----D---- C:\Program Files\CoyoteReplay

2010-02-25 07:52:40 ----A---- C:\Windows\system32\secproc_isv.dll

2010-02-25 07:52:38 ----A---- C:\Windows\system32\secproc.dll

2010-02-25 07:52:28 ----A---- C:\Windows\system32\RMActivate_isv.exe

2010-02-25 07:52:26 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2010-02-25 07:52:26 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2010-02-25 07:52:25 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2010-02-25 07:52:25 ----A---- C:\Windows\system32\secproc_ssp.dll

2010-02-25 07:52:25 ----A---- C:\Windows\system32\RMActivate.exe

2010-02-25 07:52:25 ----A---- C:\Windows\system32\msdrm.dll

2010-02-25 07:52:22 ----A---- C:\Windows\system32\gameux.dll

2010-02-25 07:52:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-02-25 07:52:21 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-02-24 22:48:24 ----D---- C:\Users\Cyril\AppData\Roaming\HPAppData

2010-02-23 22:02:17 ----A---- C:\Windows\system32\tzres.dll

2010-02-23 22:02:06 ----A---- C:\Windows\system32\jscript.dll

2010-02-19 22:54:00 ----D---- C:\ProgramData\Sun

2010-02-19 22:53:30 ----A---- C:\Windows\system32\javaws.exe

2010-02-19 22:53:30 ----A---- C:\Windows\system32\javaw.exe

2010-02-19 22:53:30 ----A---- C:\Windows\system32\java.exe

2010-02-17 23:10:55 ----HD---- C:\$AVG

2010-02-16 23:55:04 ----D---- C:\ProgramData\Alwil Software

2010-02-14 19:59:25 ----D---- C:\ProgramData\Temp

2010-02-12 08:58:38 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-02-12 08:58:38 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-02-12 08:58:29 ----A---- C:\Windows\system32\quartz.dll

2010-02-12 08:58:29 ----A---- C:\Windows\system32\msvidc32.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\tsbyuv.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\msyuv.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\msrle32.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\mciavi32.dll

2010-02-12 08:58:28 ----A---- C:\Windows\system32\iyuv_32.dll

2010-02-12 08:58:27 ----A---- C:\Windows\system32\msvfw32.dll

2010-02-12 08:58:27 ----A---- C:\Windows\system32\avifil32.dll

2010-02-06 16:21:54 ----D---- C:\Users\Cyril\AppData\Roaming\HpUpdate

2010-02-06 16:21:52 ----D---- C:\Windows\Hewlett-Packard

2010-02-06 15:36:46 ----D---- C:\ProgramData\HPSSUPPLY

2010-02-06 15:12:20 ----D---- C:\ProgramData\WEBREG

2010-02-06 14:59:07 ----D---- C:\Users\Cyril\AppData\Roaming\HP

2010-02-06 14:53:16 ----D---- C:\ProgramData\HP Product Assistant

2010-02-06 14:51:46 ----D---- C:\Program Files\Common Files\HP

2010-02-06 14:51:20 ----D---- C:\Program Files\Common Files\Hewlett-Packard

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hppldcoi.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hposwia_d02c.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hpost_d02c.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\hposc_d02a.dll

2010-02-06 14:50:15 ----A---- C:\Windows\system32\difxapi.dll

2010-02-06 14:49:57 ----A---- C:\Windows\system32\hpzids01.dll

2010-02-06 14:49:55 ----A---- C:\Windows\system32\hpf3l70v.dll

2010-02-06 14:49:18 ----HD---- C:\Config.Msi

2010-02-06 14:48:08 ----D---- C:\Program Files\HP

2010-02-06 14:45:52 ----D---- C:\ProgramData\HP

2010-02-06 12:42:46 ----D---- C:\Users\Cyril\AppData\Roaming\ArchiFacile

2010-01-30 15:57:02 ----D---- C:\Program Files\Bonjour

2010-01-30 15:15:56 ----D---- C:\Program Files\Common Files\Macrovision Shared

 

======List of files/folders modified in the last 1 months======

 

2010-02-25 23:02:45 ----D---- C:\Windows\Prefetch

2010-02-25 23:02:36 ----D---- C:\Program Files\trend micro

2010-02-25 23:02:31 ----D---- C:\Windows\temp

2010-02-25 22:50:33 ----SHD---- C:\System Volume Information

2010-02-25 22:09:37 ----D---- C:\Windows\System32

2010-02-25 22:09:37 ----D---- C:\Windows\inf

2010-02-25 22:09:37 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-02-25 22:07:41 ----D---- C:\Windows\Tasks

2010-02-25 22:05:28 ----D---- C:\Windows\system32\LogFiles

2010-02-25 22:05:08 ----D---- C:\Windows

2010-02-25 22:03:37 ----SD---- C:\Users\Cyril\AppData\Roaming\Microsoft

2010-02-25 15:20:59 ----HD---- C:\Windows\system32\drivers

2010-02-25 15:20:59 ----D---- C:\Windows\Panther

2010-02-25 12:36:36 ----D---- C:\ProgramData\Spyware Terminator

2010-02-25 08:32:17 ----D---- C:\Program Files\AviSynth 2.5

2010-02-25 08:32:00 ----D---- C:\Windows\winsxs

2010-02-25 08:31:15 ----D---- C:\Program Files

2010-02-25 08:21:48 ----D---- C:\Windows\system32\catroot

2010-02-25 08:18:43 ----RSD---- C:\Windows\Fonts

2010-02-25 08:18:43 ----D---- C:\Windows\AppPatch

2010-02-25 08:18:43 ----D---- C:\Program Files\Windows Mail

2010-02-25 08:18:24 ----D---- C:\Windows\system

2010-02-25 08:04:49 ----D---- C:\Program Files\Mozilla Firefox

2010-02-25 07:53:36 ----D---- C:\Windows\system32\catroot2

2010-02-25 07:35:43 ----D---- C:\Users\Cyril\AppData\Roaming\Spyware Terminator

2010-02-24 23:18:01 ----D---- C:\ProgramData

2010-02-24 22:43:53 ----D---- C:\Users\Cyril\AppData\Roaming\dvdcss

2010-02-23 22:27:18 ----D---- C:\Windows\rescache

2010-02-23 22:03:03 ----D---- C:\Windows\system32\fr-FR

2010-02-23 19:29:44 ----D---- C:\Windows\system32\oodag

2010-02-21 22:25:45 ----D---- C:\Program Files\OpenOffice.org 3

2010-02-21 21:23:17 ----A---- C:\Windows\system32\PnkBstrB.exe

2010-02-20 08:33:02 ----D---- C:\Users\Cyril\AppData\Roaming\FileZilla

2010-02-19 22:53:59 ----SHD---- C:\Windows\Installer

2010-02-19 22:53:50 ----D---- C:\Program Files\Common Files\Java

2010-02-19 22:53:17 ----D---- C:\Program Files\Java

2010-02-19 20:31:40 ----D---- C:\Users\Cyril\AppData\Roaming\XnView

2010-02-17 10:40:43 ----D---- C:\ProgramData\Spybot - Search & Destroy

2010-02-17 00:00:26 ----D---- C:\Program Files\Alwil Software

2010-02-15 15:48:37 ----HD---- C:\Program Files\InstallShield Installation Information

2010-02-15 15:48:28 ----D---- C:\Program Files\CyberLink

2010-02-14 20:10:49 ----D---- C:\ProgramData\CyberLink

2010-02-12 09:00:33 ----D---- C:\ProgramData\Microsoft Help

2010-02-11 19:53:36 ----A---- C:\Windows\system32\aswBoot.exe

2010-02-08 11:40:43 ----D---- C:\Program Files\Internet Explorer

2010-02-06 14:58:51 ----A---- C:\Windows\win.ini

2010-02-06 14:57:57 ----D---- C:\Windows\twain_32

2010-02-06 14:51:46 ----D---- C:\Program Files\Common Files

2010-01-30 17:01:03 ----D---- C:\Users\Cyril\AppData\Roaming\Adobe

2010-01-30 15:57:56 ----D---- C:\Program Files\Adobe

2010-01-30 15:57:33 ----D---- C:\ProgramData\Adobe

2010-01-30 15:57:00 ----D---- C:\Program Files\Common Files\Adobe

2010-01-29 11:56:16 ----D---- C:\Windows\system32\Tasks

2010-01-28 00:13:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-05-09 142592]

R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]

R3 camfilt2;camfilt2; C:\Windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-22 1788056]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-10 6144]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8230496]

R3 PAC7302;Hercules Classic Link; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]

R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2008-09-09 48128]

R3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2008-11-04 44320]

R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S3 ar3mbbci;ar3mbbci; C:\Windows\system32\drivers\ar3mbbci.sys []

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-03-15 14336]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\Windows\system32\DRIVERS\se58bus.sys [2006-09-05 61536]

S3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 ZSMC301b;Philips SPC315NC Webcam; C:\Windows\System32\Drivers\usbVM31b.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]

R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-04-07 233472]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]

R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-03 66872]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-05-09 487424]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-15 194032]

S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 654848]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

 

-----------------EOF-----------------

[Thanos]

Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

-Ferme tous les programmes et clique sur "Fix Checked"

 

Un reste de Norton à désinstaller comme ceci >>

 

Ce programme est particulièrement difficile à supprimer entièrement! Ceci dit, un petit programme proposé par l'éditeur de l'antivirus (Symantec) se charge de le faire automatiquement >>

 

Télécharge Norton_Removal_Tool sur ton bureau.

 

Fais un clic droit sur l'icône de Norton Removal tool puis choisis Exécuter en tant qu'administrateur).

Suis les indications à l'écran : il est possible que tu doives redémarrer plusieurs fois.

 

Attention: ce programme désinstalle aussi d'autres produits Symantec! Si tu as installé Ghost sur ce pc par exemple, ne lance pas cet utilitaire!

 

Le problème initial persiste il ?

[Captainigloo]

Comment faire cela

 

Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

 

Le programme que j'ai telechargé ne me propose qu'une production de LOG Hijackthis, rien qui ressemble à un logiciel avec des boutons "Do a system scan only"

 

Je suis peut être nul, il faut que tu me donnes plus de précisions merci de ton aide.

 

Ok vu programfile trend micro

Modifié le 25 février 2010 par Captainigloo

[Captainigloo]

Ok je pense avoir tout fait comme il faut.

 

que dois je faire maintenant :P

 

Merci