mon DD se remplit tout seul : infection?

[helgwen]

Bonjour,

Depuis 2 jours, mon disque dur se remplit tout seul, petit à petit. Au début j'ai 32 GO d'espace libre, puis 2 à 3 heures après j'ai un message qui m'indique que je n'ai plus de place sur mon DD... Mon ordi est-il infecté??

Voici le rapport HijackThis

Merci ++ pour votre aide.

**************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:55, on 18/04/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Hélène\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100

O8 - Extra context menu item: Télécharger &Tout avec FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: Télécharger avec &FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOOGLEDESKTOPNETWORK3.DLL

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c99299dca60850) (gupdate1c99299dca60850) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 11648 bytes

[helgwen]

Bonjour,

 

N'ayant pas obtenu de réponse, je me permets de relancer le sujet et je vous remercie pour votre aide.

[Falkra]

Bonjour, ce n'est pas un symptôme caractéristique, et ton rapport ne montre rien d'anormal.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.
  

[helgwen]

Merci++ pour ton aide Falkra

Voici le 1er rapport :

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Hélène at 2010-04-21 19:43:58

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 22 GB (15%) free of 144 GB

Total RAM: 2046 MB (42% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:44:06, on 21/04/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\AGEIA Technologies\TrayIcon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\Taskmgr.exe

C:\Users\Hélène\Desktop\RSIT.exe

C:\Users\Hélène\Desktop\Hélène.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\Windows\system32\BhoECart.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100

O8 - Extra context menu item: Télécharger &Tout avec FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: Télécharger avec &FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O13 - Gopher Prefix:

O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOOGLEDESKTOPNETWORK3.DLL

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c99299dca60850) (gupdate1c99299dca60850) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 12187 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Extension de garantie.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\NeroLiveEpgUpdate-HELGWEN_Hélène.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]

ECarteBleueBrowserHelper Class - C:\Windows\system32\BhoECart.dll [2005-12-08 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-18 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}]

ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-01-25 299008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - Nuance PDF - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll [2008-01-25 299008]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-02-09 845360]

"PowerManager"=C:\Program Files\Power Manager\PM.exe [2007-05-16 29696]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]

"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]

"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]

"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\TrayIcon.exe [2006-08-16 339968]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2009-10-14 104408]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-20 13543968]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-20 92704]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-09-07 251336]

"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-10 39408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]

C:\Windows\BisonCam\BisonHK.exe [2007-05-16 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

C:\PROGRA~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2007-02-20 199752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk]

[]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\GOOGLE\GOOGLE~3\GOOGLEDESKTOPNETWORK3.DLL"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

"UacDisableNotify"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

"NoActiveDesktop"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"BindDirectlyToPropertySetStorage"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45dd1564-c87b-11dd-a385-001060d01767}]

shell\AutoRun\command - E:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{826a6861-2523-11de-9ab4-00140b388e69}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\NoLimit.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6c4f9d-2e68-11df-af93-00140b388e69}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\NoLimit.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f000af6e-ef50-11de-bbc5-00140b388e69}]

shell\AutoRun\command - I:\Launch.exe

 

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2010-04-18 16:41:41 ----D---- C:\Users\Hélène\AppData\Roaming\JAM Software

2010-04-18 16:41:28 ----D---- C:\Program Files\JAM Software

2010-04-16 19:54:43 ----D---- C:\rsit

2010-04-16 16:49:58 ----A---- C:\FyK.txt

2010-04-16 11:31:13 ----SHD---- C:\Config.Msi

2010-04-15 08:24:56 ----D---- C:\ProgramData\Sun

2010-04-15 08:19:41 ----A---- C:\Windows\system32\javaws.exe

2010-04-15 08:19:41 ----A---- C:\Windows\system32\javaw.exe

2010-04-15 08:19:41 ----A---- C:\Windows\system32\java.exe

2010-04-15 08:19:41 ----A---- C:\Windows\system32\deployJava1.dll

2010-04-15 07:46:09 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-04-15 07:46:09 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-04-15 07:46:02 ----A---- C:\Windows\system32\vbscript.dll

2010-04-15 07:45:56 ----A---- C:\Windows\system32\iphlpsvc.dll

2010-04-14 10:57:17 ----D---- C:\Program Files\Common Files\INCA Shared

2010-04-14 10:16:58 ----D---- C:\gPotato.eu

2010-04-14 08:22:36 ----A---- C:\Windows\system32\cabview.dll

2010-04-14 08:22:32 ----A---- C:\Windows\system32\wintrust.dll

2010-04-13 06:56:07 ----A---- C:\Windows\system32\browserchoice.exe

2010-04-06 09:56:47 ----D---- C:\ProgramData\WinZip

2010-04-06 09:56:42 ----D---- C:\Program Files\WinZip

2010-03-31 09:56:51 ----A---- C:\Windows\system32\mshtml.dll

2010-03-31 09:56:48 ----A---- C:\Windows\system32\ieframe.dll

2010-03-31 09:56:46 ----A---- C:\Windows\system32\iertutil.dll

2010-03-31 09:56:45 ----A---- C:\Windows\system32\wininet.dll

2010-03-31 09:56:45 ----A---- C:\Windows\system32\urlmon.dll

2010-03-31 09:56:44 ----A---- C:\Windows\system32\occache.dll

2010-03-31 09:56:44 ----A---- C:\Windows\system32\msfeeds.dll

2010-03-31 09:56:44 ----A---- C:\Windows\system32\iedkcs32.dll

2010-03-31 09:56:43 ----A---- C:\Windows\system32\mstime.dll

2010-03-31 09:56:42 ----A---- C:\Windows\system32\ieui.dll

2010-03-31 09:56:41 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-03-31 09:56:41 ----A---- C:\Windows\system32\jsproxy.dll

2010-03-31 09:56:41 ----A---- C:\Windows\system32\ieUnatt.exe

2010-03-31 09:56:41 ----A---- C:\Windows\system32\iesysprep.dll

2010-03-31 09:56:41 ----A---- C:\Windows\system32\iepeers.dll

2010-03-31 09:56:40 ----A---- C:\Windows\system32\msfeedssync.exe

2010-03-31 09:56:40 ----A---- C:\Windows\system32\iesetup.dll

2010-03-31 09:56:40 ----A---- C:\Windows\system32\iernonce.dll

2010-03-31 09:56:40 ----A---- C:\Windows\system32\ie4uinit.exe

2010-03-28 19:20:15 ----D---- C:\Users\Hélène\AppData\Roaming\Malwarebytes

2010-03-28 19:19:59 ----D---- C:\ProgramData\Malwarebytes

2010-03-28 19:19:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-28 18:50:16 ----D---- C:\Program Files\trend micro

2010-03-28 14:34:14 ----D---- C:\FyK

 

======List of files/folders modified in the last 1 months======

 

2010-04-21 19:44:01 ----D---- C:\Windows\Temp

2010-04-21 19:31:19 ----D---- C:\Windows\Prefetch

2010-04-21 07:28:56 ----AD---- C:\ProgramData\TEMP

2010-04-21 07:14:57 ----AD---- C:\Windows\System32

2010-04-21 07:14:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-04-21 07:14:53 ----D---- C:\Windows\inf

2010-04-20 18:04:26 ----SHD---- C:\System Volume Information

2010-04-19 20:44:23 ----D---- C:\Users\Hélène\AppData\Roaming\vlc

2010-04-18 16:41:28 ----D---- C:\Program Files

2010-04-18 11:00:04 ----D---- C:\Windows\system32\drivers

2010-04-18 10:25:12 ----D---- C:\Windows\Debug

2010-04-18 10:25:12 ----D---- C:\Windows

2010-04-17 21:27:03 ----D---- C:\Users\Hélène\AppData\Roaming\TeraCopy

2010-04-17 09:41:05 ----D---- C:\Windows\winsxs

2010-04-16 19:52:59 ----D---- C:\Downloads

2010-04-16 19:02:58 ----SD---- C:\Windows\Downloaded Program Files

2010-04-16 11:47:41 ----D---- C:\Windows\system32\catroot

2010-04-16 11:37:54 ----D---- C:\Program Files\Windows Mail

2010-04-16 11:34:18 ----SHD---- C:\Windows\Installer

2010-04-15 08:55:54 ----D---- C:\Users\Hélène\AppData\Roaming\gtk-2.0

2010-04-15 08:24:56 ----HD---- C:\ProgramData

2010-04-15 08:24:55 ----D---- C:\Program Files\Common Files\Java

2010-04-15 08:19:26 ----D---- C:\Program Files\Java

2010-04-15 08:00:12 ----D---- C:\ProgramData\Microsoft Help

2010-04-15 07:45:38 ----D---- C:\Windows\system32\catroot2

2010-04-14 10:57:17 ----D---- C:\Program Files\Common Files

2010-04-14 06:36:00 ----D---- C:\Program Files\Google

2010-04-12 13:31:01 ----D---- C:\Windows\system32\oodag

2010-04-12 09:08:21 ----D---- C:\Users\Hélène\AppData\Roaming\dvdcss

2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe

2010-04-05 09:52:35 ----D---- C:\Program Files\QuickTime

2010-04-03 09:40:47 ----D---- C:\Program Files\Mozilla Firefox

2010-04-01 20:38:18 ----D---- C:\Windows\system32\migration

2010-04-01 20:38:18 ----D---- C:\Program Files\Internet Explorer

2010-03-29 08:19:49 ----D---- C:\Windows\BDOSCAN8

2010-03-28 17:54:18 ----D---- C:\Program Files\vghd

2010-03-23 18:55:31 ----D---- C:\Program Files\Dofus

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557

762; \??\C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2008-12-11 22304]

R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\Windows\system32\Drivers\nvport.sys [2006-05-05 4608]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-01-10 28520]

R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000]

R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336]

R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-04-16 278984]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2007-11-11 18048]

R3 Cam5607;Bison WebCam; C:\Windows\System32\Drivers\BisonC07.sys [2007-07-23 971944]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]

R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-11-05 182272]

R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]

R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-20 7546080]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-08-25 15872]

R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2006-03-29 9856]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-11-11 181792]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-02-09 182456]

R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]

R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]

S3 aduf6z29;aduf6z29; C:\Windows\system32\drivers\aduf6z29.sys []

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]

S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-09-28 7168]

S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]

S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]

S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]

S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]

S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-10 31616]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-01-10 194817]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-10 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-10 185089]

R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-01-10 434945]

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 CSHelper;CopySafe Helper Service; C:\Windows\system32\CSHelper.exe [2009-03-21 266240]

R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-12-18 457248]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]

R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]

R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]

R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-12-18 191008]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-20 196608]

R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-06-29 1049856]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]

R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-03-06 266343]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]

R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe []

S2 gupdate1c99299dca60850;Google Update Service (gupdate1c99299dca60850); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-19 133104]

S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-01 30192]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-02-24 3432444]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []

S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-01-02 1174664]

S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 129880]

 

-----------------EOF-----------------

Modifié le 21 avril 2010 par helgwen

[helgwen]

et le second :

 

info.txt logfile of random's system information tool 1.06 2010-04-21 19:38:49

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

7-Zip 4.58 beta-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}

Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}

Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"

AGEIA PhysX v2.5.1-->"C:\Program Files\AGEIA Technologies\uninstall.exe"

ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"

Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ArtistScope Plugin FX-->"C:\Program Files\Mozilla Firefox\plugins\uninstall.exe" "/U:C:\Program Files\Mozilla Firefox\plugins\Uninstall\uninstall.xml"

ArtistScope Plugin IE-->"C:\Program Files\Internet Explorer\plugins\uninstall.exe" "/U:C:\Program Files\Internet Explorer\plugins\Uninstall\uninstall.xml"

Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}

Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe

Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"

AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"

AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

Bison WebCam-->Rundll32.exe BisonR07.dll,WinMainRmv

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Blu-ray Disc Authoring Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M13-0083-2710-5622-98W3-TL0A-THW4-9A0T"

Blu-ray/HD DVD Video Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="EC06-206A-99K5-2527-940M-3227-K7XK"

Calculatrice Euro 1.4b (05/05/2001)-->"C:\Program Files\Calculatrice Euro\unins000.exe"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Classic Menu 3.x for Office 2007-->"C:\Program Files\Classic Menu for Office\unins000.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IFICVENza.INF

Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}

DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}

DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe

Dragonica(FR)-->C:\gPotato.eu\Dragonica\uninst.exe

Driver Magician 3.45-->"C:\Program Files\Driver Magician\unins000.exe"

DTS Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9K00-0003-8M80-6320-5043-1458-XAA5"

e-Carte Bleue La Banque Postale-->"C:\Program Files\InstallShield Installation Information\{11B0F8D4-FD80-4800-ABA8-50D28FF769AF}\setup.exe" -runfromtemp -l0x040c -removeonly

erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}

Fichiers système-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Micro Application\Fichiers système\Uninst.isu"

Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"

Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1045\Installer\setup.exe" --uninstall --system-level

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466}

Gracenote Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M0C-01A2-K817-3LK8-9X6M-WK3U-L942-3WE1"

HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"

IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

K-Lite Codec Pack 4.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Luxor 4 Quest For The Afterlife 1.00-->C:\Program Files\Games\Luxor 4 Quest For The Afterlife\Uninstall.exe

Magic Ball 3-->C:\Program Files\Alawar\Magic Ball 3\uninstal.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Encarta 2009 - Collection-->MsiExec.exe /I{09180081-2C94-4A67-8E55-8483C019C7D2}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Photo Pro Suite 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}

Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}

Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}

Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}

Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

mp3PRO Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9C00-E0A2-98K1-294K-06XC-MX2C-X988"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nero 7 Ultra Edition-->MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831036}

Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"

Nero BackItUp 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M11-01CA-032E-01A5-AA9C-H44K-6T9U-X4HW"

Nero MediaHome 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-019C-TTET-880Z-5PUM-6XA2-5MEC-35WM"

Nero Move it-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M09-01AC-5TE3-KEU9-177W-C6E0-6KCT-2W4K"

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nuance PDF Professional 5-->MsiExec.exe /I{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x040c -removeonly

NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}

NVIDIA Media Center Extensions-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4BE15737-07C5-4705-9DFC-D9D533939942}\setup.exe" -l0x9 -uninstall

NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x40c -uninstall

O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}

Opera 10.10-->MsiExec.exe /X{FB8148DD-C575-4B0A-9F6C-0CFC46937930}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Packard Bell ImageWriter v1.1-->"C:\Program Files\Packard Bell ImageWriter\unins000.exe"

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

Petit Larousse 2010-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{422FADA9-FED2-41D7-B5FA-472BB98B7784}\Setup.exe" -l0x40c

Pilote vidéo Pinnacle-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}

Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}

Pinnacle Studio 14-->MsiExec.exe /I{AADD1C8F-D59F-4D55-A726-768C71A205A8}

Power Manager 2.1.10-->"C:\Program Files\Power Manager\unins000.exe"

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly

REALTEK USB Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x040c -removeonly

REALTEK Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x40C

Registry Mechanic 9.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log

Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}

SeaTools for Windows-->"C:\Program Files\Seagate\unins000.exe"

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

SUPER © Version 2010.bld.37 (Jan 2, 2010)-->C:\PROGRA~1\eRightSoft\SUPER\Setup.exe /remove /q0

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}

TeraCopy 2.0 beta 3-->"C:\Program Files\TeraCopy\unins000.exe"

TreeSize Free V2.3.3-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"

TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}

Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x40c

Uniblue RegistryBooster 2009-->"C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE

Uniblue RegistryBooster 2009-->C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}

Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}

Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

Vegas Pro 9.0-->MsiExec.exe /X{56415658-366E-4E28-A6BD-68EC63E560E0}

VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WBFS Manager 3.0-->C:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe

WinDjView 1.0.3-->C:\Program Files\WinDjView\uninstall.exe

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}

Xilisoft HD Video Converter-->C:\Program Files\Xilisoft\HD Video Converter\Uninstall.exe

 

======Security center information======

 

AS: Avira AntiVir PersonalEdition (outdated)

AS: Windows Defender

 

======System event log======

 

Computer Name: Helgwen

Event Code: 36

Message: Le service de temps n'a pas été synchronisé avec l'heure du système pendant 86400 secondes, car aucun des fournisseurs de service de temps n'a fourni de marque horaire utilisable. Le service de temps ne mettra pas à jour l'heure du système local avant de pouvoir effectuer une synchronisation avec une source de temps. Si l'heure du système local est configurée de manière à agir en tant que serveur de temps pour les clients, il arrêtera de publier des informations en tant que source de temps aux clients. Le service de temps continuera d'essayer et de synchroniser l'heure avec ses sources de temps. Vérifiez la présence d'autres événements W32time dans le journal des événements du système pour plus de détails. Exécutez « w32tm /resync » pour forcer une synchronisation d'heure instantanée.

Record Number: 589190

Source Name: Microsoft-Windows-Time-Service

Time Written: 20091012050611.000000-000

Event Type: Avertissement

User:

 

Computer Name: Helgwen

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\DR5 lors d'une opération de pagination.

Record Number: 589168

Source Name: disk

Time Written: 20091011184859.957237-000

Event Type: Avertissement

User:

 

Computer Name: Helgwen

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\DR5 lors d'une opération de pagination.

Record Number: 589167

Source Name: disk

Time Written: 20091011184859.946237-000

Event Type: Avertissement

User:

 

Computer Name: Helgwen

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\DR5 lors d

[Falkra]

Il y a des petites choses à virer, mais rien de directement méchant, juste des résidus. Au passageon va alléger un peu le démarrage (un tout petit peu).

 

Télécharge OTMoveIt (OTM) par OldTimer.

• Enregistre ce fichier sur le Bureau.
  
• Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Windows Vista ou 7, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :processes
  :files
  C:\FyK.txt
  C:\FyK
  C:\autorun.inf
  D:\autorun.inf
  E:\autorun.inf
  F:\autorun.inf
  
  
  :reg 
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{826a6861-2523-11de-9ab4-00140b388e69}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6c4f9d-2e68-11df-af93-00140b388e69}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "QuickTime Task"=-
  "Adobe ARM"=-
  "toolbar_eula_launcher"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  "ISUSPM"=-
  
  :Services
  HMFAxCore8ca4fd17866cac11805503e882557762
  aduf6z29
  
  :commands
  [zipfiles]
  [Start Explorer]

  
  

• Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  
• Clique sur le bouton rouge Moveit!.
  
• Ferme OTMoveIt3
  
• Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

----------------

 

Il y a eu des petits plantages côté disque dur.

 

Vérifie aussi le disque dur (sans vérifier les secteurs défectueux, c'est trop long et ce n'est pas nécessaire pour le moment) :

http://windows.microsoft.com/fr-FR/windows...disk-for-errors

[helgwen]

J'ai fait une vérification du disque dur. Il continue malheureusement à se remplir tout seul...

Voici le rapport OTMoveIt3 et encore un big merci !! :

 

========== PROCESSES ==========

========== FILES ==========

C:\FyK.txt moved successfully.

C:\FyK\Tools folder moved successfully.

C:\FyK folder moved successfully.

File/Folder C:\autorun.inf not found.

File/Folder D:\autorun.inf not found.

File/Folder E:\autorun.inf not found.

File/Folder F:\autorun.inf not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{826a6861-2523-11de-9ab4-00140b388e69}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826a6861-2523-11de-9ab4-00140b388e69}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c6c4f9d-2e68-11df-af93-00140b388e69}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c6c4f9d-2e68-11df-af93-00140b388e69}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\toolbar_eula_launcher deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.

========== SERVICES/DRIVERS ==========

Error: Unable to stop service HMFAxCore8ca4fd17866cac11805503e882557762!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMFAxCore8ca4fd17866cac11805503e882557762 deleted successfully.

Error: No service named aduf6z29 was found to stop!

Service\Driver key aduf6z29 not found.

========== COMMANDS ==========

 

OTM by OldTimer - Version 3.1.10.2 log created on 04222010_194649

Modifié le 22 avril 2010 par helgwen

[Falkra]

Ca, il fallait qu'on le fasse, de toute façon.

 

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

• Sections, IAT
  
• **Assure-toi que "Show All" est décoché**
  

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

[helgwen]

Voilà le rapport :

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-23 07:44:22

Windows 6.0.6002 Service Pack 2

Running: 72nxe80j.exe; Driver: C:\Users\HLNE~1\AppData\Local\Temp\kwtdipod.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 9D0C9924 ZwCreateThread

SSDT 9D0C9910 ZwOpenProcess

SSDT 9D0C9915 ZwOpenThread

SSDT 9D0C991F ZwTerminateProcess

 

INT 0x51 ? 84059BF8

INT 0x51 ? 84059BF8

INT 0x51 ? 85C11BF8

INT 0x51 ? 84059BF8

INT 0x53 ? 85C11BF8

INT 0x63 ? 85C11BF8

INT 0x72 ? 84059BF8

INT 0x82 ? 84059BF8

INT 0xB4 ? 85C11BF8

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 84E171F8

 

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

 

Device \Driver\volmgr \Device\VolMgrControl 8405B1F8

Device \Driver\usbohci \Device\USBPDO-0 85C131F8

Device \Driver\usbehci \Device\USBPDO-1 85C141F8

Device \Driver\usbohci \Device\USBPDO-2 85C131F8

Device \Driver\usbehci \Device\USBPDO-3 85C141F8

Device \Driver\sptd \Device\1677488407 spwy.sys

Device \Driver\volmgr \Device\HarddiskVolume1 8405B1F8

Device \Driver\volmgr \Device\HarddiskVolume2 8405B1F8

Device \Driver\cdrom \Device\CdRom0 85D30500

Device \Driver\PCI_PNP4398 \Device\00000059 spwy.sys

Device \Driver\cdrom \Device\CdRom1 85D30500

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E161F8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 84E161F8

Device \Driver\atapi \Device\Ide\IdePort0 84E161F8

Device \Driver\atapi \Device\Ide\IdePort1 84E161F8

Device \Driver\atapi \Device\Ide\IdePort2 84E161F8

Device \Driver\atapi \Device\Ide\IdePort3 84E161F8

Device \Driver\netbt \Device\NetBt_Wins_Export 874B4500

Device \Driver\Smb \Device\NetbiosSmb 874A81F8

Device \Driver\iScsiPrt \Device\RaidPort0 85CD7500

Device \Driver\usbohci \Device\USBFDO-0 85C131F8

Device \Driver\usbehci \Device\USBFDO-1 85C141F8

Device \Driver\netbt \Device\NetBT_Tcpip_{EA523D2F-259E-4A7B-9521-87CF3B5E109D} 874B4500

Device \Driver\usbohci \Device\USBFDO-2 85C131F8

Device \Driver\netbt \Device\NetBT_Tcpip_{4233F09E-CBB8-44C6-9278-79A4DCA0504F} 874B4500

Device \Driver\usbehci \Device\USBFDO-3 85C141F8

Device \Driver\anmo7tg7 \Device\Scsi\anmo7tg71 85CCD1F8

Device \Driver\anmo7tg7 \Device\Scsi\anmo7tg71Port5Path0Target0Lun0 85CCD1F8

Device \FileSystem\cdfs \Cdfs A3D231F8

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d15564

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0xFD 0x03 0x48 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xF5 0x39 0xD6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8F 0x44 0x6F 0x88 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0x7A 0x93 0x2B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0xD0 0xE4 0x6D ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d15564 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC8 0xFD 0x03 0x48 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x50 0xF5 0x39 0xD6 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8F 0x44 0x6F 0x88 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0x7A 0x93 0x2B ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x13 0xD0 0xE4 0x6D ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION A35600D3EE0A9EE689C247BA6E4547C14B25D7CD15156D8CCD20E526063F9B82587457105F743523

73796534B3CAF8250E9F84D0E24E59FC748BA389B21B1FEA9D383ABE4613DB1EBCB19FF3D81533EA3

3D83CD25150E807BF3B852D2321CB628BF546A0FC006606033341B64AFD8406FD2A992782D6080835

380F204D0D8B508F098F1FED985A6838C70A5C862631D0056EA749FEBC9E127BECC74CFEBC9E127BE

CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC

7933A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C7A996AE9CBA31FF83649F718D13BC

BCBB024A02A547127782D54084FFBADE81D15E248A33CC0173837F335613CAEB2A75B16F4A29382B4

AE21A2DF374C345A172E2BB581C0244256B1F3276F411C59C6B38AA2F78F68137AB75B80AFA2FC7E0

AA8E8F06BC1AD19899D82C4F2EFF582FCE71880419DC7F4E4F416BF5AB8FD15D8FCD56C2CFEC608AF

871A3F7F29B36ABD381C99FC654B019DEC31A53F9B304F89B6F14BF20858EE4790F8F70EA452BA227

9372E0C619E4FF54BCD6EC6AA92D648F2FB69D344D02175EB2306FAEDD09666954CB1B4E3716F634E

CF0C419D2544E266FD54476CA36780E25F3286E232126D0A83CA200EF96200C6E021DFF96F284ED83

F4C260EC67CD5D0397D5637FD363968CA565BD86F9F899DEE86B

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

 

---- EOF - GMER 1.0.15 ----

[Falkra]

Il n'y a rien de nuisible/malveillant qui tourne sur la machine, ça doit être un programme à toi qui fait ça.

 

Parfois les programmes de p2p (eMule, Vuze, Azureus, etc), font de gros fichiers temporaires, ça remplit le disque, ou des bugs dans des antivirus ou autres qui font des fichiers de rapports énormes.

 

Installe ce petit programme pour déterminer quel dossier devient si énorme :

http://www.libellules.ch/dotclear/index.ph.../Disk-Space-Fan