[Résolu] Publicités intempestives internet explorer
Forum Sécurité - Virus : [Résolu] Publicités intempestives internet explorer
Bonjour,
Je reçoit des fenetres publicitaires s'ouvrant avec ie. J'utilise uniquement Firefox comme navigateur mais je crois qu'il ne faut pas désinstaller ie.
Je suis sous vista premium.
Que puis je faire pour irradiquer ça ?
Message édité par renaud_33 le 27-02-2009 à 19:58:58
Salut,
Il faut déjà identifier l'infection.
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
Quelle rapidité ! Je suis impressioné. Merci en tout cas.
Voila le rapport log.txt :
Logfile of random's system information tool 1.05 (written by random/random)
Run by ReNo at 2009-02-27 16:53:17
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 32 GB (32%) free of 102 GB
Total RAM: 2046 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:57, on 27/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\ReNo\Desktop\RSIT.exe
C:\Program Files\trend micro\ReNo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [trustfast] "C:\ProgramData\NURB JUNK JUNK.60m8vlu"
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\proc flaw jump.ychd0su"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12170 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-25 1062184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-18 815104]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-04-24 240640]
"ECenter"=c:\dell\E-Center\EULALauncher.exe [2006-11-17 17920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-03 959976]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-04 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-04 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-04 81920]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-10-04 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe []
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-03-10 171448]
"trustfast"=C:\ProgramData\NURB JUNK JUNK.60m8vlu [2009-02-26 114704]
"Itch ford four knob"=C:\ProgramData\proc flaw jump.ychd0su [2009-02-26 12304]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd246fd-14d3-11dc-bd78-0019b96ba7ac}]
shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ee533c4-2f41-11dc-93c5-0019b96ba7ac}]
shell\AutoRun\command - F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3785a065-c825-11dd-90ad-0019b96ba7ac}]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f8d54-8c45-11dc-a484-0019b96ba7ac}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}]
shell\AutoRun\command - I:\t.com
shell\explore\command - I:\t.com
shell\open\command - I:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc6ffd2-519b-11dc-b71e-0019b96ba7ac}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734c90e8-df09-11dd-84ef-0019b96ba7ac}]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}]
shell\AutoRun\command - H:\yannh.cmd
shell\explore\command - H:\yannh.cmd
shell\open\command - H:\yannh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}]
shell\AutoRun\command - H:\t.com
shell\explore\command - H:\t.com
shell\open\command - H:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde995dd-30b7-11dd-94e8-0019b96ba7ac}]
shell\AutoRun\command - I:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}]
shell\AutoRun\command - I:\t.com
shell\explore\command - I:\t.com
shell\open\command - I:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}]
shell\AutoRun\command - F:\t.com
shell\explore\command - F:\t.com
shell\open\command - F:\t.com
======List of files/folders created in the last 1 months======
2009-02-27 16:53:20 ----D---- C:\Program Files\trend micro
2009-02-27 16:53:17 ----D---- C:\rsit
2009-02-26 16:41:29 ----D---- C:\ProgramData\third lies itch ford
2009-02-26 16:40:56 ----D---- C:\ProgramData\uploadregs
2009-02-26 16:40:42 ----D---- C:\Program Files\TorrentSpeeder
2009-02-26 07:19:36 ----A---- C:\Windows\system32\NCTWMAFile.dll
2009-02-26 07:19:35 ----A---- C:\Windows\system32\NCTAudioFile.dll
2009-02-26 07:19:35 ----A---- C:\Windows\system32\lame_enc.dll
2009-02-26 07:19:34 ----A---- C:\Windows\system32\faq.txt
2009-02-26 07:19:26 ----D---- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2009-02-25 23:58:52 ----D---- C:\ProgramData\AVS4YOU
2009-02-25 23:58:50 ----D---- C:\Users\ReNo\AppData\Roaming\AVS4YOU
2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files\AVSMedia
2009-02-25 23:58:18 ----A---- C:\Windows\system32\msxml3a.dll
2009-02-25 23:58:18 ----A---- C:\Windows\system32\msvcp70.dll
2009-02-25 23:58:18 ----A---- C:\Windows\system32\cc3270mt.dll
2009-02-25 23:58:17 ----D---- C:\Program Files\AVS4YOU
2009-02-25 21:18:03 ----A---- C:\Windows\system32\msvcr70.dll
2009-02-23 23:40:12 ----D---- C:\ProgramData\ALM
2009-02-23 22:05:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-02-23 20:51:37 ----AD---- C:\Adobe suite
2009-02-15 17:39:17 ----D---- C:\Users\ReNo\AppData\Roaming\vlc
2009-02-15 17:39:15 ----D---- C:\Program Files\adslTV
2009-02-15 10:15:14 ----A---- C:\Windows\system32\EncDec.dll
2009-02-15 10:15:11 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-11 22:40:56 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 22:40:55 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 22:40:53 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 22:40:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 22:40:51 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 22:40:50 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 22:40:48 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 22:40:45 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-11 19:17:00 ----D---- C:\Program Files\CCleaner
2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
2009-01-31 11:49:39 ----A---- C:\Windows\system32\avgrsstx.dll
======List of files/folders modified in the last 1 months======
2009-02-27 16:53:24 ----D---- C:\Windows\Temp
2009-02-27 16:53:20 ----RD---- C:\Program Files
2009-02-27 16:52:49 ----D---- C:\Windows\Internet Logs
2009-02-27 16:46:41 ----D---- C:\Users\ReNo\AppData\Roaming\Skype
2009-02-27 16:05:15 ----SHD---- C:\System Volume Information
2009-02-27 15:48:34 ----D---- C:\MDT
2009-02-27 07:52:40 ----D---- C:\Windows\Debug
2009-02-27 07:52:40 ----D---- C:\Windows
2009-02-27 07:48:47 ----HD---- C:\ProgramData
2009-02-26 23:13:21 ----HD---- C:\$AVG8.VAULT$
2009-02-26 20:18:36 ----SHD---- C:\Windows\Installer
2009-02-26 18:20:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-26 16:40:48 ----D---- C:\Windows\system32\Tasks
2009-02-26 07:19:36 ----D---- C:\Windows\System32
2009-02-26 07:16:58 ----D---- C:\Users\ReNo\AppData\Roaming\utorrent
2009-02-25 23:58:45 ----D---- C:\Program Files\Mozilla Firefox
2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files
2009-02-25 21:02:25 ----RSD---- C:\Windows\assembly
2009-02-25 20:43:16 ----D---- C:\Windows\system32\catroot2
2009-02-24 08:01:30 ----D---- C:\Users\ReNo\AppData\Roaming\Adobe
2009-02-23 23:47:32 ----D---- C:\Program Files\Common Files\Adobe
2009-02-23 23:45:19 ----D---- C:\Program Files\Adobe
2009-02-23 22:27:41 ----D---- C:\Windows\winsxs
2009-02-23 22:22:52 ----D---- C:\ProgramData\Adobe
2009-02-23 17:51:17 ----D---- C:\Windows\Prefetch
2009-02-21 08:05:39 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-20 18:13:48 ----D---- C:\Windows\inf
2009-02-20 18:13:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-17 17:26:43 ----D---- C:\Windows\Downloaded Installations
2009-02-15 23:27:40 ----D---- C:\Windows\Microsoft.NET
2009-02-15 23:27:24 ----D---- C:\Windows\ehome
2009-02-15 21:35:52 ----D---- C:\Program Files\Messenger Plus! Live
2009-02-15 10:06:42 ----D---- C:\Windows\system32\catroot
2009-02-11 23:45:10 ----D---- C:\ProgramData\Microsoft Help
2009-02-11 23:44:12 ----D---- C:\Program Files\Windows Mail
2009-02-11 19:32:42 ----D---- C:\Windows\Minidump
2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-01-31 11:50:14 ----D---- C:\Windows\system32\drivers
2009-01-31 11:21:14 ----D---- C:\ProgramData\avg8
2009-01-28 18:15:50 ----D---- C:\ProgramData\ma-config.com
2009-01-28 18:15:50 ----D---- C:\Program Files\ma-config.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9432]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192]
R3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 7628608]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-18 179256]
R3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2007-07-18 154784]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 axf7u4h7;axf7u4h7; C:\Windows\system32\drivers\axf7u4h7.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-01-24 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Pilote de la connexion réseau Intel(R) PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-05 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-04 537480]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe []
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-23 654848]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-04-24 81408]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
-----------------EOF-----------------
Et le info.txt
info.txt logfile of random's system information tool 1.05 2009-02-27 16:54:05
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c
µTorrent 1.6 (Build 474)-->C:\Program Files\utorrent\Uninstal.exe
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
926plv32-->MsiExec.exe /I{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACE-HIGH MP3 WAV WMA OGG Converter-->C:\PROGRA~1\ACE-HI~1\UNWISE.EXE C:\PROGRA~1\ACE-HI~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Assistant Personnalisation du systéme Dell-->MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Creative Live! Cam Vista IM Driver (1.11.02.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c /remove
Dell Fax PC-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guide de l'utilisateur-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel PROSet Wireless-->Intel PROSet Wireless
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Manuel d'utilisation de Creative Live! Cam Vista IM (Français)-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Creative\Creative Live! Cam Vista IM\Manuel d'utilisation de Creative Live! Cam Vista IM\French\CTManual.isu"
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x40c -cluninstall
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyScript Notes for DANE-ELEC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}\setup.exe" -l0x40c -removeonly
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de diagnostic de modem-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_5929.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Pro Evolution Soccer 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{85C3FA3C-4832-4204-B21E-168E4920936A} /l1036
QuickSet-->MsiExec.exe /I{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Worms Armageddon-->C:\Windows\IsUninst.exe -f"c:\Team17\Worms Armageddon\Uninst.isu"
Zattoo 3.3.1 Beta-->C:\Program Files\Zattoo\uninst.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Security center information======
AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
System event log
Computer Name: NeNeO
Event Code: 7036
Message: Le service Fournisseur de cliché instantané de logiciel Microsoft est entré dans l'état : arrêté.
Record Number: 204226
Source Name: Service Control Manager
Time Written: 20090227150235.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 7036
Message: Le service Programme d’installation de modules Windows est entré dans l'état : arrêté.
Record Number: 204227
Source Name: Service Control Manager
Time Written: 20090227150238.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 33
Message: L'ancien cliché instantané du volume C: a été abandonné pour conserver l'utilisation d'espace disque pour les clichés instantanés de volume C: sous la limite définie par l'utilisateur.
Record Number: 204228
Source Name: volsnap
Time Written: 20090227150514.988254-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 7036
Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté.
Record Number: 204229
Source Name: Service Control Manager
Time Written: 20090227151056.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 7036
Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution.
Record Number: 204230
Source Name: Service Control Manager
Time Written: 20090227154609.000000-000
Event Type: Information
User:
Application event log
Computer Name: NeNeO
Event Code: 1
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 47641
Source Name: SecurityCenter
Time Written: 20090227145044.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 102
Message: InputPersonalization (4776) InkStore: Le moteur de la base de données (6.00.6001.0000) a démarré une nouvelle instance (0).
Record Number: 47642
Source Name: ESENT
Time Written: 20090227145100.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 8194
Message: Point de restauration correctement créé (Processus = C:\Windows\system32\svchost.exe -k netsvcs ; Description = Windows Update).
Record Number: 47643
Source Name: System Restore
Time Written: 20090227145520.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 8194
Message: Point de restauration correctement créé (Processus = C:\Windows\system32\svchost.exe -k netsvcs ; Description = Windows Update).
Record Number: 47644
Source Name: System Restore
Time Written: 20090227145550.000000-000
Event Type: Information
User:
Computer Name: NeNeO
Event Code: 8224
Message: Le service VSS s’arrête, car le délai d’inactivité est dépassé.
Record Number: 47645
Source Name: VSS
Time Written: 20090227145934.000000-000
Event Type: Information
User:
Security event log
Computer Name: NeNeO
Event Code: 4647
Message: Fermeture de session initiée par l’utilisateur :
Sujet :
ID de sécurité : S-1-5-21-4173803271-3975576253-2691326889-1000
Nom du compte : ReNo
Domaine du compte : NeNeO
ID d’ouverture de session : 0x66037
Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
Record Number: 42233
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081015125703.307846-000
Event Type: Succès de l'audit
User:
Computer Name: NeNeO
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : NENEO$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x2c4
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 42234
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081015125705.663446-000
Event Type: Succès de l'audit
User:
Computer Name: NeNeO
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : NENEO$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x2c4
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 42235
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081015125705.663446-000
Event Type: Succès de l'audit
User:
Computer Name: NeNeO
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4
Infection Lop (Pubs CiD).
- Désactive l'UAC le temps de la désinfection.
- Télécharge Lop S&D sur ton Bureau.
- Double-clique dessus pour lancer l'installation.
- Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
- Patiente jusqu'à la fin du scan.
- Poste le rapport généré (C:\lopR.txt).
Le voila :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A14
USER : ReNo ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total:99 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/02/2009|17:27 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[22/08/2008|22:47] C:\Users\ReNo\AppData\Local\Adobe
[12/09/2008|17:03] C:\Users\ReNo\AppData\Local\Apple
[05/10/2008|21:38] C:\Users\ReNo\AppData\Local\Apple Computer
[27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Application Data
[02/10/2008|11:57] C:\Users\ReNo\AppData\Local\d3d9caps.dat
[20/02/2009|21:00] C:\Users\ReNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[18/08/2008|23:26] C:\Users\ReNo\AppData\Local\GDIPFONTCACHEV1.DAT
[27/04/2007|17:40] C:\Users\ReNo\AppData\Local\Google
[27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Historique
[27/02/2009|17:15] C:\Users\ReNo\AppData\Local\IconCache.db
[23/11/2008|15:45] C:\Users\ReNo\AppData\Local\Installer1512
[23/11/2008|15:29] C:\Users\ReNo\AppData\Local\Installer5508
[27/04/2007|17:39] C:\Users\ReNo\AppData\Local\MediaDirect
[25/12/2008|22:58] C:\Users\ReNo\AppData\Local\Microsoft
[27/05/2007|11:38] C:\Users\ReNo\AppData\Local\Microsoft Games
[12/08/2008|14:59] C:\Users\ReNo\AppData\Local\Microsoft Help
[23/08/2008|12:42] C:\Users\ReNo\AppData\Local\MicroVision Applications
[04/10/2007|16:44] C:\Users\ReNo\AppData\Local\Mozilla
[12/05/2007|10:27] C:\Users\ReNo\AppData\Local\Powercinema
[06/05/2007|21:29] C:\Users\ReNo\AppData\Local\Protexis
[13/03/2008|19:17] C:\Users\ReNo\AppData\Local\PunkBuster
[23/02/2008|15:46] C:\Users\ReNo\AppData\Local\SupportSoft
[27/02/2009|17:25] C:\Users\ReNo\AppData\Local\Temp
[27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Temporary Internet Files
[19/05/2007|16:39] C:\Users\ReNo\AppData\Local\VirtualStore
[02/06/2008|20:11] C:\Users\ReNo\AppData\Local\Xenocode
[08/02/2009|18:55] C:\Users\ReNo\AppData\Local\Zattoo
[10/11/2008|14:04] C:\Users\ReNo\AppData\Local\ZattooPlayer
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[27/02/2009 07:39][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job
[27/02/2009 17:18][--ah-----] C:\Windows\tasks\SA.DAT
[27/02/2009 17:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[21/12/2008|20:49] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[23/02/2009|22:22] C:\ProgramData\Adobe
[23/02/2009|23:40] C:\ProgramData\ALM
[25/12/2008|22:58] C:\ProgramData\AppData
[09/09/2007|18:21] C:\ProgramData\Apple
[09/09/2007|18:29] C:\ProgramData\Apple Computer
[27/04/2007|14:50] C:\ProgramData\Application Data
[31/01/2009|11:21] C:\ProgramData\avg8
[25/02/2009|23:58] C:\ProgramData\AVS4YOU
[27/04/2007|14:50] C:\ProgramData\Bureau
[02/08/2008|10:03] C:\ProgramData\CheckPoint
[24/04/2007|01:21] C:\ProgramData\Corel
[24/04/2007|01:35] C:\ProgramData\CyberLink
[26/02/2008|15:35] C:\ProgramData\Dell
[02/06/2007|22:17] C:\ProgramData\DellFaxCtr
[27/04/2007|14:50] C:\ProgramData\Documents
[11/07/2007|18:41] C:\ProgramData\eMule
[27/04/2007|14:50] C:\ProgramData\Favoris
[19/08/2008|10:32] C:\ProgramData\FLEXnet
[24/04/2007|01:34] C:\ProgramData\Google
[24/04/2007|01:28] C:\ProgramData\Gtek
[24/04/2007|01:24] C:\ProgramData\InstallShield
[15/05/2008|18:53] C:\ProgramData\Intel
[05/06/2008|17:37] C:\ProgramData\Lavasoft
[03/01/2008|17:22] C:\ProgramData\LogiShrd
[28/01/2009|18:15] C:\ProgramData\ma-config.com
[05/03/2008|00:51] C:\ProgramData\McNeel
[27/04/2007|14:50] C:\ProgramData\Menu D‚marrer
[26/09/2007|18:37] C:\ProgramData\Messenger Plus!
[21/12/2008|18:01] C:\ProgramData\Microsoft
[11/02/2009|23:45] C:\ProgramData\Microsoft Help
[27/04/2007|14:50] C:\ProgramData\ModŠles
[26/02/2009|16:40] C:\ProgramData\NURB JUNK JUNK.60m8vlu
[26/02/2009|16:40] C:\ProgramData\NURB JUNK JUNK.xruzlrk
[11/10/2008|22:56] C:\ProgramData\NVIDIA
[08/05/2008|12:40] C:\ProgramData\Office Genuine Advantage
[26/02/2009|16:41] C:\ProgramData\proc flaw jump.ychd0su
[15/05/2008|18:54] C:\ProgramData\Roaming
[23/08/2008|12:42] C:\ProgramData\Roxio
[05/10/2007|20:03] C:\ProgramData\Skyline
[01/09/2007|14:00] C:\ProgramData\Skype
[24/04/2007|01:24] C:\ProgramData\Sonic
[02/06/2007|22:17] C:\ProgramData\SPL55BB.tmp
[02/06/2007|22:16] C:\ProgramData\SPL63D7.tmp
[02/06/2007|22:23] C:\ProgramData\SPLC456.tmp
[23/02/2008|15:42] C:\ProgramData\SupportSoft
[25/07/2008|18:08] C:\ProgramData\Symantec
[26/02/2009|16:41] C:\ProgramData\third lies itch ford
[26/02/2009|16:41] C:\ProgramData\uploadregs
[12/10/2008|23:45] C:\ProgramData\WindowsSearch
[10/03/2008|15:55] C:\ProgramData\WinZip
[13/03/2008|21:01] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[02/06/2007|22:16] C:\Program Files\Abbyy FineReader 6.0 Sprint
[26/02/2009|07:19] C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
[25/01/2009|09:00] C:\Program Files\Activision
[23/02/2009|23:45] C:\Program Files\Adobe
[15/02/2009|18:09] C:\Program Files\adslTV
[15/05/2007|15:01] C:\Program Files\Ahead
[06/05/2007|17:50] C:\Program Files\Alwil Software
[12/09/2008|17:03] C:\Program Files\Apple Software Update
[12/10/2007|16:43] C:\Program Files\Atari
[31/10/2008|18:17] C:\Program Files\AVG
[26/02/2009|18:53] C:\Program Files\AVS4YOU
[24/04/2007|01:33] C:\Program Files\BAE
[21/12/2008|20:46] C:\Program Files\Bonjour
[30/10/2008|18:28] C:\Program Files\Broadcom
[11/02/2009|19:17] C:\Program Files\CCleaner
[26/10/2008|19:34] C:\Program Files\Cisco
[25/02/2009|23:58] C:\Program Files\Common Files
[24/04/2007|00:57] C:\Program Files\CONEXANT
[08/09/2007|19:41] C:\Program Files\Creative
[24/04/2007|01:35] C:\Program Files\CyberLink
[11/07/2007|00:57] C:\Program Files\DAEMON Tools
[02/06/2007|22:18] C:\Program Files\Dell
[02/06/2007|22:18] C:\Program Files\Dell PC Fax
[02/06/2007|22:18] C:\Program Files\Dell Photo AIO Printer 926
[23/02/2008|15:41] C:\Program Files\Dell Support Center
[24/04/2007|01:27] C:\Program Files\DellSupport
[24/04/2007|01:18] C:\Program Files\Digital Line Detect
[11/07/2007|15:22] C:\Program Files\Direct X
[25/01/2009|09:00] C:\Program Files\EA GAMES
[27/04/2007|14:50] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[11/03/2008|19:55] C:\Program Files\Google
[02/06/2008|20:15] C:\Program Files\InstallShield Installation Information
[26/10/2008|19:34] C:\Program Files\Intel
[11/10/2008|10:14] C:\Program Files\Internet Explorer
[21/12/2008|20:49] C:\Program Files\iPod
[25/01/2009|09:00] C:\Program Files\IrfanView
[21/12/2008|20:49] C:\Program Files\iTunes
[05/12/2008|12:36] C:\Program Files\Java
[07/04/2008|16:17] C:\Program Files\KONAMI
[05/06/2008|17:37] C:\Program Files\Lavasoft
[28/01/2009|18:15] C:\Program Files\ma-config.com
[10/03/2008|17:25] C:\Program Files\Ma‹do Production
[04/07/2007|10:57] C:\Program Files\Media Player Classic
[15/02/2009|21:35] C:\Program Files\Messenger Plus! Live
[21/12/2008|18:11] C:\Program Files\Microsoft
[02/03/2008|08:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[15/05/2007|17:45] C:\Program Files\Microsoft Money 2005
[27/04/2007|18:46] C:\Program Files\Microsoft Office
[26/02/2009|18:20] C:\Program Files\Microsoft Silverlight
[27/04/2007|18:46] C:\Program Files\Microsoft Visual Studio
[27/04/2007|18:43] C:\Program Files\Microsoft Visual Studio 8
[15/09/2008|08:51] C:\Program Files\Microsoft Works
[27/04/2007|18:45] C:\Program Files\Microsoft.NET
[01/12/2007|09:15] C:\Program Files\mIRC
[24/04/2007|01:17] C:\Program Files\Modem Diagnostic Tool
[11/10/2008|10:14] C:\Program Files\Movie Maker
[27/02/2009|17:22] C:\Program Files\Mozilla Firefox
[27/04/2007|18:46] C:\Program Files\MSBuild
[27/04/2007|18:15] C:\Program Files\MSECache
[24/04/2007|01:12] C:\Program Files\MSXML 4.0
[24/04/2007|01:16] C:\Program Files\NetWaiting
[19/11/2008|22:30] C:\Program Files\PDFCreator
[19/11/2008|22:30] C:\Program Files\PDFCreator Toolbar
[04/07/2007|12:25] C:\Program Files\Player Tool
[21/12/2008|20:46] C:\Program Files\QuickTime
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0
[25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0 Evaluation
[28/05/2007|09:01] C:\Program Files\Roxio
[24/04/2007|01:15] C:\Program Files\SigmaTel
[05/10/2007|20:03] C:\Program Files\Skyline
[01/09/2007|14:00] C:\Program Files\Skype
[19/01/2009|10:55] C:\Program Files\SpeedSim
[24/04/2007|08:51] C:\Program Files\Synaptics
[13/03/2008|17:26] C:\Program Files\SystemRequirementsLab
[26/02/2009|16:40] C:\Program Files\TorrentSpeeder
[27/02/2009|16:53] C:\Program Files\trend micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[10/03/2008|16:52] C:\Program Files\utorrent
[04/07/2007|16:13] C:\Program Files\VideoLAN
[02/06/2008|20:15] C:\Program Files\Vision Objects
[11/10/2008|10:14] C:\Program Files\Windows Calendar
[11/10/2008|10:14] C:\Program Files\Windows Collaboration
[11/10/2008|10:14] C:\Program Files\Windows Defender
[11/10/2008|10:14] C:\Program Files\Windows Journal
[21/12/2008|18:09] C:\Program Files\Windows Live
[21/12/2008|18:09] C:\Program Files\Windows Live SkyDrive
[11/02/2009|23:44] C:\Program Files\Windows Mail
[01/11/2008|18:37] C:\Program Files\Windows Media Player
[27/04/2007|14:50] C:\Program Files\Windows NT
[11/10/2008|10:14] C:\Program Files\Windows Photo Gallery
[11/10/2008|10:14] C:\Program Files\Windows Sidebar
[11/03/2008|19:55] C:\Program Files\WinRAR
[10/11/2008|13:52] C:\Program Files\Zattoo
[02/08/2008|10:46] C:\Program Files\Zone Labs
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[23/02/2009|23:47] C:\Program Files\Common Files\Adobe
[13/05/2007|21:26] C:\Program Files\Common Files\Ahead
[21/12/2008|20:49] C:\Program Files\Common Files\Apple
[26/02/2009|18:53] C:\Program Files\Common Files\AVSMedia
[27/04/2007|18:46] C:\Program Files\Common Files\DESIGNER
[05/08/2007|17:43] C:\Program Files\Common Files\InstallShield
[26/10/2008|19:34] C:\Program Files\Common Files\Intel
[24/04/2007|01:13] C:\Program Files\Common Files\Java
[03/01/2008|17:25] C:\Program Files\Common Files\LogiShrd
[23/02/2009|22:05] C:\Program Files\Common Files\Macrovision Shared
[05/03/2008|00:51] C:\Program Files\Common Files\McNeel Shared
[21/02/2009|08:05] C:\Program Files\Common Files\microsoft shared
[24/04/2007|01:24] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[01/09/2007|14:00] C:\Program Files\Common Files\Skype
[24/04/2007|01:26] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[23/02/2008|15:40] C:\Program Files\Common Files\supportsoft
[24/04/2007|01:24] C:\Program Files\Common Files\SureThing Shared
[25/07/2008|19:53] C:\Program Files\Common Files\Symantec Shared
[11/10/2008|10:14] C:\Program Files\Common Files\System
[21/12/2008|18:01] C:\Program Files\Common Files\Windows Live
[13/03/2008|21:05] C:\Program Files\Common Files\WindowsLiveInstaller
[05/06/2008|17:36] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 77 Processes )
iexplore.exe ~ [PID:3288]
iexplore.exe ~ [PID:3404]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\NURB JUNK JUNK.60m8vlu
C:\ProgramData\NURB JUNK JUNK.xruzlrk
C:\ProgramData\proc flaw jump.ychd0su
C:\Users\ReNo\AppData\Local\Temp\bis14A9.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\ProgramData\third lies itch ford
C:\ProgramData\third lies itch ford\Trans Clock.dat
C:\ProgramData\third lies itch ford\Trans Clock.exe
C:\Users\ReNo\AppData\Local\Temp\TorrentSpeeder.zip
C:\Users\ReNo\AppData\Local\Temp\minime.exe
C:\Users\ReNo\AppData\Local\Temp\HtmlControl.dll
C:\Program Files\TorrentSpeeder
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"trustfast"="\"C:\\ProgramData\\NURB JUNK JUNK.60m8vlu\""
"Itch ford four knob"="\"C:\\ProgramData\\proc flaw jump.ychd0su\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 17:27:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\ReNo\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden files: 521
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\ReNo\AppData\Roaming\utorrent\civ4patch109plusnodvdcdcrack.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Civilization 4 IV + Warlords expansion + 1.61 + 2.08 update + nocd crack civ4 civIV.rar.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Civilization IV 1.61 Update + Crack - PCGAME.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Civilization.IV.Full.PLUS.Crack.WEBSEED.zip.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Pro.Cycling.Manager.2008-RELOADED - CRACK ONLY.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\rhino 3D v3.0 + crack + patch fr.rar.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\rld-cbts-crack.only-uolamer.rar.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Winrar 3.71 French + Keygen.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\[NewTorrents.info]_Civilization.IV.v1.52.CRACK.ONLY-RELOADED.torrent
[F:420][D:22]-> C:\Users\ReNo\AppData\Local\Temp
[F:43][D:1]-> C:\Users\ReNo\AppData\Roaming\MICROS~1\Windows\Cookies
[F:76][D:4]-> C:\Users\ReNo\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 27/02/2009|17:31 - Option : [1]
--------------------\\ Fin du rapport a 17:31:49
[ UAC => 1 ]
- Réexécute Lop S&D en tant qu'administrateur.
- Choisis cette fois-ci l'option 2 (Suppression).
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt).
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A14
USER : ReNo ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total:99 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 27/02/2009|17:41 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\third lies itch ford\Trans Clock.dat
Supprime! - C:\ProgramData\third lies itch ford\Trans Clock.exe
Supprime! - C:\Users\ReNo\AppData\Local\Temp\TorrentSpeeder.zip
Supprime! - C:\Users\ReNo\AppData\Local\Temp\minime.exe
Supprime! - C:\Users\ReNo\AppData\Local\Temp\HtmlControl.dll
Supprime! - C:\ProgramData\NURB JUNK JUNK.60m8vlu
Supprime! - C:\ProgramData\NURB JUNK JUNK.xruzlrk
Supprime! - C:\ProgramData\proc flaw jump.ychd0su
Supprime! - C:\Users\ReNo\AppData\Local\Temp\bis14A9.exe
Supprime! - C:\ProgramData\third lies itch ford
Supprime! - C:\Program Files\TorrentSpeeder
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/08/2008|22:47] C:\Users\ReNo\AppData\Local\Adobe
[12/09/2008|17:03] C:\Users\ReNo\AppData\Local\Apple
[05/10/2008|21:38] C:\Users\ReNo\AppData\Local\Apple Computer
[27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Application Data
[02/10/2008|11:57] C:\Users\ReNo\AppData\Local\d3d9caps.dat
[20/02/2009|21:00] C:\Users\ReNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[18/08/2008|23:26] C:\Users\ReNo\AppData\Local\GDIPFONTCACHEV1.DAT
[27/04/2007|17:40] C:\Users\ReNo\AppData\Local\Google
[27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Historique
[27/02/2009|17:15] C:\Users\ReNo\AppData\Local\IconCache.db
[23/11/2008|15:45] C:\Users\ReNo\AppData\Local\Installer1512
[23/11/2008|15:29] C:\Users\ReNo\AppData\Local\Installer5508
[27/04/2007|17:39] C:\Users\ReNo\AppData\Local\MediaDirect
[25/12/2008|22:58] C:\Users\ReNo\AppData\Local\Microsoft
[27/05/2007|11:38] C:\Users\ReNo\AppData\Local\Microsoft Games
[12/08/2008|14:59] C:\Users\ReNo\AppData\Local\Microsoft Help
[23/08/2008|12:42] C:\Users\ReNo\AppData\Local\MicroVision Applications
[04/10/2007|16:44] C:\Users\ReNo\AppData\Local\Mozilla
[12/05/2007|10:27] C:\Users\ReNo\AppData\Local\Powercinema
[06/05/2007|21:29] C:\Users\ReNo\AppData\Local\Protexis
[13/03/2008|19:17] C:\Users\ReNo\AppData\Local\PunkBuster
[23/02/2008|15:46] C:\Users\ReNo\AppData\Local\SupportSoft
[27/02/2009|17:42] C:\Users\ReNo\AppData\Local\Temp
[27/04/2007|14:51] C:\Users\ReNo\AppData\Local\Temporary Internet Files
[19/05/2007|16:39] C:\Users\ReNo\AppData\Local\VirtualStore
[02/06/2008|20:11] C:\Users\ReNo\AppData\Local\Xenocode
[08/02/2009|18:55] C:\Users\ReNo\AppData\Local\Zattoo
[10/11/2008|14:04] C:\Users\ReNo\AppData\Local\ZattooPlayer
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[27/02/2009 07:39][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job
[27/02/2009 17:18][--ah-----] C:\Windows\tasks\SA.DAT
[27/02/2009 17:16][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[21/12/2008|20:49] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[23/02/2009|22:22] C:\ProgramData\Adobe
[23/02/2009|23:40] C:\ProgramData\ALM
[25/12/2008|22:58] C:\ProgramData\AppData
[09/09/2007|18:21] C:\ProgramData\Apple
[09/09/2007|18:29] C:\ProgramData\Apple Computer
[27/04/2007|14:50] C:\ProgramData\Application Data
[31/01/2009|11:21] C:\ProgramData\avg8
[25/02/2009|23:58] C:\ProgramData\AVS4YOU
[27/04/2007|14:50] C:\ProgramData\Bureau
[02/08/2008|10:03] C:\ProgramData\CheckPoint
[24/04/2007|01:21] C:\ProgramData\Corel
[24/04/2007|01:35] C:\ProgramData\CyberLink
[26/02/2008|15:35] C:\ProgramData\Dell
[02/06/2007|22:17] C:\ProgramData\DellFaxCtr
[27/04/2007|14:50] C:\ProgramData\Documents
[11/07/2007|18:41] C:\ProgramData\eMule
[27/04/2007|14:50] C:\ProgramData\Favoris
[19/08/2008|10:32] C:\ProgramData\FLEXnet
[24/04/2007|01:34] C:\ProgramData\Google
[24/04/2007|01:28] C:\ProgramData\Gtek
[24/04/2007|01:24] C:\ProgramData\InstallShield
[15/05/2008|18:53] C:\ProgramData\Intel
[05/06/2008|17:37] C:\ProgramData\Lavasoft
[03/01/2008|17:22] C:\ProgramData\LogiShrd
[28/01/2009|18:15] C:\ProgramData\ma-config.com
[05/03/2008|00:51] C:\ProgramData\McNeel
[27/04/2007|14:50] C:\ProgramData\Menu D‚marrer
[26/09/2007|18:37] C:\ProgramData\Messenger Plus!
[21/12/2008|18:01] C:\ProgramData\Microsoft
[11/02/2009|23:45] C:\ProgramData\Microsoft Help
[27/04/2007|14:50] C:\ProgramData\ModŠles
[11/10/2008|22:56] C:\ProgramData\NVIDIA
[08/05/2008|12:40] C:\ProgramData\Office Genuine Advantage
[15/05/2008|18:54] C:\ProgramData\Roaming
[23/08/2008|12:42] C:\ProgramData\Roxio
[05/10/2007|20:03] C:\ProgramData\Skyline
[01/09/2007|14:00] C:\ProgramData\Skype
[24/04/2007|01:24] C:\ProgramData\Sonic
[02/06/2007|22:17] C:\ProgramData\SPL55BB.tmp
[02/06/2007|22:16] C:\ProgramData\SPL63D7.tmp
[02/06/2007|22:23] C:\ProgramData\SPLC456.tmp
[23/02/2008|15:42] C:\ProgramData\SupportSoft
[25/07/2008|18:08] C:\ProgramData\Symantec
[26/02/2009|16:41] C:\ProgramData\uploadregs
[12/10/2008|23:45] C:\ProgramData\WindowsSearch
[10/03/2008|15:55] C:\ProgramData\WinZip
[13/03/2008|21:01] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[02/06/2007|22:16] C:\Program Files\Abbyy FineReader 6.0 Sprint
[26/02/2009|07:19] C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
[25/01/2009|09:00] C:\Program Files\Activision
[23/02/2009|23:45] C:\Program Files\Adobe
[15/02/2009|18:09] C:\Program Files\adslTV
[15/05/2007|15:01] C:\Program Files\Ahead
[06/05/2007|17:50] C:\Program Files\Alwil Software
[12/09/2008|17:03] C:\Program Files\Apple Software Update
[12/10/2007|16:43] C:\Program Files\Atari
[31/10/2008|18:17] C:\Program Files\AVG
[26/02/2009|18:53] C:\Program Files\AVS4YOU
[24/04/2007|01:33] C:\Program Files\BAE
[21/12/2008|20:46] C:\Program Files\Bonjour
[30/10/2008|18:28] C:\Program Files\Broadcom
[11/02/2009|19:17] C:\Program Files\CCleaner
[26/10/2008|19:34] C:\Program Files\Cisco
[25/02/2009|23:58] C:\Program Files\Common Files
[24/04/2007|00:57] C:\Program Files\CONEXANT
[08/09/2007|19:41] C:\Program Files\Creative
[24/04/2007|01:35] C:\Program Files\CyberLink
[11/07/2007|00:57] C:\Program Files\DAEMON Tools
[02/06/2007|22:18] C:\Program Files\Dell
[02/06/2007|22:18] C:\Program Files\Dell PC Fax
[02/06/2007|22:18] C:\Program Files\Dell Photo AIO Printer 926
[23/02/2008|15:41] C:\Program Files\Dell Support Center
[24/04/2007|01:27] C:\Program Files\DellSupport
[24/04/2007|01:18] C:\Program Files\Digital Line Detect
[11/07/2007|15:22] C:\Program Files\Direct X
[25/01/2009|09:00] C:\Program Files\EA GAMES
[27/04/2007|14:50] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[11/03/2008|19:55] C:\Program Files\Google
[02/06/2008|20:15] C:\Program Files\InstallShield Installation Information
[26/10/2008|19:34] C:\Program Files\Intel
[11/10/2008|10:14] C:\Program Files\Internet Explorer
[21/12/2008|20:49] C:\Program Files\iPod
[25/01/2009|09:00] C:\Program Files\IrfanView
[21/12/2008|20:49] C:\Program Files\iTunes
[05/12/2008|12:36] C:\Program Files\Java
[07/04/2008|16:17] C:\Program Files\KONAMI
[05/06/2008|17:37] C:\Program Files\Lavasoft
[28/01/2009|18:15] C:\Program Files\ma-config.com
[10/03/2008|17:25] C:\Program Files\Ma‹do Production
[04/07/2007|10:57] C:\Program Files\Media Player Classic
[15/02/2009|21:35] C:\Program Files\Messenger Plus! Live
[21/12/2008|18:11] C:\Program Files\Microsoft
[02/03/2008|08:59] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[15/05/2007|17:45] C:\Program Files\Microsoft Money 2005
[27/04/2007|18:46] C:\Program Files\Microsoft Office
[26/02/2009|18:20] C:\Program Files\Microsoft Silverlight
[27/04/2007|18:46] C:\Program Files\Microsoft Visual Studio
[27/04/2007|18:43] C:\Program Files\Microsoft Visual Studio 8
[15/09/2008|08:51] C:\Program Files\Microsoft Works
[27/04/2007|18:45] C:\Program Files\Microsoft.NET
[01/12/2007|09:15] C:\Program Files\mIRC
[24/04/2007|01:17] C:\Program Files\Modem Diagnostic Tool
[11/10/2008|10:14] C:\Program Files\Movie Maker
[27/02/2009|17:22] C:\Program Files\Mozilla Firefox
[27/04/2007|18:46] C:\Program Files\MSBuild
[27/04/2007|18:15] C:\Program Files\MSECache
[24/04/2007|01:12] C:\Program Files\MSXML 4.0
[24/04/2007|01:16] C:\Program Files\NetWaiting
[19/11/2008|22:30] C:\Program Files\PDFCreator
[19/11/2008|22:30] C:\Program Files\PDFCreator Toolbar
[04/07/2007|12:25] C:\Program Files\Player Tool
[21/12/2008|20:46] C:\Program Files\QuickTime
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0
[25/01/2009|09:00] C:\Program Files\Rhinoceros 3.0 Evaluation
[28/05/2007|09:01] C:\Program Files\Roxio
[24/04/2007|01:15] C:\Program Files\SigmaTel
[05/10/2007|20:03] C:\Program Files\Skyline
[01/09/2007|14:00] C:\Program Files\Skype
[19/01/2009|10:55] C:\Program Files\SpeedSim
[24/04/2007|08:51] C:\Program Files\Synaptics
[13/03/2008|17:26] C:\Program Files\SystemRequirementsLab
[27/02/2009|16:53] C:\Program Files\trend micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[10/03/2008|16:52] C:\Program Files\utorrent
[04/07/2007|16:13] C:\Program Files\VideoLAN
[02/06/2008|20:15] C:\Program Files\Vision Objects
[11/10/2008|10:14] C:\Program Files\Windows Calendar
[11/10/2008|10:14] C:\Program Files\Windows Collaboration
[11/10/2008|10:14] C:\Program Files\Windows Defender
[11/10/2008|10:14] C:\Program Files\Windows Journal
[21/12/2008|18:09] C:\Program Files\Windows Live
[21/12/2008|18:09] C:\Program Files\Windows Live SkyDrive
[11/02/2009|23:44] C:\Program Files\Windows Mail
[01/11/2008|18:37] C:\Program Files\Windows Media Player
[27/04/2007|14:50] C:\Program Files\Windows NT
[11/10/2008|10:14] C:\Program Files\Windows Photo Gallery
[11/10/2008|10:14] C:\Program Files\Windows Sidebar
[11/03/2008|19:55] C:\Program Files\WinRAR
[10/11/2008|13:52] C:\Program Files\Zattoo
[02/08/2008|10:46] C:\Program Files\Zone Labs
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[23/02/2009|23:47] C:\Program Files\Common Files\Adobe
[13/05/2007|21:26] C:\Program Files\Common Files\Ahead
[21/12/2008|20:49] C:\Program Files\Common Files\Apple
[26/02/2009|18:53] C:\Program Files\Common Files\AVSMedia
[27/04/2007|18:46] C:\Program Files\Common Files\DESIGNER
[05/08/2007|17:43] C:\Program Files\Common Files\InstallShield
[26/10/2008|19:34] C:\Program Files\Common Files\Intel
[24/04/2007|01:13] C:\Program Files\Common Files\Java
[03/01/2008|17:25] C:\Program Files\Common Files\LogiShrd
[23/02/2009|22:05] C:\Program Files\Common Files\Macrovision Shared
[05/03/2008|00:51] C:\Program Files\Common Files\McNeel Shared
[21/02/2009|08:05] C:\Program Files\Common Files\microsoft shared
[24/04/2007|01:24] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[01/09/2007|14:00] C:\Program Files\Common Files\Skype
[24/04/2007|01:26] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[23/02/2008|15:40] C:\Program Files\Common Files\supportsoft
[24/04/2007|01:24] C:\Program Files\Common Files\SureThing Shared
[25/07/2008|19:53] C:\Program Files\Common Files\Symantec Shared
[11/10/2008|10:14] C:\Program Files\Common Files\System
[21/12/2008|18:01] C:\Program Files\Common Files\Windows Live
[13/03/2008|21:05] C:\Program Files\Common Files\WindowsLiveInstaller
[05/06/2008|17:36] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 78 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 17:42:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Users\ReNo\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1241 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden files: 521
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\ReNo\AppData\Roaming\utorrent\civ4patch109plusnodvdcdcrack.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Civilization 4 IV + Warlords expansion + 1.61 + 2.08 update + nocd crack civ4 civIV.rar.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Civilization IV 1.61 Update + Crack - PCGAME.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Civilization.IV.Full.PLUS.Crack.WEBSEED.zip.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Pro.Cycling.Manager.2008-RELOADED - CRACK ONLY.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\rhino 3D v3.0 + crack + patch fr.rar.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\rld-cbts-crack.only-uolamer.rar.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\Winrar 3.71 French + Keygen.torrent
C:\Users\ReNo\AppData\Roaming\utorrent\[NewTorrents.info]_Civilization.IV.v1.52.CRACK.ONLY-RELOADED.torrent
[F:138][D:19]-> C:\Users\ReNo\AppData\Local\Temp
[F:45][D:1]-> C:\Users\ReNo\AppData\Roaming\MICROS~1\Windows\Cookies
[F:143][D:4]-> C:\Users\ReNo\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:4]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 27/02/2009|17:31 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 27/02/2009|17:45 - Option : [2]
--------------------\\ Fin du rapport a 17:45:44
[ UAC => 1 ]
- Télécharge DirLook sur ton Bureau.
- Clique droit sur DirLook.exe et choisis Exécuter en tant qu'administrateur.
- Vérifie que les deux cases situées derrière "Show hidden files/folders:" et "BBCode Output:" soient cochées.
- Copie le texte ci-dessous :
C:\ProgramData\uploadregs |
- Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.
- Clique sur le bouton DirLook pour lancer la recherche. Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
- Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.
- Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.
DirLook.exe v2.0 by jpshortstuff
Log created at 18:02 on 27/02/2009
==================================
Contents of "C:\ProgramData\uploadregs"
[color=blue]---FOLDERS---[/color]
(none found)
[color=blue]---FILES---[/color]
Error Creative.exe (585728 bytes - created on 26/02/2009 at 15:40, modified on 26/02/2009 at 15:40) --a---
zmhupqlx.exe (892928 bytes - created on 26/02/2009 at 15:41, modified on 26/02/2009 at 15:41) --a---
==================================
[color=blue]=EOF=[/color]
Dossier infecté par Lop.
- Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
- Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
- Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
|
- Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\ProgramData\uploadregs moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\ReNo\AppData\Local\Temp\etilqs_YGe3qhMecMqBO9ZljD15 scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Temp\fla5523.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Temp\~ROMFN_00000F24 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\JET19F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP00000073910CEDB6EB81BD6F scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZLT07eb3.TMP scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZLT07eba.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_180807
Files moved on Reboot...
File C:\Users\ReNo\AppData\Local\Temp\etilqs_YGe3qhMecMqBO9ZljD15 not found!
File C:\Users\ReNo\AppData\Local\Temp\fla5523.tmp not found!
File C:\Users\ReNo\AppData\Local\Temp\~ROMFN_00000F24 not found!
C:\Windows\temp\JET19F5.tmp moved successfully.
File C:\Windows\temp\TMP00000073910CEDB6EB81BD6F not found!
File C:\Windows\temp\ZLT07eb3.TMP not found!
File C:\Windows\temp\ZLT07eba.TMP not found!
C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_001_ moved successfully.
C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_002_ moved successfully.
C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_003_ moved successfully.
C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\urlclassifier3.sqlite moved successfully.
C:\Users\ReNo\AppData\Local\Mozilla\Firefox\Profiles\uzghbp1v.default\XUL.mfl moved successfully.
- Supprime Java(TM) 6 Update 11.
- Mets à jour Adobe Reader.
- Mets à jour Java.
- Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
- Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
- Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
- Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
- Sélectionne Exécuter un examen rapide.
- Clique sur Rechercher.
- L'analyse démarre.
- A la fin de l'analyse, un message s'affiche :
| Citation : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. |
- Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
- Ferme tes navigateurs.
- Si des malwares ont été détectés, clique sur Afficher les résultats.
- Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
- MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1810
Windows 6.0.6001 Service Pack 1
27/02/2009 18:59:19
mbam-log-2009-02-27 (18-59-19).txt
Type de recherche: Examen rapide
Eléments examinés: 61917
Temps écoulé: 7 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
- Refais un scan RSIT et poste le rapport log.
Logfile of random's system information tool 1.05 (written by random/random)
Run by ReNo at 2009-02-27 19:04:31
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 32 GB (32%) free of 102 GB
Total RAM: 2046 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:49, on 27/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Users\ReNo\Desktop\RSIT.exe
C:\Program Files\trend micro\ReNo.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11812 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{1F18BEA8-D8E0-4CA6-8F85-A4868A1B8959}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-25 1062184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-27 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-10 2436160]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-11-19 806912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-18 815104]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-04-24 240640]
"ECenter"=c:\dell\E-Center\EULALauncher.exe [2006-11-17 17920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-03 959976]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-10-04 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-10-04 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-10-04 81920]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-10-04 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-27 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"Cld2000.exe"=C:\Program Files\Calendrier\Cld2000.exe []
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-03-10 171448]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bd246fd-14d3-11dc-bd78-0019b96ba7ac}]
shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ee533c4-2f41-11dc-93c5-0019b96ba7ac}]
shell\AutoRun\command - F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3785a065-c825-11dd-90ad-0019b96ba7ac}]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f8d54-8c45-11dc-a484-0019b96ba7ac}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}]
shell\AutoRun\command - I:\t.com
shell\explore\command - I:\t.com
shell\open\command - I:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc6ffd2-519b-11dc-b71e-0019b96ba7ac}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734c90e8-df09-11dd-84ef-0019b96ba7ac}]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}]
shell\AutoRun\command - H:\yannh.cmd
shell\explore\command - H:\yannh.cmd
shell\open\command - H:\yannh.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}]
shell\AutoRun\command - H:\t.com
shell\explore\command - H:\t.com
shell\open\command - H:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cde995dd-30b7-11dd-94e8-0019b96ba7ac}]
shell\AutoRun\command - I:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}]
shell\AutoRun\command - I:\t.com
shell\explore\command - I:\t.com
shell\open\command - I:\t.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}]
shell\AutoRun\command - F:\t.com
shell\explore\command - F:\t.com
shell\open\command - F:\t.com
======List of files/folders created in the last 1 months======
2009-02-27 18:50:57 ----D---- C:\Users\ReNo\AppData\Roaming\Malwarebytes
2009-02-27 18:50:49 ----D---- C:\ProgramData\Malwarebytes
2009-02-27 18:50:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-27 18:49:41 ----A---- C:\Windows\system32\javaws.exe
2009-02-27 18:49:41 ----A---- C:\Windows\system32\javaw.exe
2009-02-27 18:49:41 ----A---- C:\Windows\system32\java.exe
2009-02-27 18:44:51 ----SHD---- C:\Config.Msi
2009-02-27 18:08:07 ----D---- C:\_OTMoveIt
2009-02-27 17:59:53 ----A---- C:\DirLook.txt
2009-02-27 17:27:01 ----A---- C:\lopR.txt
2009-02-27 17:26:06 ----D---- C:\Lop SD
2009-02-27 16:53:20 ----D---- C:\Program Files\trend micro
2009-02-27 16:53:17 ----D---- C:\rsit
2009-02-26 07:19:36 ----A---- C:\Windows\system32\NCTWMAFile.dll
2009-02-26 07:19:35 ----A---- C:\Windows\system32\NCTAudioFile.dll
2009-02-26 07:19:35 ----A---- C:\Windows\system32\lame_enc.dll
2009-02-26 07:19:34 ----A---- C:\Windows\system32\faq.txt
2009-02-26 07:19:26 ----D---- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2009-02-25 23:58:52 ----D---- C:\ProgramData\AVS4YOU
2009-02-25 23:58:50 ----D---- C:\Users\ReNo\AppData\Roaming\AVS4YOU
2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files\AVSMedia
2009-02-25 23:58:18 ----A---- C:\Windows\system32\msxml3a.dll
2009-02-25 23:58:18 ----A---- C:\Windows\system32\msvcp70.dll
2009-02-25 23:58:18 ----A---- C:\Windows\system32\cc3270mt.dll
2009-02-25 23:58:17 ----D---- C:\Program Files\AVS4YOU
2009-02-25 21:18:03 ----A---- C:\Windows\system32\msvcr70.dll
2009-02-23 23:40:12 ----D---- C:\ProgramData\ALM
2009-02-23 22:05:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-02-23 20:51:37 ----AD---- C:\Adobe suite
2009-02-15 17:39:17 ----D---- C:\Users\ReNo\AppData\Roaming\vlc
2009-02-15 17:39:15 ----D---- C:\Program Files\adslTV
2009-02-15 10:15:14 ----A---- C:\Windows\system32\EncDec.dll
2009-02-15 10:15:11 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-11 22:40:56 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 22:40:55 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 22:40:53 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 22:40:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 22:40:51 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 22:40:50 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 22:40:48 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 22:40:45 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-11 19:17:00 ----D---- C:\Program Files\CCleaner
2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
2009-01-31 11:49:39 ----A---- C:\Windows\system32\avgrsstx.dll
======List of files/folders modified in the last 1 months======
2009-02-27 19:04:38 ----D---- C:\Windows\Temp
2009-02-27 19:00:30 ----D---- C:\Windows\Internet Logs
2009-02-27 18:50:53 ----D---- C:\Windows\system32\drivers
2009-02-27 18:50:49 ----RD---- C:\Program Files
2009-02-27 18:50:49 ----HD---- C:\ProgramData
2009-02-27 18:50:14 ----SHD---- C:\Windows\Installer
2009-02-27 18:49:42 ----D---- C:\Windows\System32
2009-02-27 18:49:15 ----A---- C:\Windows\system32\deploytk.dll
2009-02-27 18:48:56 ----SHD---- C:\System Volume Information
2009-02-27 18:47:57 ----D---- C:\ProgramData\Adobe
2009-02-27 18:46:53 ----D---- C:\Program Files\Common Files\Adobe
2009-02-27 18:46:09 ----D---- C:\Program Files\Adobe
2009-02-27 18:13:11 ----D---- C:\MDT
2009-02-27 17:22:01 ----D---- C:\Program Files\Mozilla Firefox
2009-02-27 16:55:19 ----D---- C:\Users\ReNo\AppData\Roaming\Skype
2009-02-27 07:52:40 ----D---- C:\Windows\Debug
2009-02-27 07:52:40 ----D---- C:\Windows
2009-02-26 23:13:21 ----HD---- C:\$AVG8.VAULT$
2009-02-26 18:20:03 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-26 16:40:48 ----D---- C:\Windows\system32\Tasks
2009-02-26 07:16:58 ----D---- C:\Users\ReNo\AppData\Roaming\utorrent
2009-02-25 23:58:19 ----D---- C:\Program Files\Common Files
2009-02-25 21:02:25 ----RSD---- C:\Windows\assembly
2009-02-25 20:43:16 ----D---- C:\Windows\system32\catroot2
2009-02-24 08:01:30 ----D---- C:\Users\ReNo\AppData\Roaming\Adobe
2009-02-23 22:27:41 ----D---- C:\Windows\winsxs
2009-02-23 17:51:17 ----D---- C:\Windows\Prefetch
2009-02-21 08:05:39 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-20 18:13:48 ----D---- C:\Windows\inf
2009-02-20 18:13:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-17 17:26:43 ----D---- C:\Windows\Downloaded Installations
2009-02-15 23:27:40 ----D---- C:\Windows\Microsoft.NET
2009-02-15 23:27:24 ----D---- C:\Windows\ehome
2009-02-15 21:35:52 ----D---- C:\Program Files\Messenger Plus! Live
2009-02-15 10:06:42 ----D---- C:\Windows\system32\catroot
2009-02-11 23:45:10 ----D---- C:\ProgramData\Microsoft Help
2009-02-11 23:44:12 ----D---- C:\Program Files\Windows Mail
2009-02-11 19:32:42 ----D---- C:\Windows\Minidump
2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-01-31 11:21:14 ----D---- C:\ProgramData\avg8
2009-01-28 18:15:50 ----D---- C:\ProgramData\ma-config.com
2009-01-28 18:15:50 ----D---- C:\Program Files\ma-config.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-03-03 279440]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9432]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192]
R3 bcm4sbxp;Pilote XP du contrôleur intégré Broadcom 440x 10/100; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 7628608]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-18 179256]
R3 V0260VID;Live! Cam Vista IM; C:\Windows\system32\DRIVERS\V0260Vid.sys [2007-07-18 154784]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 akl97bm8;akl97bm8; C:\Windows\system32\drivers\akl97bm8.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-01-24 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Pilote de la connexion réseau Intel(R) PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-05 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-04 537480]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-03-03 79400]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe []
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-23 654848]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-04-24 81408]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-10 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
-----------------EOF-----------------
- Supprime les traces de Norton avec ceci.
L'auteur d'UsbFix ayant retiré son programme (UsbFix), je prends la responsabilité de te le faire utiliser. Merci aux autres de ne pas utiliser le lien de téléchargement donné.
- Télécharge UsbFix sur ton Bureau.
- Lance l'installation avec les paramètres par défaut.
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
- Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.
- Choisis l'option 1 (Nettoyage).
- Le PC va redémarrer.
- Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
Message édité par Destrio5 le 27-02-2009 à 19:11:14
Voila le rapport
Mais le bureau ne réapparait pas en tapant "explorer.exe"...
-------------- UsbFix V2.414.3 ---------------
* User : ReNo - NENEO
* Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:26:37 le 27/02/2009
* Windows Vista - Internet Explorer 7.0.6001.18000
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
F: - Lecteur amovible
H: - Lecteur amovible
I: - Lecteur amovible
J: - Lecteur fixe
+- Contenu de l'autorun : J:\autorun.inf
[autorun]
icon=.VolumeIcon.ico
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[18/09/2006 22:43][--a------] C:\autoexec.bat
[27/02/2009 18:02][--a------] C:\DirLook.txt
[27/02/2009 18:02][--a------] C:\lopR.txt
[27/02/2009 18:02][--a------] C:\UsbFix.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\hiberfil.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur E ] ----------------
E: - Lecteur de CD-ROM
+- Listing des fichiers présents :
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur H ] ----------------
H: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur I ] ----------------
I: - Lecteur amovible
+- Listing des fichiers présents :
--------------- [ Lecteur J ] ----------------
J: - Lecteur fixe
+- Listing des fichiers présents :
[26/12/2008 16:05][---hs----] J:\._autorun.inf
[26/12/2008 16:05][---hs----] J:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
DellSupport="C:\Program Files\DellSupport\DSAgnt.exe" /startup
ehTray.exe=C:\Windows\ehome\ehTray.exe
DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Cld2000.exe=C:\Program Files\Calendrier\Cld2000.exe
Rainlendar2=C:\Program Files\Rainlendar2\Rainlendar2.exe
DellSupportCenter="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
<NO NAME>=
RoxWatchTray="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ECenter=c:\dell\E-Center\EULALauncher.exe
PCMService="C:\Program Files\Dell\MediaDirect\PCMService.exe"
ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
NeroCheck=C:\Windows\system32\NeroCheck.exe
dlcxmon.exe="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
MemoryCardManager="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
FaxCenterServer="C:\Program Files\Dell PC Fax\fm3032.exe" /s
dscactivate="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
DellSupportCenter="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
SigmatelSysTrayApp=sttray.exe
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NVHotkey=rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bd246fd-14d3-11dc-bd78-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee533c4-2f41-11dc-93c5-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3785a065-c825-11dd-90ad-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{576f8d54-8c45-11dc-a484-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a6014a0-9a09-11dd-b8cf-0019b96ba7ac}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc6ffd2-519b-11dc-b71e-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{734c90e8-df09-11dd-84ef-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fc531e9-f82d-11dc-8093-0019b96ba7ac}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad17c62c-f788-11dd-9eab-0019b96ba7ac}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cde995dd-30b7-11dd-94e8-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b2f07e-9459-11dd-b657-0019b96ba7ac}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd142b00-f607-11dd-9dc2-0019b96ba7ac}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [10/08/2008 12:54][---hs----] F:\msvcr71.dll
Supprimé ! - [26/12/2008 16:05][---hs----] J:\._autorun.inf
Supprimé ! - [26/12/2008 16:05][---hs----] J:\autorun.inf
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\
[18/09/2006 22:43][--a------] C:\autoexec.bat
--------------- [ Vaccination ] ----------------
C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
I:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
J:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
--------------- ! Fin du rapport ! ----------------
- Désinstalle UsbFix.
Redémarre ton PC et dis-moi si tout va bien.
Tout à l'air d'aller bien, le bureau est revenu.
Si c'est fini, je te remercie grandement, pour ton efficacité, ta clarté et ta rapidité d'intervention.
J'aimerais te demander quoi faire pour avoir un bon entretien de mon ordinateur : j'ai AVG 8, Zone Alarm et Ad-aware et j'essaie de faire des analyse régulièrement.
Merci
1/
- Désinstalle HijackThis.
- Télécharge OTCleanIt sur ton Bureau :
- Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
- Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
- Redémarre ton PC comme demandé.
2/
- Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
- Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3/
- Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
- Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.
==Prévention==
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
Si tu estimes que ton problème est résolu :
---> Ajoute maintenant [Résolu] au titre. Pour cela :
- Clique, dans ton premier message, sur le bouton Editer
.
- Rajoute la mention [Résolu] devant le titre.
- Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet 
Merci beaucoup !
Il y a 340 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
