Infection WinXP Fermé

Question

Bonjour,

J'ai un gros soucis d'infection...

Je suis sous WinXP SP3, avec Avira Antivir (version gratuite).

Le virus que j'ai chopper ma corrompu mon Antivir, et m'empêche de le réinstaller, j'ai essayé d'utiliser ClamWin que j'ai en version portable, mais, le programme est "killer" dès son démarrage. j'ai downloader Avast, mais ca ne vas pas non plus; le lancement m'envoie l'erreur ""pas une appli Win32 valide"...

Si j'essaye de redémarrer en mode sans echec, je part sur un death blue screen, idem en invite de commande.

J'ai vu sur mes disques (local et USB) des fichiers autorun qui me lance "resycled/boot.com", j'ai supprimer tout ça mais, pas suffisant, ils reviennent.

Dans les process en cours (Ctrl+Alt+Del), J'en ai un louche qui me bouffe pas mal de ressource processeur mais que j'arrive à killer. (j'ai plus le nom en tête mais je retourne voir et je vous le met)
Et un autre louche (service de partage de WMP) qui redémarre tout seul après un kill...

Je suis en dualboot avec Ubuntu. Donc, j'ai fait essayé de faire un scan de tous mes disques (C:, D: et USB) avec Avast sous Linux, ca m'as trouvé des crasses, mais, quand je retourne sous Windows, ca ne vas toujours pas!

Je penser éssayé de faire un scan avec un antivirus en ligne de commande (genre McAffee), mais il me faut un boot depuis ma clé USB vu que comme dit plus haut, je ne peut pas démarrer Win en ligne de cmd.

Bon, bin, je pense avoir bien décrit tout mes problèmes...
Si quelqu'un pouvait me conseiller sur des solutions. "I need you" ;-)

gen-hackman · Answer

bonjour "i think you are infected by bagle,let's see that"


Telecharge maintenant FindyKill sur ton bureau : 

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau 

--> Choisi executer en tant qu administrateur 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

GauZt · Answer

Bon, bin, la j'ai un autre soucis en plus, quand je démarre mon PC, peut après la fin du lancement de Windows, tout se bloque complètement!!

J'ai réussit à lancer ton soft 1 fois avant le blocage mais maintenant, quand je redémarre, il se bloque trop vite pour que je puisse faire quoi que ce soit ! :-(

gen-hackman · Answer

essaie de le faire en mode sans echec avec prise en charge réseau en tapotant F8

GauZt · Answer

Bin vi mais non, quand j'essaye de booter en mode sans echec, j'arrive sur un Death blue screen...

La j'essaye de faire un scan avec McAfee en ligne de commande en bootant depuis UBCD...

GauZt · Answer

Je ne sais pas pourquoi, mais après quelque bidouillages, j'ai de nouveau accès à mon Windows.

Ci-dessous le fichier log :

»»»» Presence des fichiers dans C:\Documents and Settings\Gauthier\Application Data 
 
Found ! [03/01/2009 12:57] - "C:\Documents and Settings\Gauthier\Application Data\drivers" 
Found ! [03/01/2009 14:53] - "C:\Documents and Settings\Gauthier\Application Data\drivers\srosa.sys" 
Found ! [03/01/2009 14:53] - "C:\Documents and Settings\Gauthier\Application Data\drivers\srosa2.sys" 
Found ! [01/05/2006 10:05] - "C:\Documents and Settings\Gauthier\Application Data\drivers\winupgro.exe" 
Found ! [03/01/2009 14:53] - "C:\Documents and Settings\Gauthier\Application Data\drivers\downld" 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\101984.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\107171.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121109.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121187.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121406.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121453.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\180625.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\184031.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\259468.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\261171.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\261734.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\292187.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\295000.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\302937.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\361140.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\364343.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\444078.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\444937.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\445343.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\95515.exe 
Found ! [03/01/2009 14:53] - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\98171.exe 
 
»»»» Presence des fichiers dans C:\DOCUME~1\Gauthier\LOCALS~1\Temp 
 
 
»»»» Presence des fichiers dans C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5 
 
Found ! [23/08/2008 13:20] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local 

Cache\D3987B641C134048B815DB578D607F42_more.jpg 
 
--------------- [ Registre / Startup ] ----------------  
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
   SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
   PureText="C:\Program Files\PureText\PureText.exe"
   Gestionnaire Antidote.exe=C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
   msnmsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
   PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
   Gadwin PrintScreen=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
   Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
   SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   IntelZeroConfig="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
   IntelWireless="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
   Cobian Backup 8 interface="C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
   IntelliPoint="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
   NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
   <NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
   Installed=1
   <NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
   NoChange=1
   Installed=1
   <NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
   Installed=1
   <NO NAME>=
 
[HKEY_CURRENT_USER\software\local appwizard-generated applications\360Viewer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\AOM]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\playplus]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Producer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SuperCopier2]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
 
--------------- [ Registre / Clés infectieuses ] ----------------  
 
 
Found ! - HKEY_USERS\S-1-5-21-1177238915-839522115-1874557608-1003\Software\Local AppWizard-Generated 

Applications\install_crack 
Found ! - HKEY_USERS\S-1-5-21-1177238915-839522115-1874557608-1003\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_USERS\S-1-5-21-1177238915-839522115-1874557608-1003\Software\bisoft 
Found ! - HKEY_USERS\S-1-5-21-1177238915-839522115-1874557608-1003\Software\DateTime4 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_CURRENT_USER\Software\bisoft 
Found ! - HKEY_CURRENT_USER\Software\DateTime4 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s 
 
--------------- [ Etat / Services ] ---------------- 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot 
 
 - sans echec non fonctionnel !! 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal 
 
 - sans echec non fonctionnel !! 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network 
 
 - sans echec non fonctionnel !! 
 


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] 

 /!\ Ndisuio - Type de démarrage = 4 
 
 EapHost - Type de démarrage = 3 
 
 /!\ Ip6Fw - Type de démarrage = 4 
 
 /!\ SharedAccess - Type de démarrage = 4 
 
 /!\ wuauserv - Type de démarrage = 4 
 
 /!\ wscsvc - Type de démarrage = 4 
 
 
 
--------------- [ Recherche dans supports amovibles] ----------------  
 
 
+- Informations : 

C: - Lecteur fixeD: - Lecteur fixeE: - Lecteur de CD-ROMI: - Lecteur amovible 
+- Contenu de l'autorun : E:\autorun.inf  

[autorun]
ShellExecute=website\index.html
icon=ubcd.ico

 
+- Contenu de l'autorun : I:\autorun.inf  

[autorun]
ShellExecute=website\index.html
icon=ubcd.ico

 
+- presence des fichiers :  

Found ! [10/02/2007 10:12][-r-------] - E:\autorun.inf 
Found ! [10/02/2007 09:12][---------] - I:\autorun.inf 
 
 
--------------- [ Registre / Mountpoint2 ] ----------------  
 
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0912c8e0-e6df-11dc-9277-0019d2af1e99}\Shell

\AutoRun\command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0912c8e0-e6df-11dc-9277-0019d2af1e99}\Shell

\explore\Command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0912c8e0-e6df-11dc-9277-0019d2af1e99}\Shell

\open\Command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206e-939c-11dc-9244-0019b9582d04}\Shell

\explore\Command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206e-939c-11dc-9244-0019b9582d04}\Shell

\open\Command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7425b8-016b-11dc-9202-fdf12b00104e}\Shell

\AutoRun\command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7425b8-016b-11dc-9202-fdf12b00104e}\Shell

\explore\Command   
Found ! - 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7425b8-016b-11dc-9202-fdf12b00104e}\Shell

\open\Command   
 
 
------------------- ! Fin du rapport ! --------------------

gen-hackman · Answer

oulala bien infecté en plus (sacré Bagle !!!!)


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Fais clic droit sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

GauZt · Answer

Heu ouais, clair, que je fait pas le fier!!!! ;-)


Bon et bien c'est partit, je lance comme tu dit!!

A tout ;-)

GauZt · Answer

note : Heu? Qu'est ce qu'il se passe, ca vas faire la quatrième (...) fois que je poste une réponse et elle ne s'affiche pas dans la conversation c'est normal? Ou c'est moi qui devient fou?

GauZt · Answer

J'ai effectué le scan conformément à tes recommandation. Voici le rapport :


----------------- FindyKill V4.710 ------------------

* User : Gauthier - WASEKWA
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at  4:31:57 the dim. 04/01/2009
* Windows XP - Internet Explorer 7.0.5730.13
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\WINDOWS 
 
 
»»»» Supression files in C:\WINDOWS\Prefetch 
 
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
 
»»»» Supression files in C:\WINDOWS\system32 
 
Deleted ! - C:\WINDOWS\system32\mdelk.exe  
Deleted ! - C:\WINDOWS\system32\wintems.exe  
Deleted ! - C:\WINDOWS\system32\ban_list.txt  
 
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming 
 
 
»»»» Supression files in C:\WINDOWS\system32\drivers 
 
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys  
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys  
 
»»»» Supression files in C:\Documents and Settings\Gauthier\Application Data 
 
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\m\flec006.exe"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\m\list.oct"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\m\data.oct"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\m\srvlist.oct"  
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\.Winrar.v3.42.Tr.Nod32.v2.12.3.Vidziu.[169].zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\24x7 Automation Suite 3.4.26.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\3D Dancing Leprechaun 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Ability Server 2.32.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\AdSense Code Drop In 1.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Allicorn's Image Retargetter 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\ALTTAB SWITCHER 1.5.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\AMS Enterprise 2.7.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Ancient Weapon Sounds - MorphVOX Add-on 1.0.7.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Aoork DVD2WMV Pro 3.0.88 Build 218b.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Apple diet calculator 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\ArcSoft Greeting Card Creator 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Astrographer 1.0.1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Audiolib MP3 Recorder 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\AutoTRAX EDA 8.70.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\avast!.Professional.Edition.4.7.827.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Avast!.Professional.Edition.V.4.6.691.-.Keygen.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\AVG.Anti-Virus.Professional.v7.5.423.810.Incl.Keygen-SSG.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\AVM RAO ftpClient 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Batch File Renamer 2.51.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Batman Begins 3D Screensaver 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\BDInfo 0.5.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Bitmap 2 HTML Table Convertor 0.92.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\BoPlanets 1.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\ClipPad 2.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Coco Calculator 3.01.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\CodeLobster 3.3.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Compact Timer Count Down 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Conflux Professional 1.5.0.6.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Credit Card Tracking 3.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Crsspy Office Alerts 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Da Vinci 1.0.0.1452.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Daily Astrology Forecast 1.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\DBConvert for Access & PostgreSQL 2.1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Decilo Gratis 0.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Desktop Fan 1.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Dodge Dakota Screensaver 1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Ease Text to PDF Converter 1.10.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\EASIS Screenshot 2.3.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\EazySQL 3.0.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Elfima Memo 1.2.8.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Events notification plugin 2.5.0.8.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\ExeScript 3.0.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Expired Comps 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\EyeRoller 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\FilePackager Standard Edition 4.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Finance Helper 4.6.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Flow Bubbles Screensaver 3.15.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\freeSpace 1.2.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Friends & Accounts Lister v1.5.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Gate-and-Way Fax 2.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Gateway151 Karaoke Zip Player 2.3.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\GVH File library 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Heavenly Language 1.0.6.2634.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\iGuitarTuner 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Image Master 2000 1.0.107.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\IMS Assesst Designer 1.4.5.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\iQImageStudio 2006.6.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\JC WebAnswers 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Jesterware DVD to PSP 2.40.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Kamus 2.0.3.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\KidRocket Web Browser 1.0 Final.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\KingConvert For Video Burn 5.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\LabelWizard 2.05.9.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Leithauser Research EBook Reader - Groovers Last Stand 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Lens FX 1.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\LingvoSoft Picture Dictionary 2008 Polish - Portuguese 1.2.26.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Love Smiley Collection for PostSmile 1.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\m9P Editor Plus 1.0.300.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Marvel 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\MetForecast technical maps 1.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Minimal Website 0.9.9.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Minimalistic glass Folders.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Monster Munch Screensaver Game 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Morgan JPEG2000 Toolbox 2.0 Revision 00.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Mouseless Browsing 0.5.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\NASA Normal 0.7.7.5.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\NET Clipboard 1.0.1619.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\NOD32 Key Generator All Version.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\NOD32.v2.70.16.FINAL.para.WinXP-2000-NT.crk.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Northern Bullfinches - Animated Screensaver 3.11.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\okia 6680 nokia 6681 nokia 7610 mobile radio free software(1).zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Package Tracker 1.0.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Payroll.net Accounting Edition 2008 3.08.4.24.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\PDF-Pro 2.7.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\PicsToPage 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Pocket PC Installation Creator 2.6.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Postcard Organizer Deluxe 3.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Power Stroke 1.02.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Process Them 1.24.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\QuickControlPanel 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\RakeHelper 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\ReaTIFF 2.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Recipe Minder 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Significant Digit Calculator 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\SilverFast DCPro Studio 6.6.Or2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Sketch It! 1.0.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\SmartCodeLab Project BackUp 1.4.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\SnapByte Flash Studio ActiveX DLL 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Soft191 Mail Check 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Sourcetool Business Search Widget 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\SQLSafe 1.0.5.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\SSP 1.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Symantec.Norton.WinDoctor.2006.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\TagRunner 2.1.64.000.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\TechSmith Screen Capture Codec 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Thirdbrush 1.3.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\TIFF Page Counter Deluxe 1.3.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Time Value of Money 3.3.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\ToringoLib 1.1.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Total WAV Converter 1.01.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Tray Disk Free 4.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Tropic Fish - Animated Screensaver 5.07.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Tropical Beaches Screensaver.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\TupView 2.63.0117.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\TuxGuitar 1.0 Final.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\UltraSync 2.0.2.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\USA Clock 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Visitors Of The Company 1.4.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Visual ASM 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Visual Multitool 4.4.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\WatchMyWeight 1.0.0.12.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Xtreme Reading and Writing 1.3.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Yadabyte Notes 1.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\Zero Assumption Digital Image Recovery 8.0.zip 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\m\shared\[HGame_XP][AVG][jpn_jpn][‘?<‘">‡-.][001].zip 
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\m\shared"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\m"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\drivers\srosa.sys"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\drivers\srosa2.sys"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\drivers\winupgro.exe"  
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\101984.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\103359.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\103406.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\107171.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\107609.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\107625.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\108875.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\108921.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\109953.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\110750.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\113125.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\114953.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121109.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121187.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121406.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\121453.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\178437.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\179578.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\180187.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\180625.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\183406.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\183734.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\184015.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\184031.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\188562.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\190015.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\190640.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\207265.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\259468.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\261171.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\261734.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\292187.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\295000.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\302937.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\311203.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\316171.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\317390.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\317625.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\319234.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\325187.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\325968.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\326468.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\361140.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\364343.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\444078.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\444937.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\445343.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\86890.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\95296.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\95500.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\95515.exe 
Deleted ! - C:\Documents and Settings\Gauthier\Application Data\drivers\downld\98171.exe 
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\drivers\downld"  
Deleted ! - "C:\Documents and Settings\Gauthier\Application Data\drivers"  
 
»»»» Supression files in C:\DOCUME~1\Gauthier\LOCALS~1\Temp 
 
 
»»»» Supression files in C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\1IE6Z4CN\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\PSRZ5EMV\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\QQU250LH\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\QQU250LH\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\SWC2CCJO\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\SWC2CCJO\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Gauthier\Local Settings\Temporary Internet Files\Content.IE5\SWC2CCJO\b64_3[2].jpg    
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{7897D768-4E7F-4CE3-9055-89B64BF26F39}.jpg    
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_USERS\S-1-5-21-1177238915-839522115-1874557608-1003\Software\Local AppWizard-Generated Applications\install_crack   
Deleted ! - HKEY_USERS\S-1-5-21-1177238915-839522115-1874557608-1003\Software\Local AppWizard-Generated Applications\winupgro   
 
--------------- [ States / Restarting of services ] ---------------- 
 
+- Safe boot mode restored ! 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

 Ndisuio - Type of startup  = 3 
 
 EapHost - Type of startup  = 2 
 
 Ip6Fw - Type of startup  = 2 
 
 SharedAccess - Type of startup  = 2 
 
 wuauserv - Type of startup  = 2 
 
 wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixeD: - Lecteur fixeH: - Lecteur amovibleI: - Lecteur amovibleK: - Lecteur fixe 
+- deleting files : 
 
Deleted ! - I:\autorun.inf  
Deleted ! - K:\autorun.inf  
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0912c8e0-e6df-11dc-9277-0019d2af1e99}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0912c8e0-e6df-11dc-9277-0019d2af1e99}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0912c8e0-e6df-11dc-9277-0019d2af1e99}\Shell\open\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206e-939c-11dc-9244-0019b9582d04}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206e-939c-11dc-9244-0019b9582d04}\Shell\open\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7425b8-016b-11dc-9202-fdf12b00104e}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7425b8-016b-11dc-9202-fdf12b00104e}\Shell\explore\Command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb7425b8-016b-11dc-9202-fdf12b00104e}\Shell\open\Command  
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\Gauthier\Application Data\Azureus\torrents\InTune_Multi_Instrument_Tuner_v1_8_1_WinALL_Cracked[www.btmon.com].torrent
 
 
---------------- ! End of report ! ------------------  
 
 Et je me demander, tous les fichier trouver dans "C:\Documents and Settings\Gauthier\Application Data\m\shared\", c'est des crasses que j'ai attrapées? Y'en as un beau paquet! :-S

GauZt · Answer

Bonjour ce matin,

Et bien, pourquoi, le forum, il ne veut pas que je poste le rapport de scan ?

GauZt · Answer

Voilà, pour finir, il est quand même passé ;-)

J'attend tes instructions suivantes chef!

GauZt · Answer

Pour infos, la, j'ai réinstaller Antivir, et je fait un scan complet.
Egalement un scan avec SpyBot S&D et Ad-Aware...

GauZt · Answer

=========================================
Discussion terminée

Nouveau sujet : http://www.commentcamarche.net/forum/affich 10433617 suivit infection bagle

=========================================

gen-hackman · Answer

bonjour :

 Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. 

-> http://images.malwareremoval.com/random/RSIT.exe 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur " RSIT.exe " pour le lancer . 

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum 


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

GauZt · Answer

Rebonjour,

OK, je te fait ça!

GauZt · Answer

Hello,

Voici le log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Gauthier at 2009-01-12 00:11:06
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 14 GB (24%) free of 57 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:11:35, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\PureText\PureText.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\WService.EXE
C:\Documents and Settings\Gauthier\Bureau\RSIT.exe
C:\Program Files	rend micro\Gauthier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Gauthier\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Gauthier\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Raccourci vers procexp.exe.lnk = D:\Downloads\Process Explorer v11.31\procexp.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD49AC20-5C28-4ADD-BE16-8EE50BA804C0}: NameServer = 194.7.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eID CRL Service -  Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

GauZt · Answer

Et le info.txt :

info.txt logfile of random's system information tool 1.05 2009-01-12 00:11:39

======Uninstall list======

-(/'|'\)- DivX Codec 3.11a Codec -(/'|'\)--->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Winamp\uninst-winalarm.exe"
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7
ero\uninstall\UNNERO.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
AC-3 ACM Decompressor-->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
ACDSee 7.0 PowerPack-->MsiExec.exe /I{D1D9AE2B-A4E7-41F2-938E-261D7A407EB9}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 10 Evaluation-->"C:\Program Files\InstallShield Installation Information\{662498D7-B5E8-4FED-87B8-764CD2C640A2}\setup.exe"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c 
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Album Cover Art Downloader 1.6.0-->"C:\Program Files\Album Cover Art Downloader\unins000.exe"
Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Alien Arena 2008 7.20-->"c:\Jeux\Alien Arena 2008\unins000.exe"
Allway Sync 'n' Go version 8.4.2-->"G:\PortableApps\Allway Sync 'n' Go\unins000.exe"
Ant Movie Catalog-->"C:\Program Files\Ant Movie Catalog\unins000.exe"
Ant Stratego-->"C:\Jeux\Ant Stratego\unins000.exe"
Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c 
ATI Remote Wonder 3.04-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1036 
AtomixMP3 v2.3 Trial-->C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audio Files GDS Indexer 1.1-->"C:\Program Files\Audio Files GDS Indexer\unins000.exe"
AudioShell 1.3.5-->"C:\Program Files\AudioShell\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
AzureWave Wireless Audio-->C:\Program Files\InstallShield Installation Information\{295F4C3D-F1B8-4F2C-AD8C-01B23E79BB96}\setup.exe -runfromtemp -l0x040c -removeonly
Backgammon Professional-->C:\WINDOWS\IsUninst.exe -f"C:\Jeux\Backgammon Professional\Uninst.isu"
Belgium Identity Card Run-time 2.6-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EA248851-A7D5-4906-8C46-A3CA267F6A24} /l1036 
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bridge From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Bridge From Special K\ST6UNST.LOG"  
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Camouflage-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Camouflage\Uninst.isu"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Carl's Classics-->"C:\Jeux\Carls Classics\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chronotron.com MIDI Karaoke file Indexer (remove only)-->"C:\Program Files\Chronotron Inc\MIDI Karaoke Indexer\uninst-karindexer.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Correctif Lecteur Windows Media 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c  /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c  /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x40c  /remove
Dell ResourceCD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" 
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DISKdata-->C:\PROGRA~1\DISKdata\UNWISE.EXE C:\PROGRA~1\DISKdata\INSTALL.LOG
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DJ Java Decompiler v.3.10.10.93-->MsiExec.exe /I{F7646923-2B1C-493E-A38E-D4AD6408E854}
Doom 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A} 
Easy CD-DA Extractor 9.0.2-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml"
EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1036 
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
FileZilla Client 3.0.11-->C:\Program Files\FileZilla Client\uninstall.exe
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Flash Renamer 4.71-->"C:\Program Files\Flash Renamer 4.71\unins000.exe"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
Free SCADA (ver. 0.07b)-->C:\Program Files\Free SCADA\Uninstall.exe
FreeKiSS-->"C:\Program Files\FreeKiSS\unins000.exe"
FreeSCADA 2-->MsiExec.exe /I{A0692C53-185D-4D97-BF57-6F6AD70D96F1}
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c  -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c  -removeonly
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
Hercules Mobile DJ Mix 1.0.4-->"C:\Program Files\Hercules\MobileDJMix\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) Platform, Micro Edition Software Development Kit 3.0, EA-->"C:\Java_ME_platform_SDK_3.0_EA\uninstall.exe"
Java(TM) SE Development Kit 6 Update 3-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
KiSS PC-Link 3.0.5-->C:\PROGRA~1\Linksys\KISSPC~1\Setup.exe /remove /q0
Klavaro-1.0.4-->"C:\Program Files\Klavaro-1.0.4\unins000.exe"
Kyodai Mahjongg-->"C:\Jeux\Kyodai Mahjongg\unins000.exe"
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
La Marmite du Chef 6.3.0-->"C:\Program Files\El Juky\La Marmite du Chef\unins000.exe"
Labtec WebCam-->MsiExec.exe /X{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}
Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF	v_enua.inf, Uninstall
LineIn plugin for WinAMP v1.80 (remove only)-->"C:\Program Files\Winamp\Plugins\uninstlinein.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Livre Album Fuji Photo-->"C:\Program Files\Livre Album Fuji Photo\unins000.exe"
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x40c  -removeonly
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
MediaPortal-->C:\Program Files\Team MediaPortal\MediaPortal\uninstall-mp.exe
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Miam! v1.2b-->"C:\Program Files\Miam\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MilkDrop for Winamp 2x (remove only)-->"C:\Program Files\Winamp\uninst-vis_milk.dll.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile DJ MP3 Manuals-->C:\Program Files\InstallShield Installation Information\{405D3B57-516D-43DF-896A-AF1DEBAF32EE}\setup.exe -runfromtemp -l0x040c -removeonly
Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
Mojo Master Winamp Visualizer for Winamp (remove only)-->"C:\Program Files\Winamp\uninst-vis_MojoMaster.dll.exe"
MovixISOCreator - uninstall-->"C:\Program Files\MovixISOCreator0.43\Uninstall.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b2)-->C:\Program Files\Mozilla Firefox 3 Beta 2\uninstall\helper.exe
Mozilla Sunbird (0.7)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.6)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag Audio Indexer 1.05-->C:\Program Files\Mp3tag Audio Indexer\Mp3tagAudioIndexerUninstall.EXE
MP5P630-->MsiExec.exe /X{A3DE6C03-12CF-43F1-B5D3-F62E33F69ADD}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MusicBrainz Tagger 0.10.5-->C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
MUSK Codec Pack v6.0-->"C:\Program Files\MUSK Codec Pack v5\unins000.exe"
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Need for Speed™ Carbon-->C:\Jeux\Need for Speed Carbon\EAUninstall.exe
Nero 7 Premium-->MsiExec.exe /I{9DAA3F6E-0B56-A762-02CF-F9D80D8F1036}
NetLimiter 1.30 (remove only)-->"C:\Program Files\NetLimiter
luninst.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Multimedia Factory-->"C:\Documents and Settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Nokia Software Updater-->MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
Norton Ghost-->MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32
vudisp.exe UninstallGUI
On2 VP3 Video for Windows Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9 
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9 
OpenOffice.org 2.3-->MsiExec.exe /I{D71D34FB-2506-45A9-BA13-1B29D0CF4DB1}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Package de pilotes Windows - Nokia Modem  (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okia_blue_635B28EFCFA9395123BB1C251595CB16129E2560
okia_bluetooth.inf
Package de pilotes Windows - Nokia Modem  (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186
okbtmdm.inf
Package de pilotes Windows - Nokia Modem  (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E
okia_bluetooth.inf
Package de pilotes Windows - Nokia Modem  (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9
okbtmdm.inf
Package de pilotes Windows - Nokia Modem  (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE
okbtmdm.inf
Package de pilotes Windows - Nokia Modem  (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7
okia_bluetooth.inf
Package de pilotes Windows - Nokia Modem  (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567
okbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pâtisserie-->C:\Program Files\Patisserie\Uninstal.exe
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Personal Solution Pac-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0335E386-9ECB-11D4-BA6E-0020AFBCF620}\setup.exe" 
PowerCinema NE for Everio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe"  -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe"  -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} 
Programme de gestion Camera de Labtec®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Quake 4(TM)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1036 
QuickTime Alternative 1.56-->"C:\Program Files\MUSK Codec Pack v5\QT\INST\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Railroad Tycoon 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x9 
Real Alternative 1.50 Lite-->"C:\Program Files\MUSK Codec Pack v5\Real\INST\unins000.exe"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
Recettes de Cuisine 2004-->"C:\Program Files\LudoSoft\Recettes de Cuisine 2004\unins000.exe"
SCRIPTIS EMV Explorer Tool-->C:\Program Files\Soliatis\SCRIPTIS Tools\EMV Explorer\uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Serious Sam : Second Contact-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x40c 
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony ACID 4.0f-->MsiExec.exe /I{36235A3F-92C7-4F90-84E7-3697C59AD369}
Sony ACID Music Studio 5.0-->MsiExec.exe /I{B668B8B2-821E-417D-8FE8-AA3BC52064DD}
Sony DVD Architect 3.0b-->MsiExec.exe /X{E73B39B9-7F37-4EDB-B5EA-572498E444AC}
Sony Media Manager 2.0-->MsiExec.exe /X{47D2D455-2C1C-4922-A520-3E3466D783E1}
Sony Sound Forge 8.0b-->MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
Sony Vegas 6.0b-->MsiExec.exe /X{576FBE17-EBF2-4CC7-87A4-A28034CBE424}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F8DBF1B-C849-48E1-B3F6-976BA68DB43B}\setup.exe" -l0x9  -removeonly
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Swift 3D Version 4.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{604B0B0F-68C6-440D-AA74-B69314F86ADA} 
SWiSHmax-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TELL ME MORE-->"C:\Program Files\Auralog\TELL ME MORE Performance\Bin\unsetup.exe" -file "C:\Program Files\Auralog\TELL ME MORE Performance\unsetup.aui"
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
TopStyle Lite (Version 3.0)-->C:\WINDOWS\unlite3.exe "C:\Program Files\TopStyle3"
Traqueur 3.0.70-->"C:\Program Files\Traqueur\unins000.exe"
U.S. Robotics Wireless MAXg Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
UDPixel_fr.exe-->"C:\Program Files\UDPixel\uninstall.exe"
Ulead COOL 3D 3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA1BE991-D723-41BE-AD16-42EAFDA794EA}\Setup.exe" 
UltraVNC v1.0.1 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
USB-Ir Adapter-->MsiExec.exe /I{00F3D43F-B5A9-4C8D-B5A1-5FD2DE16CC21}
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
Videora iPod Converter 3.05-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual J# .NET Redistributable 1.1- French Language Pack-->MsiExec.exe /X{3B2E8910-C110-4417-86F3-B207BF59708C}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VP6 VFW Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9 
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WDCSAM Driver-->MsiExec.exe /X{E064390A-2F64-4195-9A55-30D4B20B865A}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (12/05/2006 1.0.0007.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\wdcsam_8A1D0449E9CBCC93DCB0CF47934D695423632CA7\wdcsam.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Winstick-->"C:\Program Files\Winstick\uninstall.exe"
XAMPP 1.6.5-->"c:\xampp\uninstall.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\MUSK Codec Pack v5\XviD\INST\unins000.exe"
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x040c

======Hosts File======

192.168.0.18 HP000D9D20CA84
127.0.0.1	.archivioadulti.com
127.0.0.1	.internet-explorer.name
127.0.0.1	.katasearch.com
127.0.0.1	.preferiti-windows.com
127.0.0.1	.qoogler.com
127.0.0.1	.tuttoavolonta.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com

======Security center information======

AV: Avira AntiVir PersonalEdition

System event log

Computer Name: WASEKWA
Event Code: 7036
Message: Le service Google Desktop Manager 5.7.712.18632 est entré dans l'état : en cours d'exécution.

Record Number: 3191
Source Name: Service Control Manager
Time Written: 20081207152410.000000+060
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Desktop Manager 5.7.712.18632.

Record Number: 3190
Source Name: Service Control Manager
Time Written: 20081207152410.000000+060
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: WASEKWA
Event Code: 7036
Message: Le service Google Desktop Manager 5.7.712.18632 est entré dans l'état : arrêté.

Record Number: 3189
Source Name: Service Control Manager
Time Written: 20081207142407.000000+060
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 7036
Message: Le service Google Desktop Manager 5.7.712.18632 est entré dans l'état : en cours d'exécution.

Record Number: 3188
Source Name: Service Control Manager
Time Written: 20081207142402.000000+060
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Desktop Manager 5.7.712.18632.

Record Number: 3187
Source Name: Service Control Manager
Time Written: 20081207142402.000000+060
Event Type: information
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: WASEKWA
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 6987
Source Name: Avira AntiVir
Time Written: 20081010194200.000000+120
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: WASEKWA
Event Code: 0
Message: 
Record Number: 6986
Source Name: EvtEng
Time Written: 20081010194150.000000+120
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur WASEKWA\Gauthier alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. 


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 6985
Source Name: Userenv
Time Written: 20081010145936.000000+120
Event Type: warning
User: AUTORITE NT\SYSTEM

Computer Name: WASEKWA
Event Code: 101
Message: MsnMsgr (2360) Le moteur de base de données est arrêté.

Record Number: 6984
Source Name: ESENT
Time Written: 20081008174259.000000+120
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 103
Message: MsnMsgr (2360) \.\C:\Documents and Settings\Gauthier\Local Settings\Application Data\Microsoft\Messenger\SharingMetadata\Working\database_FC4C_6A8_4C06_5E30\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 6983
Source Name: ESENT
Time Written: 20081008174259.000000+120
Event Type: information
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Fichiers communs\GTK\2.0\bin;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"LANG"=fr
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

GauZt · Answer

Et voilà, excuse pour le temps, je voulait terminer un tit truc avant de lancer ton appli! :-)

Bonne nuit.

A demain

gen-hackman · Answer

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe 

:files 
C:\Documents and Settings\Gauthier\Application Data\drivers\winupgro.exe 
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Gauthier\Application Data\m\flec006.exe 

:reg 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"drvsyskit"=-
"german.exe"=- 
"mule_st_key"=-

:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite desinstalle findykill et :

 Télécharge UsbFix (de Chiquitine29) sur ton Bureau : 
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe 

--> Lance l'installation avec les paramètres par défaut. 

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir. 

--> Double-clique sur le raccourci UsbFix sur ton Bureau. 

--> Le PC va redémarrer. 

--> Après redémarrage, poste le rapport UsbFix.txt 

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque. 

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

GauZt · Answer

Voici le rapport de OTMoveIT3 :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\Gauthier\Application Data\drivers\winupgro.exe not found.
File/Folder C:\WINDOWS\system32\wintems.exe not found.
File/Folder C:\Documents and Settings\Gauthier\Application Data\m\flec006.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\german.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Gauthier\LOCALS~1\Temp\etilqs_0vfhJ51wOX7Sr6BbR7Mk scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gauthier\LOCALS~1\Temp\NGLALog.txt scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gauthier\LOCALS~1\Temp\~DF808F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gauthier\LOCALS~1\Temp\~DF9311.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gauthier\LOCALS~1\Temp\~DFD4E8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_075701

Files moved on Reboot...
File C:\DOCUME~1\Gauthier\LOCALS~1\Temp\etilqs_0vfhJ51wOX7Sr6BbR7Mk not found!
C:\DOCUME~1\Gauthier\LOCALS~1\Temp\NGLALog.txt moved successfully.
C:\DOCUME~1\Gauthier\LOCALS~1\Temp\~DF808F.tmp moved successfully.
File C:\DOCUME~1\Gauthier\LOCALS~1\Temp\~DF9311.tmp not found!
File C:\DOCUME~1\Gauthier\LOCALS~1\Temp\~DFD4E8.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Gauthier\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a1fdtr1.default\urlclassifier3.sqlite moved successfully.

GauZt · Answer

Et voici celui de UsbFix : -------------- UsbFix V2.414 --------------- * User : Gauthier - WASEKWA * Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8 * Recherche effectuée à 8:11:44 le lun. 12/01/2009 * Windows Xp - Internet Explorer 7.0.5730.13 --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\logonui.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cobian Backup 8\cbService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\beidservicecrl.exe C:\WINDOWS\system32\beidservicepcsc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\DRIVERS\WtSrv.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE --------------- [ Informations lecteurs ] ---------------- C: - Lecteur fixe D: - Lecteur fixe E: - Lecteur de CD-ROM G: - Lecteur amovible H: - Lecteur amovible K: - Lecteur fixe +- Contenu de l'autorun : E:\autorun.inf [autorun] ShellExecute=website\index.html icon=ubcd.ico --------------- [ Lecteur C ] ---------------- C: - Lecteur fixe +- Listing des fichiers présents : [05/08/2004 11:00][-rahs----] C:\NTDETECT.COM [02/01/2009 17:12][---hs----] C:\boot.ini [02/01/2009 17:12][---hs----] C: race.ini [03/01/2009 12:20][---------] C:\CCM.txt [03/01/2009 12:20][---------] C:\UsageTrack.txt [03/01/2009 12:20][---------] C:\UsbFix.txt [03/01/2009 12:20][---------] C:\winamplog.txt [09/05/2007 17:31][--a------] C:\CONFIG.SYS [09/05/2007 17:31][--a------] C:\IO.SYS [09/05/2007 17:31][--a------] C:\MSDOS.SYS [09/05/2007 17:31][--a------] C:\pagefile.sys --------------- [ Lecteur D ] ---------------- D: - Lecteur fixe +- Listing des fichiers présents : --------------- [ Lecteur E ] ---------------- E: - Lecteur de CD-ROM +- Listing des fichiers présents : [10/02/2007 10:12][-r-------] E:\autorun.inf --------------- [ Lecteur G ] ---------------- G: - Lecteur amovible +- Listing des fichiers présents : --------------- [ Lecteur H ] ---------------- H: - Lecteur amovible +- Listing des fichiers présents : [21/05/2008 22:02][--a------] H:\StartPortableApps.exe [21/05/2008 22:02][--a------] H:\EvMoveCF.exe [21/05/2008 22:02][--a------] H:\PortableRoboForm.exe [01/01/2009 16:03][--a------] H:\Autorun.ori.inf [01/01/2009 22:48][-r-hs----] H:\EVRSI.SYS [01/01/2009 22:48][-r-hs----] H:\EVICOM.SYS --------------- [ Lecteur K ] ---------------- K: - Lecteur fixe +- Listing des fichiers présents : [01/11/2008 13:41][--a------] K:\NO-IP - ducsetup.exe --------------- [ Registre / Startup ] ---------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe," [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="https://www.google.com/?gws_rd=ssl" "Start Page"="https://www.google.com/?gws_rd=ssl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion un] PureText="C:\Program Files\PureText\PureText.exe" Gestionnaire Antidote.exe=C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe msnmsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray Gadwin PrintScreen=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion un] Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe IntelZeroConfig="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" IntelWireless="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless Cobian Backup 8 interface="C:\Program Files\Cobian Backup 8\cbInterface.exe" -service IntelliPoint="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min WService=WService.EXE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents= = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\IMAIL= Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MAPI= NoChange=1 Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un\OptionalComponents\MSFS= Installed=1 = --------------- [ Registre / Mountpoint2 ] ---------------- Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Ts-i300w#My_Book_b1\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Ts-i300w#My_Book_b1\Shell\explore\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Ts-i300w#My_Book_b1\Shell\open\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Ts-i300w#My_Book_d1\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\explore\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\open\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206e-939c-11dc-9244-0019b9582d04}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206f-939c-11dc-9244-0019b9582d04}\Shell\AutoRun\command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206f-939c-11dc-9244-0019b9582d04}\Shell\explore\Command Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8267206f-939c-11dc-9244-0019b9582d04}\Shell\open\Command --------------- [ Nettoyage des disques ] ---------------- Echec de la supression !! - [10/02/2007 10:12] E:\autorun.inf Echec de la supression !! - [10/02/2007 10:12] E:\autorun.inf Supprimé ! - [26/12/2008 11:56][-r-hs----] K: esycled\boot.com Supprimé ! - [12/01/2009 08:12][dr-hs----] K: esycled --------------- [ Resumé ] ---------------- -> /!\ Le resultat doit etre interprété par un spécialiste /!\ [05/08/2004 11:00][-rahs----] C:\NTDETECT.COM [02/01/2009 17:12][---hs----] C:\boot.ini [02/01/2009 17:12][---hs----] C: race.ini [10/02/2007 10:12][-r-------] E:\autorun.inf [21/05/2008 22:02][--a------] H:\StartPortableApps.exe [21/05/2008 22:02][--a------] H:\EvMoveCF.exe [21/05/2008 22:02][--a------] H:\PortableRoboForm.exe [01/01/2009 16:03][--a------] H:\Autorun.ori.inf [01/11/2008 13:41][--a------] K:\NO-IP - ducsetup.exe --------------- [ Vaccination ] ---------------- C:\autorun.inf -> Dossier autorun.inf crée par UsbFix ! D:\autorun.inf -> Dossier autorun.inf crée par UsbFix ! G:\autorun.inf -> Dossier autorun.inf crée par UsbFix ! H:\autorun.inf -> Dossier autorun.inf crée par UsbFix ! K:\autorun.inf -> Dossier autorun.inf crée par UsbFix ! --------------- ! Fin du rapport ! ----------------

gen-hackman · Answer

ok tu peux me renvoyer un nouveau "log" de rsit s'il te plaitt ?

GauZt · Answer

Bonsoir,

Voili voilou le rapport RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Gauthier at 2009-01-12 22:21:22
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:32, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PureText\PureText.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Downloads\RSIT.exe
C:\Program Files	rend micro\Gauthier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD49AC20-5C28-4ADD-BE16-8EE50BA804C0}: NameServer = 194.7.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eID CRL Service -  Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

gen-hackman · Answer

Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php  ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe



* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

GauZt · Answer

Et le second :

info.txt logfile of random's system information tool 1.05 2009-01-12 00:11:39

======Uninstall list======

-(/'|'\)- DivX Codec 3.11a Codec -(/'|'\)--->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Winamp\uninst-winalarm.exe"
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7
ero\uninstall\UNNERO.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
AC-3 ACM Decompressor-->C:\WINDOWS\system32undll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
ACDSee 7.0 PowerPack-->MsiExec.exe /I{D1D9AE2B-A4E7-41F2-938E-261D7A407EB9}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 10 Evaluation-->"C:\Program Files\InstallShield Installation Information\{662498D7-B5E8-4FED-87B8-764CD2C640A2}\setup.exe"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c 
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Album Cover Art Downloader 1.6.0-->"C:\Program Files\Album Cover Art Downloader\unins000.exe"
Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Alien Arena 2008 7.20-->"c:\Jeux\Alien Arena 2008\unins000.exe"
Allway Sync 'n' Go version 8.4.2-->"G:\PortableApps\Allway Sync 'n' Go\unins000.exe"
Ant Movie Catalog-->"C:\Program Files\Ant Movie Catalog\unins000.exe"
Ant Stratego-->"C:\Jeux\Ant Stratego\unins000.exe"
Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c 
ATI Remote Wonder 3.04-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1036 
AtomixMP3 v2.3 Trial-->C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audio Files GDS Indexer 1.1-->"C:\Program Files\Audio Files GDS Indexer\unins000.exe"
AudioShell 1.3.5-->"C:\Program Files\AudioShell\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
AzureWave Wireless Audio-->C:\Program Files\InstallShield Installation Information\{295F4C3D-F1B8-4F2C-AD8C-01B23E79BB96}\setup.exe -runfromtemp -l0x040c -removeonly
Backgammon Professional-->C:\WINDOWS\IsUninst.exe -f"C:\Jeux\Backgammon Professional\Uninst.isu"
Belgium Identity Card Run-time 2.6-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EA248851-A7D5-4906-8C46-A3CA267F6A24} /l1036 
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bridge From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Bridge From Special K\ST6UNST.LOG"  
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Camouflage-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Camouflage\Uninst.isu"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Carl's Classics-->"C:\Jeux\Carls Classics\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chronotron.com MIDI Karaoke file Indexer (remove only)-->"C:\Program Files\Chronotron Inc\MIDI Karaoke Indexer\uninst-karindexer.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Correctif Lecteur Windows Media 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c  /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c  /remove
Creative ZEN-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x40c  /remove
Dell ResourceCD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" 
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DISKdata-->C:\PROGRA~1\DISKdata\UNWISE.EXE C:\PROGRA~1\DISKdata\INSTALL.LOG
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DJ Java Decompiler v.3.10.10.93-->MsiExec.exe /I{F7646923-2B1C-493E-A38E-D4AD6408E854}
Doom 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A} 
Easy CD-DA Extractor 9.0.2-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 9\irunin.xml"
EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1036 
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
FileZilla Client 3.0.11-->C:\Program Files\FileZilla Client\uninstall.exe
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Flash Renamer 4.71-->"C:\Program Files\Flash Renamer 4.71\unins000.exe"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
Free SCADA (ver. 0.07b)-->C:\Program Files\Free SCADA\Uninstall.exe
FreeKiSS-->"C:\Program Files\FreeKiSS\unins000.exe"
FreeSCADA 2-->MsiExec.exe /I{A0692C53-185D-4D97-BF57-6F6AD70D96F1}
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Garmin City Navigator Europe NT 2008 Update-->MsiExec.exe /X{F89078FA-D069-462D-AB34-75483E0A38F1}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c  -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c  -removeonly
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
Hercules Mobile DJ Mix 1.0.4-->"C:\Program Files\Hercules\MobileDJMix\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{5469D537-9B44-4c78-BF2D-5F9807564F74}\setup\hpzscr01.exe" -datfile hposcr05.dat
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) Platform, Micro Edition Software Development Kit 3.0, EA-->"C:\Java_ME_platform_SDK_3.0_EA\uninstall.exe"
Java(TM) SE Development Kit 6 Update 3-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
KiSS PC-Link 3.0.5-->C:\PROGRA~1\Linksys\KISSPC~1\Setup.exe /remove /q0
Klavaro-1.0.4-->"C:\Program Files\Klavaro-1.0.4\unins000.exe"
Kyodai Mahjongg-->"C:\Jeux\Kyodai Mahjongg\unins000.exe"
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
La Marmite du Chef 6.3.0-->"C:\Program Files\El Juky\La Marmite du Chef\unins000.exe"
Labtec WebCam-->MsiExec.exe /X{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}
Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF	v_enua.inf, Uninstall
LineIn plugin for WinAMP v1.80 (remove only)-->"C:\Program Files\Winamp\Plugins\uninstlinein.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Livre Album Fuji Photo-->"C:\Program Files\Livre Album Fuji Photo\unins000.exe"
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x40c  -removeonly
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
MediaPortal-->C:\Program Files\Team MediaPortal\MediaPortal\uninstall-mp.exe
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Miam! v1.2b-->"C:\Program Files\Miam\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MilkDrop for Winamp 2x (remove only)-->"C:\Program Files\Winamp\uninst-vis_milk.dll.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile DJ MP3 Manuals-->C:\Program Files\InstallShield Installation Information\{405D3B57-516D-43DF-896A-AF1DEBAF32EE}\setup.exe -runfromtemp -l0x040c -removeonly
Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
Mojo Master Winamp Visualizer for Winamp (remove only)-->"C:\Program Files\Winamp\uninst-vis_MojoMaster.dll.exe"
MovixISOCreator - uninstall-->"C:\Program Files\MovixISOCreator0.43\Uninstall.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b2)-->C:\Program Files\Mozilla Firefox 3 Beta 2\uninstall\helper.exe
Mozilla Sunbird (0.7)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.6)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mp3tag Audio Indexer 1.05-->C:\Program Files\Mp3tag Audio Indexer\Mp3tagAudioIndexerUninstall.EXE
MP5P630-->MsiExec.exe /X{A3DE6C03-12CF-43F1-B5D3-F62E33F69ADD}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MusicBrainz Tagger 0.10.5-->C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
MUSK Codec Pack v6.0-->"C:\Program Files\MUSK Codec Pack v5\unins000.exe"
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Need for Speed™ Carbon-->C:\Jeux\Need for Speed Carbon\EAUninstall.exe
Nero 7 Premium-->MsiExec.exe /I{9DAA3F6E-0B56-A762-02CF-F9D80D8F1036}
NetLimiter 1.30 (remove only)-->"C:\Program Files\NetLimiter
luninst.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Multimedia Factory-->"C:\Documents and Settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Nokia Software Updater-->MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
Norton Ghost-->MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32
vudisp.exe UninstallGUI
On2 VP3 Video for Windows Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9 
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9 
OpenOffice.org 2.3-->MsiExec.exe /I{D71D34FB-2506-45A9-BA13-1B29D0CF4DB1}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Package de pilotes Windows - Nokia Modem  (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okia_blue_635B28EFCFA9395123BB1C251595CB16129E2560
okia_bluetooth.inf
Package de pilotes Windows - Nokia Modem  (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186
okbtmdm.inf
Package de pilotes Windows - Nokia Modem  (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E
okia_bluetooth.inf
Package de pilotes Windows - Nokia Modem  (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9
okbtmdm.inf
Package de pilotes Windows - Nokia Modem  (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE
okbtmdm.inf
Package de pilotes Windows - Nokia Modem  (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7
okia_bluetooth.inf
Package de pilotes Windows - Nokia Modem  (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE
okbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567
okbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pâtisserie-->C:\Program Files\Patisserie\Uninstal.exe
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Personal Solution Pac-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0335E386-9ECB-11D4-BA6E-0020AFBCF620}\setup.exe" 
PowerCinema NE for Everio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe"  -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe"  -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} 
Programme de gestion Camera de Labtec®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Quake 4(TM)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1036 
QuickTime Alternative 1.56-->"C:\Program Files\MUSK Codec Pack v5\QT\INST\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Railroad Tycoon 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x9 
Real Alternative 1.50 Lite-->"C:\Program Files\MUSK Codec Pack v5\Real\INST\unins000.exe"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
Recettes de Cuisine 2004-->"C:\Program Files\LudoSoft\Recettes de Cuisine 2004\unins000.exe"
SCRIPTIS EMV Explorer Tool-->C:\Program Files\Soliatis\SCRIPTIS Tools\EMV Explorer\uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Serious Sam : Second Contact-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}\Setup.exe" -l0x40c 
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony ACID 4.0f-->MsiExec.exe /I{36235A3F-92C7-4F90-84E7-3697C59AD369}
Sony ACID Music Studio 5.0-->MsiExec.exe /I{B668B8B2-821E-417D-8FE8-AA3BC52064DD}
Sony DVD Architect 3.0b-->MsiExec.exe /X{E73B39B9-7F37-4EDB-B5EA-572498E444AC}
Sony Media Manager 2.0-->MsiExec.exe /X{47D2D455-2C1C-4922-A520-3E3466D783E1}
Sony Sound Forge 8.0b-->MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
Sony Vegas 6.0b-->MsiExec.exe /X{576FBE17-EBF2-4CC7-87A4-A28034CBE424}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun Java (TM) Wireless Toolkit 2.5.2 for CLDC-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F8DBF1B-C849-48E1-B3F6-976BA68DB43B}\setup.exe" -l0x9  -removeonly
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Swift 3D Version 4.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{604B0B0F-68C6-440D-AA74-B69314F86ADA} 
SWiSHmax-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TELL ME MORE-->"C:\Program Files\Auralog\TELL ME MORE Performance\Bin\unsetup.exe" -file "C:\Program Files\Auralog\TELL ME MORE Performance\unsetup.aui"
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
TopStyle Lite (Version 3.0)-->C:\WINDOWS\unlite3.exe "C:\Program Files\TopStyle3"
Traqueur 3.0.70-->"C:\Program Files\Traqueur\unins000.exe"
U.S. Robotics Wireless MAXg Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
UDPixel_fr.exe-->"C:\Program Files\UDPixel\uninstall.exe"
Ulead COOL 3D 3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA1BE991-D723-41BE-AD16-42EAFDA794EA}\Setup.exe" 
UltraVNC v1.0.1 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
USB-Ir Adapter-->MsiExec.exe /I{00F3D43F-B5A9-4C8D-B5A1-5FD2DE16CC21}
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
Videora iPod Converter 3.05-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual J# .NET Redistributable 1.1- French Language Pack-->MsiExec.exe /X{3B2E8910-C110-4417-86F3-B207BF59708C}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VP6 VFW Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9 
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WDCSAM Driver-->MsiExec.exe /X{E064390A-2F64-4195-9A55-30D4B20B865A}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (12/05/2006 1.0.0007.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\wdcsam_8A1D0449E9CBCC93DCB0CF47934D695423632CA7\wdcsam.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Winstick-->"C:\Program Files\Winstick\uninstall.exe"
XAMPP 1.6.5-->"c:\xampp\uninstall.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\MUSK Codec Pack v5\XviD\INST\unins000.exe"
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x040c

======Hosts File======

192.168.0.18 HP000D9D20CA84
127.0.0.1	.archivioadulti.com
127.0.0.1	.internet-explorer.name
127.0.0.1	.katasearch.com
127.0.0.1	.preferiti-windows.com
127.0.0.1	.qoogler.com
127.0.0.1	.tuttoavolonta.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com

======Security center information======

AV: Avira AntiVir PersonalEdition

System event log

Computer Name: WASEKWA
Event Code: 7036
Message: Le service Google Desktop Manager 5.7.712.18632 est entré dans l'état : en cours d'exécution.

Record Number: 3191
Source Name: Service Control Manager
Time Written: 20081207152410.000000+060
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Desktop Manager 5.7.712.18632.

Record Number: 3190
Source Name: Service Control Manager
Time Written: 20081207152410.000000+060
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: WASEKWA
Event Code: 7036
Message: Le service Google Desktop Manager 5.7.712.18632 est entré dans l'état : arrêté.

Record Number: 3189
Source Name: Service Control Manager
Time Written: 20081207142407.000000+060
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 7036
Message: Le service Google Desktop Manager 5.7.712.18632 est entré dans l'état : en cours d'exécution.

Record Number: 3188
Source Name: Service Control Manager
Time Written: 20081207142402.000000+060
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Desktop Manager 5.7.712.18632.

Record Number: 3187
Source Name: Service Control Manager
Time Written: 20081207142402.000000+060
Event Type: information
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: WASEKWA
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 6987
Source Name: Avira AntiVir
Time Written: 20081010194200.000000+120
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: WASEKWA
Event Code: 0
Message: 
Record Number: 6986
Source Name: EvtEng
Time Written: 20081010194150.000000+120
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur WASEKWA\Gauthier alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. 


Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 6985
Source Name: Userenv
Time Written: 20081010145936.000000+120
Event Type: warning
User: AUTORITE NT\SYSTEM

Computer Name: WASEKWA
Event Code: 101
Message: MsnMsgr (2360) Le moteur de base de données est arrêté.

Record Number: 6984
Source Name: ESENT
Time Written: 20081008174259.000000+120
Event Type: information
User: 

Computer Name: WASEKWA
Event Code: 103
Message: MsnMsgr (2360) \.\C:\Documents and Settings\Gauthier\Local Settings\Application Data\Microsoft\Messenger\gaugau28@hotmail.com\SharingMetadata\Working\database_FC4C_6A8_4C06_5E30\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 6983
Source Name: ESENT
Time Written: 20081008174259.000000+120
Event Type: information
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Fichiers communs\GTK\2.0\bin;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"LANG"=fr
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

gen-hackman · Answer

up post 29 stp

GauZt · Answer

Voila, c'est fait. juste 3 infections. ;-)

Voici le rapport :

Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 3

13/01/2009 2:27:12
mbam-log-2009-01-13 (02-27-12).txt

Scan type: Quick Scan
Objects scanned: 60983
Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msqpdxsnstccsk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

gen-hackman · Answer

relance rsit maintnant stp

GauZt · Answer

Bonjour ;-)

Voici le log RSIT : 

Logfile of random's system information tool 1.05 (written by random/random)
Run by Gauthier at 2009-01-13 08:25:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 14 GB (25%) free of 57 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:01, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\system32\beidservicepcsc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\PureText\PureText.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Downloads\RSIT.exe
C:\Program Files	rend micro\Gauthier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD49AC20-5C28-4ADD-BE16-8EE50BA804C0}: NameServer = 194.7.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eID CRL Service -  Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

gen-hackman · Answer

- > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) : 

http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Utilisation : 
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup de Windows qui clignotera en haut et l'installer. 
Ensuite, cliquer sur "Cliquez ici pour scanner". 
Patienter jusqu'à la fin du scan qui peut durer assez longtemps... 

Copier/coller le rapport entier sur le forum. 

Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)

GauZt · Answer

Bonjour,

Ok pour l'analyse avec Bitdefender. Le rapport ci-dessous.

PS: le lien vers le tuto est mort...

Bonne journée ;-)


BitDefender Online Scanner
Rapport d'analyse généré à: Wed, Jan 14, 2009 - 01:15:06
Voie d'analyse: C:\;D:\;E:\;F:\;
Statistiques
Temps					00:56:40
Fichiers					232008
Directoires				21772
Secteurs de boot				0
Archives					3090
Paquets programmes				24283
	
Résultats
Virus identifiés				1
Fichiers infectés				1
Fichiers suspects				0
Avertissements				0
Désinfectés 				0
Fichiers effacés				1
	
Info sur les moteurs
Définition virus				2449352
Version des moteurs			AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Analyse des plugins			17
Archive des plugins			45
Unpack des plugins				7
E-mail plugins				6
Système plugins				4
	
Paramètres d'analyse
Première action				Désinfecté
Seconde Action				Supprimé
Heuristique		 			Oui
Acceptez les avertissements			Oui
Extensions analysées			exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions			-
Analyse d'emails				Oui
Analyse des Archives			Oui
Analyser paquets programmes			Oui
Analyse des fichiers			Oui
Analyse de boot				Oui
	
Fichier analysé	 	 		Statut
C:\Program Files\FlashGet\UninstallLib.exe	Détecté avec: Application.Generic.23543
C:\Program Files\FlashGet\UninstallLib.exe	Echec de la désinfection
C:\Program Files\FlashGet\UninstallLib.exe	Supprimé

gen-hackman · Answer

petite verif :

Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau : 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages ) 

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !! 

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ... 
--> Tapes  ( option " recherche " ) puis tape sur [Entrée].  

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse 

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

GauZt · Answer

Voici :

   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU         T5600  @ 1.83GHz )
   BIOS : Phoenix ROM BIOS PLUS Version 1.10 A14
   USER : Gauthier ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
   C:\ (Local Disk) - NTFS - Total:55 Go (Free:13 Go)
   D:\ (Local Disk) - FAT32 - Total:79 Go (Free:2 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   F:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( mer. 14/01/2009| 8:56 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (Gauthier) - {1280606b-2510-4fe0-97ef-9b5a22eafe30} => sessionmanager
   (Gauthier) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
   (Gauthier) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload
   (Gauthier) - {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} => foxytunes
   (Gauthier) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer
   (Gauthier) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp
   (Gauthier) - {B17C1C5A-04B1-11DB-9804-B622A1EF5492} => passwordexporter
   (Gauthier) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
   (Gauthier) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
   (Gauthier) - {DDC359D1-844A-42a7-9AA1-88A850A938A8} => chrome
   (Gauthier) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.com/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - mer. 14/01/2009| 8:56 - Option : [1]

   -----------\  Fin du rapport a  8:56:53,87

gen-hackman · Answer

je pense qu'on peut nettoyer : 1)Telecharge : ------------- https://www.clubic.com/telecharger-fiche262022-purera.html "clean" , coche tout a droite , et "clean" _________________________________________________ important !! : Redemarre et puis a faire aussi : 2) ---> Télécharge ToolsCleaner2 sur ton Bureau. * Double-clique sur ToolsCleaner2.exe pour le lancer. * Clique sur Recherche et laisse le scan agir. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options Facultatives. * Clique sur Quitter pour obtenir le rapport. * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). _________________________________________________ 3/ ---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) : http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre). * Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman) __________________________________________________ si tu as deja Ccleaner ne tiens pas compte du N°3 mais fais ce qu il est demande avec Attention : ne pas toucher au PC pendant qu'il travaille ! B-Nettoyage et Défragmentation de tes Disques *Nettoyage : Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" Cliques sur le bouton "nettoyage de disque", OK tu le fais pour chacun de tes disques ________________________________________________ *Vérifications des erreurs : Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ________________________________________________ ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK tu le fais pour chacun de tes disques _______________________________________________ Note : si tu as un utilitaire pour défragmenter , utilises le à la place pour ce faire ceci est proposé : https://www.clubic.com/telecharger-fiche44314-defraggler.html _________________________________________________ > Peux-tu vérifier ta console JAVA ici ? : https://www.java.com/fr/download/uninstalltool.jsp et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). Pour info. ou en cas de problème : http://assiste.com.free.fr/p/abc/c/anti_java.html voici pour desinstaller : http://raproducts.org/click/click.php?id=1 _________________________________________________ > Mets à jour Acrobat si ce n'est pas le cas (désinstalle avant la version antérieure) : https://get2.adobe.com/reader/otherversions/ __________________________________________________ > Télécharge et installe Update Checker : https://filehippo.com/windows/tuning-utilities/ - Lance le programme. Une page web de ce type va s'ouvrir. - Fais les mises à jour de tous les logiciels proposés pour Update. Je ne te conseille pas de faire celles pour les versions béta (elles peuvent être instables). - Fais un copier/coller de la liste de éléments "Updates". Puis poste la sur le forum. - Une fois les mises à jour effectuées, relance ton PC. Tuto si problèmes : https://www.commentcamarche.net/list 9908 update checker vos logiciels sont ils a jour ___________________________________________________ > Télécharge et installe Easy Cleaner : https://www.01net.com/telecharger/windows/Utilitaire/registre/fiches/8351.html (lien miroir : https://www.clubic.com/telecharger-fiche11170-easycleaner.html ) - Lance le programme puis clique sur puis sur . - A la fin du scan clique sur puis confirme par puis quitte le programme. Si besoin tuto ici : https://www.pcparadise.fr et http://www.6ma.fr/tuto/easycleaner-nettoyer-windows-des-elements-obsoletes/ _____________________________________________________ > Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul _____________________________________________________ > Si nous avons utilisé MalwaresByte's Anti-Malware : vide sa quarantaine. - Lance le programme puis clique sur . - Sélectionne tous les éléments puis clique sur . - Quitte la programme. ______________________________________________________ > Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait ______________________________________________________ > Désactive et réactive la restauration de système, pour cela : suis les instructions de ce lien : liens XP: http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924 liens Vista : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/4f60eedf1156c8068525695b005ca288/c066b2e9a50cc948802572870032b170?OpenDocument ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quelques conseils et recommandations pour l'avenir : > Passe un coup d'AGV et/ou de MalwareByte's Anti-Malware et de Ccleaner de temps en temps (1 fois par semaine à 1 fois par mois, suivant l'utilisation que tu fais de ton PC. Tu peux aussi décocher la casse dans l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures"). - Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. - Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise)) _____________ > Pour bien protéger ton PC : [1 seul Antivirus] + [1 seul Pare feu (/!\ les routeurs et box en possèdent un)] + [Quelques Antispywares] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows)] + [Utilisation du PC en mode Invité (= limité). Lors d'une infection en mode administrateur le PC est beaucoup plus vulnérable. Voir ICI] PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect.... Les virus utilisent les failles de ton PC pour infecter un système. Info : http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html _____________ > Quelques liens utiles : - https://www.commentcamarche.net/list 2432 securite proteger un ordinateur contre les malwares d internet - https://sebsauvage.net/safehex.html - https://www.zebulon.fr/telechargements/securite/protection-donnees-personnelles/spywareblaster.html (= petit logiciel qui bloque l'installation d'activ-X nuisibles au PC. Fonctionne en arrière plan) Voila, Bonne lecture, à bientot Gen-hackman

GauZt · Answer

Hello g3n-h@ckm@n,

Je n'ai pas encore terminer tout les point de ton dernier post, mais je tiens déjà à te remercier vivement de ton aide pour le nettoyage de mon PC! C'est vraiment super sympa de ta part de te rendre disponible pour aider les autres !!

Merci beaucoup.

Allé, je retoune poursuivre tes recomandations ;-)

gen-hackman · Answer

;)

Infection WinXP

36 réponses

Discussions similaires