plus de wmv ni de recherche !

[amy5770]

bonjour à tous

 

Depuis quelques temps, la fonction RECHERCHER de xp ne marche plus et Windows Media Player non plus . (Dès que je le lance, rien ne se passe). J'ai réinstaller la v11. mais rien n'y fait

 

comme j'ai eu un virus il y a quelque temps sur une clé USB (détecté par antivir), est-il possible que ça soit lié et que ça ait endommagé qq chose ?

 

Qu'en pensez vous ???

 

merci à tous pour votre aide !!!

 

voici le rapport hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:03:32, on 29/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version4\TeamViewer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\V0350Mon.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ScanToPc.exe

C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\hijack\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomewebs.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhomewebs.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll

O2 - BHO: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WATCHPNP_Xerox] watchPnp.exe Xerox

O4 - HKLM\..\Run: [\\Lasry-ath\EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P42 "\\Lasry-ath\EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe

O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 12506 bytes

[Thanos]

Salut et bienvenue sur le forum

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton .

(bouton qui se trouve entre "Flash" et "Nouveau")

 

*********

 

1°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complêt"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

2°) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

Poste les 3 rapports stp.

[amy5770]

Bonsoir thanos

 

merci pour ton aide !!

voici le rapport de malwarebyte (déjà il y a l'air d'y avoir des virus!)

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4062

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

03/05/2010 20:48:33

mbam-log-2010-05-03 (20-48-33).txt

 

Type d'examen: Examen complet (C:\|D:\|F:\|)

Elément(s) analysé(s): 200243

Temps écoulé: 29 minute(s), 3 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 22

Fichier(s) infecté(s): 6

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-26 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-4 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-5 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-16 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-23 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-24 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-2 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-6 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-8 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-9 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-10 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-13 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-14 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-15 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-20 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-21 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-22 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-27 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-28 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-29 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\Bron.tok-3-3 (Worm.Brontok) -> Quarantined and deleted successfully.

C:\Documents and Settings\STAGE\Local Settings\Application Data\Bron.tok-3-5 (Worm.Brontok) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\LASRY\Local Settings\Application Data\caeeski_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\caeeski_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\caeeski.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\kqoae_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\kqoae_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\LASRY\Local Settings\Application Data\kqoae.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

[amy5770]

...et voici le 1e rapport de RSIT

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by LASRY at 2010-05-03 20:58:00

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 41 GB (55%) free of 74 GB

Total RAM: 958 MB (51% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:58:21, on 03/05/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\V0350Mon.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ScanToPc.exe

C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\LASRY\temp\TeamViewer\Version5\TeamViewer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\LASRY\Bureau\RSIT.exe

C:\Program Files\trend micro\LASRY.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomewebs.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhomewebs.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myhomewebs.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomewebs.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

R3 - URLSearchHook: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll

O2 - BHO: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: mywebsites.pro-FR Toolbar - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files\mywebsites.pro-FR\tbmywe.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [WATCHPNP_Xerox] watchPnp.exe Xerox

O4 - HKLM\..\Run: [\\Lasry-ath\EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P42 "\\Lasry-ath\EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Numérisation PC.lnk = C:\WINDOWS\ScanToPc.exe

O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Documents and Settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlfvideo.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

 

--

End of file - 10991 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]

mywebsites.pro-FR Toolbar - C:\Program Files\mywebsites.pro-FR\tbmywe.dll [2009-11-09 2331672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-04-17 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-12-31 2349080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils MSN - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll [2005-02-07 203464]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-04-17 806912]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2009-12-31 2349080]

{33727f97-486d-4d19-97c3-23f432ef93fc} - mywebsites.pro-FR Toolbar - C:\Program Files\mywebsites.pro-FR\tbmywe.dll [2009-11-09 2331672]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]

"ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

"nwiz"=nwiz.exe /install []

"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2006-01-19 110592]

"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497]

"WATCHPNP_Xerox"=watchPnp.exe Xerox []

"\\Lasry-ath\EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [2005-04-25 98304]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304]

"V0350Mon.exe"=C:\WINDOWS\V0350Mon.exe [2007-08-23 28672]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-12-21 39424]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 9]

C:\Program Files\Cobian Backup 9\Cobian.exe []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Numérisation PC.lnk - C:\WINDOWS\ScanToPc.exe

SMCWUSB-G 802.11g Wireless USB Utility.lnk - C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableCMD"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoFolderOptions"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"

"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"

"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"

"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

shell\AutoRun\command - K:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]

shell\AutoRun\command - N:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19791bae-b2cd-11db-9f72-00155838b4cf}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1db45d44-4868-11df-ad8b-00222d0bf7c6}]

shell\AutoRun\command - K:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{435f72b8-9041-11dc-9f56-00155838b4cf}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b571ea8-4d99-11dd-b51f-00155838b4cf}]

shell\AutoRun\command - K:\xsia.bat

shell\open\command - K:\xsia.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef98220-46fe-11df-ad85-00222d0bf7c6}]

shell\AutoRun\command - K:\LaunchU3.exe -a

 

 

======List of files/folders created in the last 1 months======

 

2010-05-03 20:58:01 ----D---- C:\Program Files\trend micro

2010-05-03 20:58:00 ----D---- C:\rsit

2010-05-03 20:08:58 ----D---- C:\Documents and Settings\LASRY\Application Data\Malwarebytes

2010-05-03 20:08:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-05-03 20:08:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-04-29 14:19:50 ----D---- C:\Program Files\ResponsaCD17b

2010-04-29 14:00:23 ----D---- C:\Program Files\hijack

2010-04-29 13:57:17 ----D---- C:\Program Files\WMV9_VCM

2010-04-29 13:55:21 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-04-29 13:51:26 ----D---- C:\Program Files\CCleaner

2010-04-27 19:17:12 ----D---- C:\Program Files\VirginMega

2010-04-27 19:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2010-04-27 19:16:00 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2010-04-27 19:15:47 ----D---- C:\Program Files\Windows Media Connect 2

2010-04-27 19:15:39 ----HD---- C:\WINDOWS\$NtUninstallwmp11$

2010-04-27 19:14:57 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$

2010-04-27 19:14:28 ----D---- C:\WINDOWS\system32\LogFiles

2010-04-27 19:14:23 ----HD---- C:\WINDOWS\$NtUninstallWudf01000$

2010-04-27 19:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2010-04-20 21:10:20 ----D---- C:\DBS

2010-04-19 20:05:58 ----D---- C:\?? ????

2010-04-19 19:48:10 ----D---- C:\WINDOWS\RegisteredPackages

2010-04-19 19:47:30 ----D---- C:\Program Files\Winamp

2010-04-19 19:47:30 ----D---- C:\Documents and Settings\LASRY\Application Data\Winamp

2010-04-18 10:18:06 ----A---- C:\LOG5.tmp

2010-04-15 10:34:03 ----D---- C:\Shuki_II

2010-04-14 19:46:41 ----D---- C:\Program Files\mywebsites.pro-FR

2010-04-14 19:23:02 ----A---- C:\WINDOWS\system32\HCPSTool.dll

2010-04-14 19:23:02 ----A---- C:\WINDOWS\system32\HCPSMng.exe

2010-04-14 19:23:02 ----A---- C:\WINDOWS\system32\HCPS98Tool.dll

2010-04-13 11:22:32 ----D---- C:\Program Files\free-downloads.net

2010-04-13 11:22:32 ----D---- C:\Program Files\Conduit

2010-04-13 11:21:22 ----D---- C:\Program Files\Alcohol Soft

2010-04-13 11:17:48 ----D---- C:\Documents and Settings\LASRY\Application Data\WinRAR

2010-04-13 11:17:21 ----D---- C:\Program Files\WinRAR

2010-04-13 10:58:33 ----N---- C:\WINDOWS\system32\browserchoice.exe

2010-04-13 10:33:12 ----D---- C:\Program Files\ResponsaCD17

2010-04-13 10:29:20 ----D---- C:\WINDOWS\pss

2010-04-13 10:26:41 ----D---- C:\Documents and Settings\LASRY\Application Data\Creative

2010-04-13 10:23:17 ----D---- C:\Program Files\Creative

2010-04-09 15:31:00 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2010-04-09 15:20:19 ----N---- C:\WINDOWS\V0350Mon.exe

2010-04-09 15:20:19 ----A---- C:\WINDOWS\CtDrvIns.exe

2010-04-09 15:20:18 ----A---- C:\WINDOWS\system32\V0350Vfw.dll

2010-04-09 15:20:18 ----A---- C:\WINDOWS\system32\V0350Afx.dll

2010-04-09 15:20:18 ----A---- C:\WINDOWS\system32\cximage.dll

2010-04-09 15:20:17 ----A---- C:\WINDOWS\system32\V0350Pin.dll

2010-04-09 15:20:17 ----A---- C:\WINDOWS\system32\V0350Hwx.dll

2010-04-09 15:20:17 ----A---- C:\WINDOWS\system32\V0350Cvw.dll

2010-04-09 15:20:16 ----A---- C:\WINDOWS\system32\CtCamMgr.dll

2010-04-09 15:20:14 ----D---- C:\WINDOWS\CtDrvInstall

2010-04-09 15:19:30 ----D---- C:\Live! Cam

2010-04-09 14:55:04 ----A---- C:\WINDOWS\system32\E_FBCHADE.DLL

2010-04-09 14:55:03 ----A---- C:\WINDOWS\system32\E_FLMADE.DLL

2010-04-09 14:55:03 ----A---- C:\WINDOWS\system32\E_FBCBADE.DLL

2010-04-09 14:46:02 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON

2010-04-09 14:44:58 ----A---- C:\LOG1E.tmp

2010-04-09 14:22:30 ----D---- C:\Program Files\SMC

2010-04-09 14:22:03 ----D---- C:\WINDOWS\{9CA05E9B-68D2-4EEC-8569-8C474416B082}

 

======List of files/folders modified in the last 1 months======

 

2010-05-03 20:55:16 ----A---- C:\WINDOWS\system32\eRLog.ini

2010-05-03 20:51:38 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-27 19:15:54 ----A---- C:\WINDOWS\win.ini

2010-04-20 21:20:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-13 15:16:28 ----RASH---- C:\boot.ini

2010-04-13 15:16:28 ----A---- C:\WINDOWS\system.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-28 75096]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]

R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2001-03-06 40448]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []

R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]

R2 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-23 6144]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 VF0350Vfx;VF0350 Video FX; C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 7424]

R3 VF0350Vid;Live! Cam Video IM (VF0350); C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 170368]

R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2008-04-11 722432]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 a3suj2so;a3suj2so; C:\WINDOWS\system32\drivers\a3suj2so.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-05 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-05 15360]

S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys []

S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 V0350Afx;Creative Camera VF0350 Audio Effects Driver; C:\WINDOWS\system32\DRIVERS\V0350Afx.sys [2008-04-30 160768]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-27 68865]

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-27 151297]

R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[amy5770]

et le 2e rapport !

 

bonne lecture et encore merci, thanos !

 

info.txt logfile of random's system information tool 1.06 2010-05-03 20:58:24

 

======Uninstall list======

 

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\DeIsL7.isu

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c

Acer eMode Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0x40c

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove

Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c /remove

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Barre d'outils MSN-->C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Ciel Compta pour Windows-->C:\WINDOWS\unin040c.exe -fC:\CIEL\WCPTA\DeIsL1.isu

Ciel eSauvegarde V2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBF7A3DA-880B-4747-AB57-D74A4EBAC69E}\install.exe" UNINSTALL

Ciel Paye 15.20-->MsiExec.exe /I{67C72E50-D287-47CB-B2A3-3014A3005E3A}

Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x40c /remove

Creative Live! Cam Video Chat or Video IM (VF0350) Driver (1.04.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0350.uns -unsext NT -plugin V0350Pin.dll -pluginres CtCamPin.crl -langid 0x040C

Desinstallateur pilote TWAIN-->C:\WINDOWS\IsUn0c0c.exe -fC:\WINDOWS\twain.isu

EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG

EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x40c UNINST

EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST

EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u

EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

Guide d'utilisation ESPR240-->C:\Program Files\EPSON\TPMANUAL\ESPR240\USE_G\DOCUNINS.EXE

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mise à jour pour Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"

Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}

Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

mywebsites.pro-FR Toolbar-->C:\PROGRA~1\MYWEBS~1.PRO\UNWISE.EXE /U C:\PROGRA~1\MYWEBS~1.PRO\INSTALL.LOG

NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4

NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7

NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x40c

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_3265.exe" _?=C:\Program Files\PDFCreator Toolbar

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SMCWUSB-G 802.11g Wireless USB 2.0 Adapter-->C:\Program Files\InstallShield Installation Information\{802C87BF-3A1E-45B0-8C12-9527A5C572B3}\setup.exe -runfromtemp -l0x0409

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

TeamViewer 4 Host-->C:\Program Files\TeamViewer\Version4\uninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VirginMega.Fr Premium-->MsiExec.exe /I{D416E000-D999-470A-BCAC-98E717CC1AFC}

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Xerox WorkCentre Pro 412 PCL 6-->C:\WINDOWS\ISUN040C.EXE -f"C:\WINDOWS\wcp412PCL6.isu" -c"C:\WINDOWS\system32\wcp412P6.dll"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition (outdated)

 

======System event log======

 

Computer Name: JUDITH

Event Code: 7036

Message: Le service Gestion d'applications est entré dans l'état : arrêté.

 

Record Number: 24218

Source Name: Service Control Manager

Time Written: 20091230095355.000000+060

Event Type: Informations

User:

 

Computer Name: JUDITH

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

 

Record Number: 24217

Source Name: Service Control Manager

Time Written: 20091230095355.000000+060

Event Type: Informations

User: JUDITH\LASRY

 

Computer Name: JUDITH

Event Code: 7023

Message: Le service Gestion d'applications s'est arrêté avec l'erreur :

Le module spécifié est introuvable.

 

 

Record Number: 24216

Source Name: Service Control Manager

Time Written: 20091230095355.000000+060

Event Type: erreur

User:

 

Computer Name: JUDITH

Event Code: 7036

Message: Le service Gestion d'applications est entré dans l'état : arrêté.

 

Record Number: 24215

Source Name: Service Control Manager

Time Written: 20091230095355.000000+060

Event Type: Informations

User:

 

Computer Name: JUDITH

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

 

Record Number: 24214

Source Name: Service Control Manager

Time Written: 20091230095355.000000+060

Event Type: Informations

User: JUDITH\LASRY

 

=====Application event log=====

 

Computer Name: JUDITH

Event Code: 32068

Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.

Code de pays/région : '*'

Indicatif régional : '*'

 

Record Number: 5735

Source Name: Microsoft Fax

Time Written: 20081219092250.000000+060

Event Type: Avertissement

User:

 

Computer Name: JUDITH

Event Code: 32026

Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).

Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

 

Record Number: 5734

Source Name: Microsoft Fax

Time Written: 20081219092250.000000+060

Event Type: Avertissement

User:

 

Computer Name: JUDITH

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 5733

Source Name: SecurityCenter

Time Written: 20081219092250.000000+060

Event Type: Informations

User:

 

Computer Name: JUDITH

Event Code: 0

Message:

Record Number: 5732

Source Name: Acer Media Server

Time Written: 20081219092235.000000+060

Event Type: Informations

User:

 

Computer Name: JUDITH

Event Code: 4096

Message:

Record Number: 5731

Source Name: Avira AntiVir

Time Written: 20081219092227.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2f02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[Thanos]

salut

 

Ok il y encore du nettoyage à faire =>

 

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Activer Antivir Guard le temps de faire le scan qui va suivre =>

 

• Fais un clic sur le bouton droit de ta souris ICI
  
• Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  
• Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> amy5770.exe
  
• Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  
• Assure toi que tous les programmes soient fermés avant de lancer le fix!
  
• Fait un double clique sur amy5770.exe.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  
• Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
  

 

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

 

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:

• Tape sur la touche Y (Yes) pour poursuivre avec la recherche de nuisibles.
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  
• Si le rapport est trop long, poste le en deux fois.
  
• Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt
  

[amy5770]

super ! tout semble remarcher !!! (j'ai la fonction recherche qui remarche et wmv11 aussi )

 

voici le rapport combofix

 

ComboFix 10-05-10.03 - LASRY 11/05/2010 14:17:23.1.1 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.606 [GMT 2:00]

Lancé depuis: c:\documents and settings\LASRY\Bureau\amy5770.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LASRY\Local Settings\Application Data\Kosong.Bron.Tok.txt

C:\LOG12.tmp

C:\LOG1D.tmp

C:\LOG1E.tmp

C:\LOG28.tmp

C:\LOG29.tmp

C:\LOG38.tmp

C:\LOG5.tmp

C:\LOG6.tmp

C:\LOG7.tmp

C:\LOG98.tmp

C:\LOG99.tmp

c:\windows\system32\winspool.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-04-11 au 2010-05-11 ))))))))))))))))))))))))))))))))))))

.

 

2010-05-05 15:28 . 2010-05-05 15:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\TeamViewer

2010-05-03 19:19 . 2010-05-03 19:19 -------- d-----w- C:\RESPBKUP

2010-05-03 18:58 . 2010-05-03 18:58 -------- d-----w- c:\program files\trend micro

2010-05-03 18:58 . 2010-05-03 18:58 -------- d-----w- C:\rsit

2010-05-03 18:08 . 2010-05-03 18:09 -------- d-----w- c:\documents and settings\LASRY\Application Data\Malwarebytes

2010-05-03 18:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-03 18:08 . 2010-05-03 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-03 18:08 . 2010-05-03 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-03 18:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-29 12:19 . 2010-04-29 12:19 -------- d-----w- c:\program files\ResponsaCD17b

2010-04-29 12:00 . 2010-04-29 12:00 388096 ----a-r- c:\documents and settings\LASRY\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-04-29 12:00 . 2010-04-29 12:00 -------- d-----w- c:\program files\hijack

2010-04-29 11:57 . 2010-04-29 11:57 -------- d-----w- c:\program files\WMV9_VCM

2010-04-29 11:51 . 2010-04-29 11:51 -------- d-----w- c:\program files\CCleaner

2010-04-27 17:17 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-04-27 17:17 . 2010-04-27 17:17 47328 ----a-r- c:\documents and settings\LASRY\Application Data\Microsoft\Installer\{D416E000-D999-470A-BCAC-98E717CC1AFC}\ARPPRODUCTICON.exe

2010-04-27 17:17 . 2010-04-27 17:17 334048 ----a-r- c:\documents and settings\LASRY\Application Data\Microsoft\Installer\{D416E000-D999-470A-BCAC-98E717CC1AFC}\NewShortcut2_439CCEF89767436AB00754ACFDCFF417.exe

2010-04-27 17:17 . 2010-04-27 17:17 -------- d-----w- c:\program files\VirginMega

2010-04-27 17:17 . 2010-04-27 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

2010-04-27 17:15 . 2010-04-27 17:15 -------- d-----w- c:\program files\Windows Media Connect 2

2010-04-27 17:14 . 2010-04-27 17:14 -------- d-----w- c:\windows\system32\drivers\UMDF

2010-04-27 17:14 . 2010-04-27 17:14 -------- d-----w- c:\windows\system32\LogFiles

2010-04-20 19:10 . 2010-04-20 19:10 -------- d-----w- C:\DBS

2010-04-19 18:05 . 2010-04-19 18:06 -------- d-----w- C:\?? ????

2010-04-19 17:47 . 2010-04-19 17:47 -------- d-----w- c:\program files\Winamp

2010-04-19 17:47 . 2010-04-19 17:47 -------- d-----w- c:\documents and settings\LASRY\Application Data\Winamp

2010-04-18 08:18 . 2010-04-18 08:18 -------- d-----w- c:\documents and settings\LASRY\temp

2010-04-15 08:34 . 2010-04-15 08:34 -------- d-----w- C:\Shuki_II

2010-04-14 17:46 . 2010-04-14 17:46 -------- d-----w- c:\documents and settings\LASRY\Local Settings\Application Data\mywebsites.pro-FR

2010-04-14 17:46 . 2010-04-14 17:46 -------- d-----w- c:\program files\mywebsites.pro-FR

2010-04-14 17:23 . 2010-05-05 15:42 57344 ----a-w- c:\windows\system32\HCPS98Tool.dll

2010-04-14 17:23 . 2010-05-05 15:42 131072 ----a-w- c:\windows\system32\HCPSTool.dll

2010-04-14 17:23 . 2010-04-14 17:23 303104 ----a-w- c:\windows\system32\HCPSMng.exe

2010-04-13 09:32 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\program files\free-downloads.net

2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\program files\Conduit

2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\documents and settings\LASRY\Local Settings\Application Data\free-downloads.net

2010-04-13 09:22 . 2010-04-13 09:22 -------- d-----w- c:\documents and settings\LASRY\Local Settings\Application Data\Conduit

2010-04-13 09:22 . 2010-01-20 10:16 52224 ----a-w- c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll

2010-04-13 09:22 . 2010-01-20 10:16 101376 ----a-w- c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll

2010-04-13 09:21 . 2010-04-13 09:21 -------- d-----w- c:\program files\Alcohol Soft

2010-04-13 09:18 . 2010-04-13 09:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-04-13 09:13 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-04-13 08:58 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-04-13 08:33 . 2010-04-13 08:33 -------- d-----w- c:\program files\ResponsaCD17

2010-04-13 08:26 . 2010-04-13 08:26 -------- d-----w- c:\documents and settings\LASRY\Application Data\Creative

2010-04-13 08:23 . 2010-04-13 08:23 -------- d-----w- c:\program files\Creative

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-20 19:20 . 2005-01-23 10:37 86862 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-20 19:20 . 2005-01-23 10:37 515380 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-09 12:46 . 2010-04-09 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2010-04-09 12:22 . 2010-04-09 12:22 -------- d-----w- c:\program files\SMC

2010-04-08 08:26 . 2008-03-28 10:13 110 ----a-w- c:\windows\CRUNX.BIN

2010-03-16 10:19 . 2007-05-20 10:20 69328 ----a-w- c:\documents and settings\STAGE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-16 10:19 . 2007-06-13 06:34 502 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données Communes\pdf.dll

2010-03-11 12:34 . 2005-07-03 01:16 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:34 . 2004-08-05 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:34 . 2004-08-05 03:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:10 . 2004-08-05 03:00 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-24 13:11 . 2005-01-19 03:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 12:07 . 2005-03-02 17:08 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2005-03-02 17:07 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2004-08-05 03:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-05 03:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2008-02-28 12:30 . 2008-06-22 11:13 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2008-02-28 12:33 . 2008-06-22 11:13 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]

"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]

2009-11-09 16:38 2331672 ----a-w- c:\program files\mywebsites.pro-FR\tbmywe.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

2009-12-31 09:53 2349080 ----a-w- c:\program files\free-downloads.net\tbfree.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]

"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]

"{33727F97-486D-4D19-97C3-23F432EF93FC}"= "c:\program files\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WATCHPNP_Xerox"="watchPnp.exe Xerox" [X]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]

"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-01-19 110592]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"\\Lasry-ath\EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-22 28672]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Num‚risation PC.lnk - c:\windows\ScanToPc.exe [2008-10-29 57344]

SMCWUSB-G 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-6-26 610304]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\MSMSGS.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=

"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [07/10/2009 13:50 185640]

R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [09/04/2010 15:20 7424]

R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [09/04/2010 15:20 170368]

R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [11/04/2008 20:52 722432]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/04/2010 11:18 691696]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 11:12 25088]

S3 V0350Afx;Creative Camera VF0350 Audio Effects Driver;c:\windows\system32\drivers\V0350Afx.sys [09/04/2010 15:20 160768]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uStart Page = hxxp://myhomewebs.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://myhomewebs.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Tout télécharger avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlall.htm

IE: Télécharger avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dllink.htm

IE: Télécharger la sélection avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlselected.htm

IE: Télécharger la vidéo avec Free Download Manager - file://c:\documents and settings\LASRY\Bureau\DEBORAH\ECOLE\doc\Free Download Manager\dlfvideo.htm

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=

FF - component: c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\LASRY\Application Data\Mozilla\Firefox\Profiles\54vjea42.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-Cobian Backup 9 - c:\program files\Cobian Backup 9\Cobian.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-11 14:22

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Heure de fin: 2010-05-11 14:24:02

ComboFix-quarantined-files.txt 2010-05-11 12:24

 

Avant-CF: 42 025 746 432 octets libres

Après-CF: 42 203 316 224 octets libres

 

- - End Of File - - C39A1223D92A1F6A5066026DFDCFEE39

 

 

 

MERCI BCP !!!!!!

[Thanos]

salut

 

Mes excuses pour cette réponse tardive amy5770 !!

 

Comment fonctionne le pc ?

 

On va faire un dernier scan si tu veux bien pour s'assurer qu'il n'y a pas d'infection qui s'attaque aux supports amovibles =>

 

Télecharge et installe UsbFix de C_XX & Chiquitine29

 

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, carte mémoire APN etc...) susceptibles d avoir été infectées sans les ouvrir
  
• Double clique sur le raccourci UsbFix présent sur ton bureau .
  
• Choisis option 1 ( Recherche ) et laisse travailler l outil.
  
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
  

 

Notes :

 

- Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

- Le processus "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.