MAJ Windows, Bitdefender impossible + redirections Google

Bonsoir!

Comme dit dans le titre, il m'est impossible de mettre à jour Windows, Windows Defender et BitDefender Total Security 2008. Pour le cas de Windows, je vient de m'en apercevoir à l'instant. Pour le cas des deux derniers, je le sais depuis un certain temps (moins d'un mois), mais je ne m'étais pas trop inquiété, vu que je n'avais pas de problèmes sur mon PC.

Ça a commencé en faisant des recherches sur Google, j'étais automatiquement redirigé vers des sites commerciaux (Shopanese...).
J'ai alors cherché sur internet, si des personnes avaient eu le même problème. Je suis tombé sur votre forum, et un Helpeur proposait d'installer Catchme, à un utilisateur. Je l'ai donc téléchargé, en même temps que Antivir. Catchme m'a détecté 3 fichiers cachés sans se terminer correctement (= alerte Windows "catchme.exe a cessé de fonctionner" ) et Antivir les a supprimé, avec une dizaine autre de fichiers dangereux, que BitDefender ne détectait pas.

Je pensais mon problème résolu, d'autant plus que je n'avais plus de redirections indésirables sur Google, jusqu'au jour où cela a recommencé, avec l'impossibilité de la MAJ Bitdefender et Windows Defender (la MAJ d'Antivir elle, fonctionne), et un message apparu à l'ouverture de la sessions Windows, comme quoi les scripts de msn+ que j'utilisais avaient été désactivés.

J'ai alors fait un scan complet par Antivir, qui n'a rien trouvé, excepté 5 fichiers cachés. D'ailleurs, qu'est ce qu'un fichier caché tel que le définit Antivir ?

Et maintenant, je viens de m'apercevoir que c'est Windows que je n'arrive pas à mettre à jour et la dernière Maj remonte à un mois (comme celle de BitDefender)...

Aussi, il y a quelques jours, quand j'allais sur le site lemonde.fr (et uniquement celui-la), à chaque fois que je chargeais une page de ce site, Antivir me détectait 3 virus sur mon disque dans C:\Windows\Temp et qui avait pour nom httpproxy... quelquechose. Ça ne me l'a fait qu'une seule fois, mais je voulais le préciser.


J'ai fait une analyse avec Antivir, et il ne détecte aucun fichier dangereux, mais toujours ces 5 fichiers cachés...
Donc voila, si quelqu'un pouvait m'aider, car je suis un peu perdu...
Sinon pour info, j'utilise Windows Vista SP1, Firefox avec AdBlock Plus.

Je peux faire la MAJ de BitDefender et de Windows maintenant. Merci de ton aide
Pour Windows, ca a téléchargé les fichiers nécessaires à la MAJ, et là, depuis 10, c'est toujours sur "Préparation de l'installation"...

Bon voici le rapport de ComboFix :

ComboFix 09-05-25.05 - Cédric 26/05/2009 0:29.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1158 [GMT 2:00]
Lancé depuis: c:\users\Cédric\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *disabled* (Outdated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\HeroCodec
c:\programdata\Microsoft\Windows\Start Menu\Programs\HeroCodec\Uninstall.lnk
c:\windows\system32\gxvxccounter
c:\windows\system32\winio.vxd

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-25 au 2009-05-25 ))))))))))))))))))))))))))))))))))))
.

2009-05-21 20:20 . 2009-05-21 20:20 -------- d-----w c:\program files\Audacity
2009-05-13 20:27 . 2009-05-13 20:27 -------- d-----w c:\program files\Microsoft Visual Studio .NET
2009-05-13 20:22 . 2009-05-13 20:27 -------- d-----w C:\oraclexe
2009-05-13 19:06 . 2009-05-13 19:06 -------- d-----w c:\program files\Oracle
2009-05-11 08:02 . 2009-03-30 08:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-11 08:02 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-11 08:01 . 2009-05-11 08:01 -------- d-----w c:\programdata\Avira
2009-05-11 08:01 . 2009-05-11 08:01 -------- d-----w c:\program files\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 22:43 . 2008-05-07 17:39 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-24 12:25 . 2006-03-12 23:37 681724 ----a-w c:\windows\system32\perfh00C.dat
2009-05-24 12:25 . 2006-03-12 23:37 128882 ----a-w c:\windows\system32\perfc00C.dat
2009-05-13 20:37 . 2006-03-12 15:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 20:27 . 2006-03-12 15:42 -------- d-----w c:\programdata\Microsoft Help
2009-05-04 15:34 . 2008-02-16 21:02 -------- d-----w c:\program files\Steam
2009-04-23 21:25 . 2009-04-23 20:21 -------- d-----w c:\program files\Replay Media Catcher
2009-04-23 21:12 . 2009-04-23 20:31 237568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2009-04-23 21:12 . 2009-04-23 20:31 156672 ----a-w c:\windows\system32\rmc_fixasf.exe
2009-04-23 21:11 . 2009-04-23 20:31 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2009-04-18 14:05 . 2008-03-24 18:48 -------- d-----w c:\program files\SWiSH Max2
2009-04-18 12:44 . 2008-03-13 22:17 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-14 00:39 . 2009-04-23 16:41 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{37A687F2-4D96-4408-932A-56CC3D8A5138}\mpengine.dll
2009-04-12 13:25 . 2008-02-16 21:02 -------- d-----w c:\program files\Common Files\Steam
2009-04-07 17:52 . 2008-02-15 19:55 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-16 11:28 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 11:28 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2009-03-07 11:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-03-20 02:03 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-20 02:03 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 02:03 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-20 02:03 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 02:03 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 02:03 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 02:03 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 02:03 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 02:03 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 02:03 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 02:03 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-20 02:03 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 02:03 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-20 02:03 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 02:03 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 02:03 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 02:03 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-20 02:03 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 11:29 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 11:29 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 11:29 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 11:29 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 11:29 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 11:29 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 11:29 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 11:29 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-16 11:29 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 11:29 17408 ----a-w c:\windows\system32\iashost.exe
2006-03-12 23:42 . 2006-03-12 23:41 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-10-08 368640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\C‚dric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{55110DED-AFEC-4F0E-A8DD-781FB6F2822A}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{D94E31F4-49B8-4D79-A454-342A18B6CF6E}"= UDP:c:\program files\DNA\btdna.exeNA
"{8B6EB924-9E61-4E66-8380-2ED0C517C3C9}"= TCP:c:\program files\DNA\btdna.exeNA
"{07782995-63B1-4472-8CB5-38B6CE7FA1C0}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{741542AE-514C-4847-BB67-C577C09BAF04}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{41DC0EE5-E961-405D-B1B0-E811F34A504E}"= UDP:c:\program files\DNA\btdna.exeNA
"{3465CDF9-4B64-42FA-8931-1D3BBD9EF9D4}"= TCP:c:\program files\DNA\btdna.exeNA
"{0659D9C2-7404-4796-B211-43694514FD5C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{80F906AE-7B10-42E2-A3E6-F4E1BF2C9D7F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4A1C07F7-01A8-4CEB-AA58-DB853D0CE8A6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{27D6F7D6-6B3D-46E6-AE7B-1BFFF1587D35}c:\\program files\\abc\\abc.exe"= UDP:c:\program files\abc\abc.exe:abc
"UDP Query User{50CFE6D1-3E5F-4308-B545-91FF84C92F3B}c:\\program files\\abc\\abc.exe"= TCP:c:\program files\abc\abc.exe:abc
"TCP Query User{CCE9D343-1380-4F2B-A778-86D1ECF80EBA}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1A48D837-7E7A-41E0-B4F8-EEB91A0FA2BF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{763D9E62-DA04-4138-BC1C-02C21C98C002}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{B9D11BD7-E484-4147-9B0F-F459FC9D363F}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{978B6047-9D74-4B70-8D19-9B7CE2AC26D5}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{99251FD0-6962-410F-878B-593702B465B1}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{C858B825-92D4-4D33-841E-360234580670}c:\\program files\\sopcast\\sopvod.exe"= UDP:c:\program files\sopcast\sopvod.exe:sopvod
"UDP Query User{18F5C817-88C4-46E9-A706-CC2412BC88D0}c:\\program files\\sopcast\\sopvod.exe"= TCP:c:\program files\sopcast\sopvod.exe:sopvod
"TCP Query User{FB82381F-A636-470C-874F-4DB3A9F2C3C4}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{83B277DF-2815-4888-A678-B2FBA01BD667}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{A02B628E-B8F9-4FE1-8175-0914979AF7BA}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{6215858A-6E00-4A48-B807-63FB9D35E332}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{D4BEE5DF-DBE9-4121-A659-5D5C4E3C1FDB}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{B75C07F4-2548-4135-9EB1-18425D8536EC}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{8B76E839-F2E4-452A-A255-C9F65258C86F}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{238910AF-C6F8-4D16-A5FF-88F71B8D7E62}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{6A52307A-2A34-48D3-88D5-8E82DD836030}c:\\program files\\steam\\steamapps\\kpoatika\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\kpoatika\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{8E19D379-24EE-4E8A-81A6-B3B160E5B79B}c:\\program files\\steam\\steamapps\\kpoatika\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\kpoatika\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{DE5E8E71-E066-4DAC-B3CC-9D7FF1CB0BBE}c:\\program files\\steam\\steamapps\\kpoatika\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kpoatika\counter-strike source\hl2.exe:hl2
"UDP Query User{67D12489-6567-47C5-B255-A972F0E79331}c:\\program files\\steam\\steamapps\\kpoatika\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kpoatika\counter-strike source\hl2.exe:hl2
"TCP Query User{6DBEAB7F-AC85-4963-A440-E3E4C8478831}c:\\program files\\steam\\steamapps\\kpoatika\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\kpoatika\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{D93DC261-1924-4076-8DBA-A0045854E41A}c:\\program files\\steam\\steamapps\\kpoatika\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\kpoatika\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6195E500-0336-403F-A791-3F97FD6E830E}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{270B1BB4-9526-41E4-BAC9-B5917BF76EDE}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{15501D28-CA0D-4F80-8605-33C68FD386AD}c:\\program files\\steam\\steamapps\\kpoatika\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\kpoatika\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{28B91BD3-BC26-4F15-A6A4-755DDA5051D0}c:\\program files\\steam\\steamapps\\kpoatika\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\kpoatika\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{1298FFEC-F350-4FBC-AAED-78A0F5A407AE}c:\\program files\\steam\\steamapps\\kpoatika\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\kpoatika\team fortress 2\hl2.exe:hl2
"UDP Query User{215BFE24-D2CD-4578-883A-32651248D126}c:\\program files\\steam\\steamapps\\kpoatika\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\kpoatika\team fortress 2\hl2.exe:hl2
"TCP Query User{FBE5E626-06B9-46D6-89EE-FE1A1C7CC3DF}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{3B6AD795-2D72-4614-95E6-E85EA84601F7}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{F6C824A0-5E7D-416D-A1A1-FB43AB2C66A9}c:\\program files\\steam\\steamapps\\kpoatika\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kpoatika\day of defeat source\hl2.exe:hl2
"UDP Query User{A2B03943-A857-47F0-A3F0-7F7A27FFF6E5}c:\\program files\\steam\\steamapps\\kpoatika\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kpoatika\day of defeat source\hl2.exe:hl2
"{E5B535AE-982F-4452-933A-56FFAC4758D1}"= UDP:c:\program files\SMSlisto\SMSlisto.exe:SMSlisto
"{70D818CE-9A58-422A-928C-DC49FD61FD97}"= TCP:c:\program files\SMSlisto\SMSlisto.exe:SMSlisto
"TCP Query User{6290D4EA-8374-44AF-BA7A-42F74DC4C50C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{985B18D3-F4AA-4B16-B372-83C354B9E3CC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D55813F8-1940-495F-AA74-FA72C5BEB981}c:\\program files\\steam\\steamapps\\kpoatika\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\kpoatika\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{1B0878BD-D37C-40E0-B4F5-675F3E3FBE86}c:\\program files\\steam\\steamapps\\kpoatika\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\kpoatika\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{44EA070B-1F80-4508-8206-B86B7739EA3B}c:\\program files\\steam\\steamapps\\kpoatika\\day of defeat source beta\\hl2.exe"= UDP:c:\program files\steam\steamapps\kpoatika\day of defeat source beta\hl2.exe:hl2
"UDP Query User{9346354A-E6EA-4FA4-B7D1-ED6E3563735E}c:\\program files\\steam\\steamapps\\kpoatika\\day of defeat source beta\\hl2.exe"= TCP:c:\program files\steam\steamapps\kpoatika\day of defeat source beta\hl2.exe:hl2
"{C36C4523-2264-47EF-848B-FB2CCDCFC2BE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{20081AA1-A63F-4F56-80BC-BA2A277623F7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{4CA8DF3A-2F5F-46E9-82AC-9B0AC9DA84FE}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{A747F486-3A4B-4B4C-8FD9-710400DA0F62}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{37BE27CA-603B-40AA-B5D2-338C057F63B8}c:\\users\\cédric\\appdata\\local\\temp\\rar$ex00.324\\freezer.exe"= UDP:c:\users\cédric\appdata\local\temp\rar$ex00.324\freezer.exe:freezer.exe
"UDP Query User{4D89C0BF-8540-4DB5-9E6A-352AD12D2E4C}c:\\users\\cédric\\appdata\\local\\temp\\rar$ex00.324\\freezer.exe"= TCP:c:\users\cédric\appdata\local\temp\rar$ex00.324\freezer.exe:freezer.exe
"TCP Query User{DDB9C129-CF58-4B75-A600-5FED99262F37}c:\\users\\cédric\\appdata\\local\\temp\\rar$ex00.575\\freezer.exe"= UDP:c:\users\cédric\appdata\local\temp\rar$ex00.575\freezer.exe:freezer.exe
"UDP Query User{81A2A8B6-A463-4F1E-A95F-B0A8C93CA100}c:\\users\\cédric\\appdata\\local\\temp\\rar$ex00.575\\freezer.exe"= TCP:c:\users\cédric\appdata\local\temp\rar$ex00.575\freezer.exe:freezer.exe
"TCP Query User{D543EB66-6B9F-41D3-A0F2-5808E7006D2D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C427C4AE-657F-4D15-9BE8-32EF96FF73C1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{B2574269-2C13-4B6E-BF3C-07D3DE98D3FB}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{279BB9AD-5E98-4408-9D42-37013B22B8D8}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DE90AD6E-CBE9-4DCB-B07A-BBF0EDE730DF}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{11BFCC31-3B5F-46C6-9603-B73D3B3237E0}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{AD0EF7F4-52CB-46EB-B48A-BFA8EB3C519F}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{05628AE9-D3F8-4B68-8C45-C8F53E68042E}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{5B15A2BF-2041-4FEF-B9DE-29FE4065D243}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 10:02 108289]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [19/10/2007 13:17 86792]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [13/03/2006 01:33 281088]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-25 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-12 16:38]

2009-05-25 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-03-12 16:34]

2009-05-25 c:\windows\Tasks\User_Feed_Synchronization-{4764A8DA-99D0-4483-A112-BF61C8C6C592}.job
- c:\windows\system32\msfeedssync.exe [2009-03-20 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\1radoc06.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (FR)
FF - prefs.js: browser.startup.homepage - file:///CUsers/C%C3%A9dric/Documents/Programmation/HTML/home.html
FF - component: c:\users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\1radoc06.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 00:48
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3380)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Heure de fin: 2009-05-25 0:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-25 22:54

Avant-CF: 15 620 567 040 octets libres
Après-CF: 16 721 379 328 octets libres

274 --- E O F --- 2009-04-23 16:41

Contenu de log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cédric at 2009-05-26 01:26:32
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 16 GB (15%) free of 103 GB
Total RAM: 2038 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:48, on 26/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cédric\Desktop\RSIT.exe
C:\Program Files\trend micro\Cédric.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuit [...] plugin.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9072 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\Recovery DVD Creator.job
C:\Windows\tasks\User_Feed_Synchronization-{4764A8DA-99D0-4483-A112-BF61C8C6C592}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-10-08 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-20 861744]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-01-11 232184]
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-08-16 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-08-16 8478720]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-08-16 81920]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-10-08 368640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\Users\Cédric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-26 01:26:33 ----D---- C:\Program Files\trend micro
2009-05-26 01:26:32 ----D---- C:\rsit
2009-05-26 00:54:08 ----A---- C:\ComboFix.txt
2009-05-26 00:46:23 ----SHD---- C:\$RECYCLE.BIN
2009-05-26 00:27:07 ----A---- C:\Windows\zip.exe
2009-05-26 00:27:07 ----A---- C:\Windows\SWXCACLS.exe
2009-05-26 00:27:07 ----A---- C:\Windows\SWSC.exe
2009-05-26 00:27:07 ----A---- C:\Windows\SWREG.exe
2009-05-26 00:27:07 ----A---- C:\Windows\sed.exe
2009-05-26 00:27:07 ----A---- C:\Windows\PEV.exe
2009-05-26 00:27:07 ----A---- C:\Windows\NIRCMD.exe
2009-05-26 00:27:07 ----A---- C:\Windows\grep.exe
2009-05-26 00:21:08 ----D---- C:\Windows\ERDNT
2009-05-26 00:18:08 ----D---- C:\Qoobox
2009-05-21 22:20:35 ----D---- C:\Program Files\Audacity
2009-05-13 22:27:30 ----D---- C:\Program Files\Microsoft Visual Studio .NET
2009-05-13 22:22:20 ----D---- C:\oraclexe
2009-05-13 21:06:47 ----D---- C:\Program Files\Oracle
2009-05-11 10:01:58 ----D---- C:\ProgramData\Avira
2009-05-11 10:01:58 ----D---- C:\Program Files\Avira

======List of files/folders modified in the last 1 months======

2009-05-26 01:26:38 ----D---- C:\Windows\Temp
2009-05-26 01:26:33 ----D---- C:\Program Files
2009-05-26 01:05:04 ----D---- C:\Windows\System32
2009-05-26 01:02:12 ----D---- C:\Program Files\Mozilla Firefox
2009-05-26 01:00:06 ----D---- C:\Windows\system32\catroot
2009-05-26 01:00:01 ----D---- C:\Windows\system32\catroot2
2009-05-26 00:59:49 ----D---- C:\Windows\winsxs
2009-05-26 00:54:12 ----D---- C:\Windows\system32\fr-FR
2009-05-26 00:54:11 ----D---- C:\Windows\system32\drivers
2009-05-26 00:48:05 ----D---- C:\Windows
2009-05-26 00:46:32 ----A---- C:\Windows\system.ini
2009-05-26 00:42:58 ----A---- C:\Windows\bdagent.INI
2009-05-26 00:42:41 ----D---- C:\Windows\system32\config
2009-05-26 00:39:07 ----SHD---- C:\System Volume Information
2009-05-26 00:32:51 ----D---- C:\Windows\AppPatch
2009-05-26 00:32:49 ----D---- C:\Program Files\Common Files
2009-05-26 00:18:11 ----D---- C:\Windows\Prefetch
2009-05-25 23:59:39 ----D---- C:\Users\Cédric\AppData\Roaming\FileZilla
2009-05-24 22:31:50 ----A---- C:\Windows\SpeederXP.INI
2009-05-24 14:25:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-24 14:25:25 ----D---- C:\Windows\inf
2009-05-17 19:31:25 ----SHD---- C:\Windows\Installer
2009-05-16 03:01:08 ----D---- C:\Users\Cédric\AppData\Roaming\LimeWire
2009-05-13 22:37:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-13 22:27:37 ----D---- C:\ProgramData\Microsoft Help
2009-05-13 22:27:25 ----RSD---- C:\Windows\assembly
2009-05-11 10:01:58 ----D---- C:\ProgramData
2009-05-04 17:34:27 ----D---- C:\Program Files\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-10-08 156688]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-22 385072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-10-08 86792]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-01-07 196368]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-10-08 8320]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-07-13 163328]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-08-16 7610784]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-07-19 281088]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-20 186552]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 246784]
R4 catchme;catchme; \??\C:\Users\CDRIC~1\AppData\Local\Temp\catchme.sys []
S3 ai5qqkbg;ai5qqkbg; C:\Windows\system32\drivers\ai5qqkbg.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 WINUSB;Pilote WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-27 1179648]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59064320]
R2 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-03-06 266343]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-10-08 1261568]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2008-10-08 86016]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-15 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-02 57616]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-02 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-11 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe [2007-07-06 5730304]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-02 102400]

-----------------EOF-----------------








Contenu de info.txt :

info.txt logfile of random's system information tool 1.06 2009-05-26 01:26:51

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
7 Wonders 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15900
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 8.1.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Advanced Archive Password Recovery (remove only)-->C:\Program Files\Archive Pwd Recovery\uninstall.exe
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Armagetron Advanced 0.2.8.2.1.gcc-->C:\Program Files\Armagetron Advanced\uninst.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atari 80 Classic Games-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2790
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Beijing Olympics 2008-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10520
Bejeweled 2 Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3300
Bejeweled Twist-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3560
BitDefender Total Security 2008-->MsiExec.exe /I{F4F09997-F426-4019-B29B-6F1FE74852AC}
Brothers in Arms: Earned in Blood-->"C:\Program Files\Steam\steam.exe" steam://uninstall/19800
Brothers in Arms: Hells Highway-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15390
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Call of Duty-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2620
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
City Life Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4410
City Life-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4400
Commandos 2: Men of Courage-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6830
Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IPBCVenza.inf
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
Deus Ex: Game of the Year Edition-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6910
Discovery! A Seek and Find Adventure-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16000
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9050
EatCam Webcam Recorder 3.6 for MSN-->"C:\Program Files\EatCam\Webcam Recorder for MSN\unins000.exe"
Fake Webcam 5.1.0-->"C:\Program Files\Fake Webcam\unins000.exe"
FarCry 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/19900
FIFA Manager 09-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17400
FileZilla Client 3.1.0-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Free Mp3 Wma Converter V 1.7.3-->"C:\Program Files\Mp3 Wma Converter\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Ghost Recon-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15300
GNAT Public Version Ada 95 Environment 3.14p-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB2174B0-F84A-11D4-ACAA-0010A4E31400}\setup.exe"
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
Grand Theft Auto IV-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12210
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Happy Tree Friends False Alarm-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10470
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6850
Hitman: Blood Money-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6860
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Insaniquarium Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3320
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
jGRASP-->"C:\Program Files\jGRASP\uninstall.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LimeWire PRO 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Luxor 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15920
Luxor 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15930
Magic Sports-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MagicSports*
MagicSports 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5927AF0D-335C-41D6-937B-54587EBD6D2C}\setup.exe" -uninstall
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Max Payne 2: The Fall of Max Payne-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12150
Max Payne-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12140
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
MinGW 5.1.3-->C:\MinGW\uninst.exe
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *N360_2007_FR*
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
ObjectAda V7.2 (Intel) Special Edition-->C:\Windows\IsUninst.exe -f"C:\Program Files\ObjectAda\Uninst.isu"
Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Oracle Database 10g Express Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75} /l1036
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Pochette Express 2-->C:\Program Files\Pochette Express 2\uninstall.exe
Portal-->C:\Program Files\Portal\uninstall.exe
Railroad Tycoon 2: Platinum-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7620
Replay Media Catcher 3.02-->"C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
SecureW2 EAP Suite 1.1.1 for Windows-->C:\Program Files\SecureW2\Uninstall.exe
SecureW2 Vista Version-->C:\Program Files\InstallShield Installation Information\{8B35E351-029F-420B-8386-1CCCF161B582}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
SimCity™ Sociétés-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
SiN 1-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1313
Skype 3.2.2.163-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Songbeat 1.3-->C:\Program Files\Songbeat\uninst.exe
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
SpeederXP v2.32-->"C:\Program Files\SpeederXP\unins000.exe"
Splinter Cell-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13560
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SWiSH Max2-->C:\Windows\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Incredible Hulk: The Official Videogame-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10510
The Ship Single Player-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2420
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Top Spin 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7810
TrackMania United Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7200
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
WampServer 2.0-->"c:\wamp\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Worms Armageddon - Equipe Lambo-->C:\Program Files\Team17\Worms Armageddon\Désinst-Lambo.exe
Wormux-->C:\Program Files\Wormux\uninstall.exe
Zattoo 3.3.1 Beta-->C:\Program Files\Zattoo\uninst.exe

======Security center information======

AV: Bitdefender Antivirus
FW: Bitdefender Firewall
AS: BitDefender AntiSpam
AS: Windows Defender (disabled)

======System event log======

Computer Name: PC-de-Cédric
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB958481(Update) n’est pas applicable à ce système.
Record Number: 183648
Source Name: Microsoft-Windows-Servicing
Time Written: 20090525225926.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Cédric
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB958481(Update) n’est pas applicable à ce système.
Record Number: 183649
Source Name: Microsoft-Windows-Servicing
Time Written: 20090525225926.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Cédric
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB958481(Update) n’est pas applicable à ce système.
Record Number: 183650
Source Name: Microsoft-Windows-Servicing
Time Written: 20090525225926.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Cédric
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB958481(Update) n’est pas applicable à ce système.
Record Number: 183651
Source Name: Microsoft-Windows-Servicing
Time Written: 20090525225926.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Cédric
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB958481(Update) n’est pas applicable à ce système.
Record Number: 183652
Source Name: Microsoft-Windows-Servicing
Time Written: 20090525225926.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-de-Cédric
Event Code: 4113
Message: AntiVir has detected 'HTML/Crypted.Gen' in the file C:\Windows\Temp\httproxy_srv076E3C181242946725
Record Number: 32224
Source Name: Avira AntiVir
Time Written: 20090521225845.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Cédric
Event Code: 4113
Message: AntiVir has detected 'HTML/Crypted.Gen' in the file C:\Windows\Temp\httproxy_srv076E3C181242946725
Record Number: 32225
Source Name: Avira AntiVir
Time Written: 20090521225845.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Cédric
Event Code: 6
Message: Windows Mobile-based USB device is plugged in but is unable to make a network connection to the desktop.
Record Number: 32274
Source Name: RapiMgr
Time Written: 20090522144800.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Cédric
Event Code: 8
Message: Windows Mobile-based device failed to connect due to communication (0x8000ffff) failure (see data for failure code).
Record Number: 32275
Source Name: RapiMgr
Time Written: 20090522144808.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Cédric
Event Code: 1000
Message: Application défaillante catchme.exe, version 0.0.0.0, horodatage 0x45dca188, module défaillant ntdll.dll, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000005, décalage d’erreur 0x0003d13a, ID du processus 0xcf8, heure de début de l’application 0x01c9dd790561e5c8.
Record Number: 32552
Source Name: Application Error
Time Written: 20090525204422.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Cédric
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-CÉDRIC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x2ec
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 34794
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081205103718.274216-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Cédric
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 34795
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081205103718.274216-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Cédric
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-CÉDRIC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-20
Nom du compte : SERVICE RÉSEAU
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e4
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x2ec
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 34796
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081205103718.523818-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Cédric
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-20
Nom du compte : SERVICE RÉSEAU
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e4

Privilèges : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 34797
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081205103718.523818-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Cédric
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-CÉDRIC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x2ec
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 34798
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081205103718.586218-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\oraclexe\app\oracle\product\10.2.0\server\bin;C:\GNAT\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

Voici le rapport que j'ai eu hier soir :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2178
Windows 6.0.6001 Service Pack 1

26/05/2009 02:46:10
rapportmam

Type de recherche: Examen rapide
Eléments examinés: 72812
Temps écoulé: 4 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Cédric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


En fait j'avais oublié de mettre à jour, et je n'ai pas cliqué sur supprimer... Mais ce matin j'ai fait la MAJ, puis une nouvelle analyse, et il n'a rien détecté. Il a du le supprimer automatiquement...