Spyware protect 2009 post du rapport smitfrau

Résolu
le québécois peiné -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

voici donc le post issu de la première étape de ma lutte contre un ROGUE !

merci de me dire quoi faire pour un utilisateur d'XP

SmitFraudFix v2.388

Rapport fait à 14:28:04,33, 2009-01-06
Executé à partir de C:\Documents and Settings\Dario\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\sysguardn.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\Dario\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dario

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dario\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dario\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dario\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: Carte Mini de réseau local sans fil Wireless 1395 de Dell - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1629DEA4-7385-43E6-A9E4-640B74585C7D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A448F4F6-FD9B-48F5-BA25-4E905DB98676}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1629DEA4-7385-43E6-A9E4-640B74585C7D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A448F4F6-FD9B-48F5-BA25-4E905DB98676}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
Configuration: Windows XP
Firefox 3.0.5

12 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    relance smitfraudfix en mode sans echec choisi l'option 2 et colle le rapport

    puis

    scan avec
    MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. le québécois peiné
       
      voici le rapport de nettoyage

      SmitFraudFix v2.388

      Rapport fait à 14:46:09,82, 2009-01-06
      Executé à partir de C:\Documents and Settings\Dario\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      C:\Program Files\Google\googletoolbar1.dll supprimé

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1629DEA4-7385-43E6-A9E4-640B74585C7D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{A448F4F6-FD9B-48F5-BA25-4E905DB98676}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1629DEA4-7385-43E6-A9E4-640B74585C7D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{A448F4F6-FD9B-48F5-BA25-4E905DB98676}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      je continue avec le scan avec Malware
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec
    MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­
    0
    1. le québécois peiné d'ailleurs
       
      cher jlpjlp, je suis bien loin de ma station infectée : j'ai dû quitté pour entamer la routine du soir, la garderie et l'école.

      d'ailleurs, je suis en train de désinfecter vundo.gen sur la station de laquelle je t'écris.

      on va sûrement se recontacter demain quand le scan de malware sera terminé, posté et analysé. merci de ton support !
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    rq pou vundo malwarebyte est très efficace alors passe y un coup depuis ton boulot sur l'ordi infecté avec
    0
    1. le québécois peiné
       
      voici donc le log avant nettoyage. le log après nettoyage suit dans un autre post.

      Malwarebytes' Anti-Malware 1.32
      Version de la base de données: 1625
      Windows 5.1.2600 Service Pack 3

      2009-01-07 10:21:39
      mbam-log-2009-01-07 (10-21-32).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 122171
      Temps écoulé: 18 hour(s), 31 minute(s), 31 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 35

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\aazalirt.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\dkekkrkska.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\dkewiizkjdks.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\iddqdops.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\ienotas.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\iqmcnoeqz.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\irprokwks.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\jikglond.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\jiklagka.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\jrjakdsd.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\jungertab.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\kitiiwhaas.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\kkwknrbsggeg.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\klopnidret.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\krkdkdkee.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\krkmahejdk.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\krtawefg.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\krujmmwlrra.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\ktknamwerr.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\kuruhccdsdd.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\ooorjaas.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\oranerkka.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\oropbbsee.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\otnnbektre.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\otowjdseww.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\otpeppggq.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\rkaskssd.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\ronitfst.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\salrtybek.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\seeukluba.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\skaaanret.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\tobmygers.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\tobykke.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\zibaglertz.exe (Fake.Dropped.Malware) -> No action taken.
      C:\WINDOWS\sysguardn.exe (Trojan.FakeAlert) -> No action taken.
      0
      1. le québécois peiné > le québécois peiné
         
        Malwarebytes' Anti-Malware 1.32
        Version de la base de données: 1625
        Windows 5.1.2600 Service Pack 3

        2009-01-07 10:21:50
        mbam-log-2009-01-07 (10-21-50).txt

        Type de recherche: Examen complet (C:\|)
        Eléments examinés: 122171
        Temps écoulé: 18 hour(s), 31 minute(s), 31 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 0
        Clé(s) du Registre infectée(s): 0
        Valeur(s) du Registre infectée(s): 0
        Elément(s) de données du Registre infecté(s): 0
        Dossier(s) infecté(s): 0
        Fichier(s) infecté(s): 35

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Clé(s) du Registre infectée(s):
        (Aucun élément nuisible détecté)

        Valeur(s) du Registre infectée(s):
        (Aucun élément nuisible détecté)

        Elément(s) de données du Registre infecté(s):
        (Aucun élément nuisible détecté)

        Dossier(s) infecté(s):
        (Aucun élément nuisible détecté)

        Fichier(s) infecté(s):
        C:\WINDOWS\aazalirt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\dkekkrkska.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\dkewiizkjdks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\iddqdops.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\ienotas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\iqmcnoeqz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\irprokwks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\jikglond.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\jiklagka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\jrjakdsd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\jungertab.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\kitiiwhaas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\kkwknrbsggeg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\klopnidret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\krkdkdkee.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\krkmahejdk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\krtawefg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\krujmmwlrra.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\ktknamwerr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\kuruhccdsdd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\ooorjaas.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\oranerkka.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\oropbbsee.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\otnnbektre.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\otowjdseww.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\otpeppggq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\rkaskssd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\ronitfst.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\salrtybek.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\seeukluba.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\skaaanret.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\tobmygers.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\tobykke.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\zibaglertz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
        C:\WINDOWS\sysguardn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. le québécois peiné
       
      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Dario at 2009-01-07 13:09:44
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 137 GB (46%) free of 299 GB
      Total RAM: 3062 MB (79% free)


      ======Scheduled tasks folder======

      C:\WINDOWS\tasks\AppleSoftwareUpdate.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
      HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
      HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
      Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
      Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
      Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-16 737776]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
      CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
      JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-09 851968]
      "DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
      "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
      "KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
      "PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
      "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
      "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
      "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
      "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
      "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
      "WD Button Manager"=C:\WINDOWS\system32\WDBtnMgr.exe [2008-11-08 364544]
      "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
      "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
      "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
      "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
      "dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-26 206064]
      "OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-05-10 36864]
      "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
      "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
      "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
      "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
      "SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-10-08 864256]
      "SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
      "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-09 68856]
      "sysguardn"=C:\WINDOWS\s []

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

      C:\Documents and Settings\Dario\Menu Démarrer\Programmes\Démarrage
      OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
      C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=145

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
      "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
      "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
      "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
      "C:\Program Files\Smartparts\Smartparts Desktop\OptiPix.exe"="C:\Program Files\Smartparts\Smartparts Desktop\OptiPix.exe:*:Enabled:Smartparts Desktop"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003ed665-4dc3-11dd-9739-806d6172696f}]
      shell\AutoRun\command - D:\Installation.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e752e16-aacc-11dd-978a-001644e1a068}]
      shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{129200a5-afff-11dd-9790-001644e1a068}]
      shell\AutoRun\command - E:\LaunchU3.exe


      ======List of files/folders created in the last 1 months======

      2009-01-07 13:00:36 ----D---- C:\Program Files\trend micro
      2009-01-07 13:00:35 ----D---- C:\rsit
      2009-01-06 15:45:41 ----D---- C:\Documents and Settings\Dario\Application Data\Malwarebytes
      2009-01-06 15:45:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2009-01-06 15:45:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2009-01-06 14:43:54 ----A---- C:\WINDOWS\ntbtlog.txt
      2009-01-06 14:28:06 ----A---- C:\WINDOWS\system32\tmp.txt
      2009-01-06 14:28:04 ----A---- C:\rapport.txt
      2009-01-06 14:27:48 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\WS2Fix.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\VCCLSID.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\VACFix.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\swxcacls.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\swsc.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\swreg.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\SrchSTS.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\Process.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\o4Patch.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\IEDFix.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\dumphive.exe
      2009-01-06 14:27:45 ----A---- C:\WINDOWS\system32\404Fix.exe
      2009-01-06 14:26:17 ----D---- C:\WINDOWS\pss
      2009-01-06 14:14:02 ----D---- C:\Program Files\SpyNoMore
      2009-01-06 14:06:43 ----D---- C:\Program Files\Enigma Software Group
      2009-01-06 13:50:55 ----SHD---- C:\Config.Msi
      2008-12-24 14:00:02 ----A---- C:\WINDOWS\system32\igfxres.dll
      2008-12-24 13:28:00 ----A---- C:\WINDOWS\system32\mfc45.dll
      2008-12-24 13:27:29 ----D---- C:\Documents and Settings\Dario\Application Data\iolo
      2008-12-24 13:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
      2008-12-24 13:21:54 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
      2008-12-24 13:21:49 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr
      2008-12-24 13:21:49 ----D---- C:\Documents and Settings\All Users\Application Data\PC-Doctor
      2008-12-24 13:21:05 ----D---- C:\Program Files\Dell Support Center
      2008-12-24 13:21:04 ----D---- C:\Program Files\Fichiers communs\supportsoft
      2008-12-22 13:32:43 ----D---- C:\lj30xx_3380
      2008-12-22 12:35:35 ----A---- C:\WINDOWS\system32\javaws.exe
      2008-12-22 12:35:35 ----A---- C:\WINDOWS\system32\javaw.exe
      2008-12-22 12:35:35 ----A---- C:\WINDOWS\system32\java.exe
      2008-12-22 11:52:47 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
      2008-12-22 11:43:44 ----A---- C:\WINDOWS\system32\igmedcompkrn.dll
      2008-12-22 11:43:44 ----A---- C:\WINDOWS\system32\igklg450.dll
      2008-12-22 11:43:44 ----A---- C:\WINDOWS\system32\igklg400.dll
      2008-12-22 11:43:44 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
      2008-12-22 11:43:35 ----D---- C:\Intel
      2008-12-22 11:41:46 ----D---- C:\Documents and Settings\Dario\Application Data\Intel
      2008-12-22 11:41:43 ----A---- C:\WINDOWS\system32\results.txt
      2008-12-22 11:41:12 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
      2008-12-22 11:40:54 ----D---- C:\Program Files\Intel
      2008-12-22 10:58:36 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
      2008-12-22 10:24:05 ----D---- C:\WINDOWS\system32\vmm32
      2008-12-15 11:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
      2008-12-15 11:11:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
      2008-12-15 11:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
      2008-12-15 11:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

      ======List of files/folders modified in the last 1 months======

      2009-01-07 13:00:47 ----D---- C:\WINDOWS\Prefetch
      2009-01-07 13:00:36 ----RD---- C:\Program Files
      2009-01-07 11:24:51 ----D---- C:\WINDOWS\Temp
      2009-01-07 10:39:48 ----D---- C:\Program Files\Mozilla Firefox
      2009-01-07 10:21:50 ----D---- C:\WINDOWS
      2009-01-06 16:44:07 ----D---- C:\WINDOWS\system32\CatRoot2
      2009-01-06 16:07:36 ----D---- C:\WINDOWS\system32\FxsTmp
      2009-01-06 15:45:39 ----D---- C:\WINDOWS\system32\drivers
      2009-01-06 15:30:09 ----D---- C:\WINDOWS\system32
      2009-01-06 15:30:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
      2009-01-06 15:29:21 ----D---- C:\Documents and Settings\Dario\Application Data\OpenOffice.org2
      2009-01-06 14:57:09 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
      2009-01-06 14:46:22 ----D---- C:\Program Files\Google
      2009-01-06 14:42:41 ----A---- C:\WINDOWS\SchedLgU.Txt
      2009-01-06 14:04:06 ----D---- C:\Documents and Settings\Dario\Application Data\uTorrent
      2009-01-06 13:51:23 ----SHD---- C:\WINDOWS\Installer
      2009-01-05 13:46:02 ----D---- C:\Documents and Settings\All Users\Application Data\Dell
      2009-01-04 14:11:35 ----D---- C:\Program Files\Sharepod
      2008-12-29 21:23:49 ----D---- C:\WINDOWS\system32\CatRoot
      2008-12-29 21:23:23 ----RSHD---- C:\WINDOWS\system32\dllcache
      2008-12-29 21:23:10 ----HD---- C:\WINDOWS\inf
      2008-12-24 13:28:13 ----HD---- C:\Program Files\InstallShield Installation Information
      2008-12-24 13:27:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
      2008-12-24 13:25:43 ----D---- C:\WINDOWS\twain_32
      2008-12-24 13:24:36 ----D---- C:\Program Files\Broadcom
      2008-12-24 13:24:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
      2008-12-24 13:21:19 ----D---- C:\dell
      2008-12-24 13:21:04 ----D---- C:\Program Files\Fichiers communs
      2008-12-23 08:31:34 ----SD---- C:\WINDOWS\Downloaded Program Files
      2008-12-22 12:35:33 ----D---- C:\Program Files\Java
      2008-12-22 11:34:15 ----D---- C:\WINDOWS\Help
      2008-12-22 11:33:58 ----D---- C:\Program Files\Fichiers communs\InstallShield
      2008-12-22 10:59:12 ----RSD---- C:\WINDOWS\assembly
      2008-12-22 10:24:05 ----D---- C:\Program Files\Dell
      2008-12-22 10:12:11 ----SD---- C:\Documents and Settings\Dario\Application Data\Microsoft
      2008-12-19 03:00:53 ----A---- C:\WINDOWS\imsins.BAK
      2008-12-19 03:00:20 ----HD---- C:\WINDOWS\$hf_mig$
      2008-12-15 11:13:40 ----D---- C:\Program Files\Internet Explorer
      2008-12-13 01:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
      2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
      R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
      R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
      R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
      R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
      R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
      R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-22 21361]
      R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
      R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-07-10 32256]
      R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-10 43520]
      R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-10 37376]
      R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
      R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
      R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
      R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
      R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-07-10 45568]
      R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
      R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
      R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
      R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
      R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
      R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
      R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
      R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
      R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
      R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
      R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
      R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-29 47360]
      R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
      R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
      R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-09 202912]
      R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
      R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
      R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
      R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
      R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
      S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
      S3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
      S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
      S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
      S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
      S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
      S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
      S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.; \??\C:\WINDOWS\system32\Drivers\OEM02Afx.sys []
      S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
      S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
      S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
      S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
      S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
      S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
      S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
      S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
      S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
      S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
      S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
      S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
      S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
      S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
      S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
      S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
      S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
      S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
      S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
      R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
      R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
      R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
      R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
      R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
      R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
      R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
      R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
      R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
      R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
      R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-26 201968]
      R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
      R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
      R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
      R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
      S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800]
      S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
      S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
      S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
      S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
      S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 138168]
      S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
      S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-12-02 74384]
      S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
      S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
      S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

      -----------------EOF-----------------
      0
      1. le québécois peiné > le québécois peiné
         
        le log de info:

        info.txt logfile of random's system information tool 1.05 2009-01-07 13:09:50

        ======Uninstall list======

        -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
        -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c
        -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x40c
        -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
        -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c
        -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x40c
        -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
        32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
        Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
        Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
        Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
        Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x40c /remove
        Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x40c /remove
        Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
        Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
        Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
        AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
        Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
        Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
        Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
        Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
        Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
        ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
        ConvertXtoDVD 2.99.9.600b-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
        Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
        Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
        dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
        dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
        Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
        Dell Support Center (Logiciel de support)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
        Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
        Dell Webcam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x40c /remove
        Dell Webcam Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x40c /remove
        Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
        Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
        Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
        Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
        Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
        Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
        High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
        Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
        HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
        HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
        HP Photosmart Appliance Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{0F0A0506-9A9C-406a-999D-0D5A92EBC14B}\setup\hpzscr01.exe -datfile hphscr17.dat -showdisconnect
        HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
        HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
        HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
        HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
        HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
        Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
        Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
        IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
        iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
        Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
        Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
        Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
        Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
        K-Lite Codec Pack 4.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
        Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
        Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x040C
        Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
        Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x040c -removeonly /remove
        Live! Cam Avatar-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x040c -removeonly /remove
        Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
        mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
        mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
        mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
        MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x040c -cluninstall
        mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
        Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
        Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
        Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
        Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
        Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
        Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
        Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
        Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
        Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
        Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
        Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
        Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
        Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
        Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
        Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
        Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
        Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
        Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
        Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
        Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
        mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
        mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
        mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
        Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
        Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
        mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
        mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
        mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
        mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
        mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
        MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
        mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
        mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
        mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
        NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
        OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
        OptiPix Pro-->MsiExec.exe /X{A7FEAFD3-A58A-49FA-9717-5ED86A4A19C7}
        Outil de diagnostic de modem-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
        OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
        Pack PSP - Ri4m - v1.0a-->C:\Program Files\Pack PSP - Ri4m\Uninstal.exe
        Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
        Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
        PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
        QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x040c APPDRVNT4 -removeonly
        QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
        Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
        Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
        Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
        Roxio Creator DE-->C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
        Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
        Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
        Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
        Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
        SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
        SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
        Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
        Smartparts Desktop-->MsiExec.exe /X{AFB1DFA5-FB56-4C9F-97A0-1607BC14BC0C}
        SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
        SpyNoMore 2.67-->C:\Program Files\SpyNoMore\uninst.exe
        Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe"
        VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
        WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
        WDCSAM Driver-->MsiExec.exe /X{E064390A-2F64-4195-9A55-30D4B20B865A}
        WinAVI Video Capture 2.0 Fr-->C:\Program Files\WinAVI Video Capture\UnInstall_WinCap.exe
        WinAVI Video Converter 8.0-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
        Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\wdcsam_8A1D0449E9CBCC93DCB0CF47934D695423632CA7\wdcsam.inf
        Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
        Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
        Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
        Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
        Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
        Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
        XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

        ======Security center information======

        AV: Avira AntiVir PersonalEdition (disabled)

        System event log

        Computer Name: COPARDES
        Event Code: 7036
        Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

        Record Number: 3488
        Source Name: Service Control Manager
        Time Written: 20081031090820.000000-240
        Event Type: Informations
        User:

        Computer Name: COPARDES
        Event Code: 7035
        Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

        Record Number: 3487
        Source Name: Service Control Manager
        Time Written: 20081031090820.000000-240
        Event Type: Informations
        User: AUTORITE NT\SYSTEM

        Computer Name: COPARDES
        Event Code: 7036
        Message: Le service Service de l’iPod est entré dans l'état : en cours d'exécution.

        Record Number: 3486
        Source Name: Service Control Manager
        Time Written: 20081031090820.000000-240
        Event Type: Informations
        User:

        Computer Name: COPARDES
        Event Code: 7035
        Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

        Record Number: 3485
        Source Name: Service Control Manager
        Time Written: 20081031090820.000000-240
        Event Type: Informations
        User: AUTORITE NT\SYSTEM

        Computer Name: COPARDES
        Event Code: 7036
        Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

        Record Number: 3484
        Source Name: Service Control Manager
        Time Written: 20081031090817.000000-240
        Event Type: Informations
        User:

        Application event log

        Computer Name: COPARDES
        Event Code: 1800
        Message: Le service Centre de sécurité Windows a démarré.

        Record Number: 525
        Source Name: SecurityCenter
        Time Written: 20080828084819.000000-240
        Event Type: Informations
        User:

        Computer Name: COPARDES
        Event Code: 0
        Message:
        Record Number: 524
        Source Name: hpqddsvc
        Time Written: 20080828084817.000000-240
        Event Type: Informations
        User:

        Computer Name: COPARDES
        Event Code: 1
        Message:
        Record Number: 523
        Source Name: Bonjour Service
        Time Written: 20080828084817.000000-240
        Event Type: Informations
        User:

        Computer Name: COPARDES
        Event Code: 1517
        Message: Windows a sauvegardé le Registre utilisateur COPARDES\Dario alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


        Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

        Record Number: 522
        Source Name: Userenv
        Time Written: 20080827153614.000000-240
        Event Type: Avertissement
        User: AUTORITE NT\SYSTEM

        Computer Name: COPARDES
        Event Code: 4097
        Message: L'application, C:\Program Files\Total Video Converter\tvp.exe, a généré une erreur d'application
        L'erreur s'est produite le 08/27/2008 à 11:30:51.386
        L'exception générée était c0000005 à l'adresse 01390795 (vcen!SetDvdInputInfo)

        Record Number: 521
        Source Name: DrWatson
        Time Written: 20080827113051.000000-240
        Event Type: Informations
        User:

        Security event log

        Computer Name: COPARDES
        Event Code: 538
        Message: Fermeture de la session utilisateur :

        Utilisateur : Dario

        Domaine : COPARDES

        Id. de la session : (0x0,0x4E9E7B)

        Type de session : 2


        Record Number: 12372
        Source Name: Security
        Time Written: 20081219112012.000000-300
        Event Type: Succès de l'audit
        User: COPARDES\Dario

        Computer Name: COPARDES
        Event Code: 576
        Message: Privilèges spéciaux assignés à la nouvelle session :

        Utilisateur :

        Domaine :

        Id. de la session : (0x0,0x4E9E7B)

        Privilèges : SeChangeNotifyPrivilege
        SeBackupPrivilege
        SeRestorePrivilege
        SeDebugPrivilege

        Record Number: 12371
        Source Name: Security
        Time Written: 20081219112012.000000-300
        Event Type: Succès de l'audit
        User: COPARDES\Dario

        Computer Name: COPARDES
        Event Code: 528
        Message: Ouverture de session réseau réussie :

        Utilisateur : Dario

        Domaine : COPARDES

        Id. de la session : (0x0,0x4E9E7B)

        Type de session : 2

        Processus de session : Advapi

        Package d'authentification : Negotiate

        Station de travail : COPARDES

        GUID d'ouv. de session : -

        Record Number: 12370
        Source Name: Security
        Time Written: 20081219112012.000000-300
        Event Type: Succès de l'audit
        User: COPARDES\Dario

        Computer Name: COPARDES
        Event Code: 680
        Message: Tentative d'ouverture de session par : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

        Compte d'ouverture de session : Dario

        Station de travail source : COPARDES

        Code erreur : 0x0


        Record Number: 12369
        Source Name: Security
        Time Written: 20081219112012.000000-300
        Event Type: Succès de l'audit
        User: AUTORITE NT\SYSTEM

        Computer Name: COPARDES
        Event Code: 538
        Message: Fermeture de la session utilisateur :

        Utilisateur : Dario

        Domaine : COPARDES

        Id. de la session : (0x0,0x44ABB1)

        Type de session : 2


        Record Number: 12368
        Source Name: Security
        Time Written: 20081219103601.000000-300
        Event Type: Succès de l'audit
        User: COPARDES\Dario

        ======Environment variables======

        "ComSpec"=%SystemRoot%\system32\cmd.exe
        "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Fichiers communs\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
        "windir"=%SystemRoot%
        "FP_NO_HOST_CHECK"=NO
        "OS"=Windows_NT
        "PROCESSOR_ARCHITECTURE"=x86
        "PROCESSOR_LEVEL"=6
        "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
        "PROCESSOR_REVISION"=0f0d
        "NUMBER_OF_PROCESSORS"=2
        "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
        "TEMP"=%SystemRoot%\TEMP
        "TMP"=%SystemRoot%\TEMP
        "RoxioCentral"=C:\Program Files\Fichiers communs\Roxio Shared\10.0\Roxio Central36\
        "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
        "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

        -----------------EOF-----------------
        0
    2. le québécois peiné
       
      dois activer la protection avira ? ou même arrêter avagent dans le gestionnaire de tâches ?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    je vais etre peu dispo ce soir

    pour avancer:

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

    manuel :

    http://leblogdeclaude.blogspot.com/2006/10/informatique-sect­ion-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    puis

    mets un rapport avec antivir que tu as
    0
    1. le québécois peiné
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:02:28, on 2009-01-08
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\system32\KADxMain.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\WDBtnMgr.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Dell Support Center\bin\sprtcmd.exe
      C:\WINDOWS\OEM02Mon.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Dario\Bureau\eden.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=6080702
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.ca
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
      O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
      O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [sysguardn] C:\WINDOWS\s
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
      O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    C:\WINDOWS\sysguardn.exe
    C:\WINDOWS\s
    :processus
    explorer.exe
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. le québécois peiné
       
      ========== FILES ==========
      File/Folder C:\WINDOWS\sysguardn.exe not found.
      File/Folder C:\WINDOWS\s not found.
      Error: Unable to interpret <:processus> in the current context!
      Error: Unable to interpret <explorer.exe> in the current context!
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Dario\LOCALS~1\Temp\etilqs_euHvlWlQS5Al0BVwuFXp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_210.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_124101

      Files moved on Reboot...
      File C:\DOCUME~1\Dario\LOCALS~1\Temp\etilqs_euHvlWlQS5Al0BVwuFXp not found!
      File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      File C:\WINDOWS\temp\Perflib_Perfdata_210.dat not found!
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_001_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_002_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_003_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_MAP_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\urlclassifier3.sqlite moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\XUL.mfl moved successfully.
      0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [sysguardn] C:\WINDOWS\s
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

    ________________

    spy hunter et spynomore vires les et mets spybot en complement de malwarebyte

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    _______________

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    encore des problèmes? colle un rapport avec antivir que tu as pour verifier

    rq:

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR ou AVG8 ou (AVAST )
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
    WINDOWS DEFENDER ou SPYWARE TERMINATOR

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
    1. le québécois peiné
       
      spynomore est plus que difficile à virer. à partir de Ajout/suppression, chui incapable.

      as-tu une idée d'un chemin détourné efficace ?

      je fais le reste de la routine.
      0
    2. le québécois peiné
       
      et on continue.

      je sens pas ça propre.

      j'attends de tes news.



      Avira AntiVir Personal
      Report file date: 8 janvier 2009 15:37

      Scanning for 1172645 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 3) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: COPARDES

      Version information:
      BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 16:07:12
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 13:56:40
      LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 18:44:19
      LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 13:58:52
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:46:20
      ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 18:44:19
      ANTIVIR2.VDF : 7.1.1.88 726528 Bytes 08/01/2009 18:44:15
      ANTIVIR3.VDF : 7.1.1.89 2048 Bytes 08/01/2009 18:44:16
      Engineversion : 8.2.0.45
      AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 12:38:14
      AESCRIPT.DLL : 8.1.1.19 336252 Bytes 15/12/2008 15:48:28
      AESCN.DLL : 8.1.1.5 123251 Bytes 10/11/2008 17:52:05
      AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 23:52:42
      AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 17:53:13
      AEOFFICE.DLL : 8.1.0.33 196987 Bytes 15/12/2008 15:48:26
      AEHEUR.DLL : 8.1.0.75 1524087 Bytes 15/12/2008 15:48:24
      AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 15:02:00
      AEGEN.DLL : 8.1.1.8 323956 Bytes 15/12/2008 15:48:18
      AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 12:38:04
      AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 16:03:03
      AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 12:38:01
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 14:40:05
      AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 15:28:01
      AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 14:26:11
      AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 17:26:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 18:27:49
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 18:49:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 19:48:07
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 19:34:37

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: 8 janvier 2009 15:37

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'mstsc.exe' - '1' Module(s) have been scanned
      Scan process 'iPodService.exe' - '1' Module(s) have been scanned
      Scan process 'DLG.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'stsystra.exe' - '1' Module(s) have been scanned
      Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
      Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
      Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
      Scan process 'OEM02Mon.exe' - '1' Module(s) have been scanned
      Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
      Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
      Scan process 'WDBtnMgr.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'PCMService.exe' - '1' Module(s) have been scanned
      Scan process 'KADxMain.exe' - '1' Module(s) have been scanned
      Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
      Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
      Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'jqs.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
      Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      54 processes with 54 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '67' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP153\A0012646.exe
      [0] Archive type: RAR SFX (self extracting)
      --> SmitfraudFix\Agent.OMZ.Fix.exe
      [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
      [WARNING] The file was ignored!
      C:\WINDOWS\system32\Agent.OMZ.Fix.exe
      [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
      [NOTE] The file was deleted!


      End of the scan: 8 janvier 2009 16:18
      Used time: 40:22 Minute(s)

      The scan has been done completely.

      11629 Scanning directories
      389124 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      389120 Files not concerned
      4403 Archives were scanned
      3 Warnings
      1 Notes
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    et via demarrer puis tous les programmes?
    0
    1. le québécois peiné
       
      via démarrer, tous les programmes non plus. le uninstall ne fonctionne pas.

      voici le log de Ot move it. Mais il ne s'appelle pas comme tu l'indiquais, mais : 01082009_124101.log, il se trouve dans le dossier Ot move it, mais dans le dossier moved files.

      ========== FILES ==========
      File/Folder C:\WINDOWS\sysguardn.exe not found.
      File/Folder C:\WINDOWS\s not found.
      Error: Unable to interpret <:processus> in the current context!
      Error: Unable to interpret <explorer.exe> in the current context!
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Dario\LOCALS~1\Temp\etilqs_euHvlWlQS5Al0BVwuFXp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_210.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_124101

      Files moved on Reboot...
      File C:\DOCUME~1\Dario\LOCALS~1\Temp\etilqs_euHvlWlQS5Al0BVwuFXp not found!
      File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      File C:\WINDOWS\temp\Perflib_Perfdata_210.dat not found!
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_001_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_002_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_003_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\Cache\_CACHE_MAP_ moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\urlclassifier3.sqlite moved successfully.
      C:\Documents and Settings\Dario\Local Settings\Application Data\Mozilla\Firefox\Profiles\9iys04h4.default\XUL.mfl moved successfully.
      0
    2. le québécois peiné
       
      désolé, mauvaise info : spynomore est parti. les raccourcis traînaient sur le bureau et dans le menu démarrer, mais plus rien ne fonctionne.

      je lance avira.
      0
  10. le québécois peiné
     
    et voici le log de tools cleaner, pris directement dans la fenêtre du logiciel et non dans un log à la racine du c:

    [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\_OtMoveIt: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\Dario\Bureau\SmitFraudFix.exe: trouvé !
    C:\Documents and Settings\Dario\Bureau\hijackthis.log: trouvé !
    C:\Documents and Settings\Dario\Bureau\OTMoveIt3.exe: trouvé !
    C:\Documents and Settings\Dario\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\Dario\Bureau\SmitFraudfix: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    il a supprimé tous les logiciels trouvés que l'on a utilisés?

    _______________

    encore des problèmes? colle un rapport avec antivir que tu as pour verifier
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok vire ce qui est en quarantaine dans antivir

    puis

    désactive ta restauration puis redémarre ton ordi puis réactive la pour virer les infections qui seraient dedans
    https://www.informatruc.com

    enore des soucis???
    0
    1. le québécois peiné
       
      non. merci du fond du coeur. je clique sur résolu !
      0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok bonne suite!
    0