Go.google.com

flow-06 Messages postés 17 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Depuis quelques jours, lorsque j'effectue une recherche dans n'importe quel navigateur (IE, Firefox, Opera, etc.), il arrive que je tombe sur des liens du genre http://go.google.com/

Auriez-vous une idée ? J'ai installé plusieurs anti-malware, j'ai fais plusieurs scans et j'ai toujours le même soucis. Je vous joins mon log de HijackThis.

*** DEBUT DU RAPPORT ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:17, on 02/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intellipool Network Monitor\inmservice.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdservice.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Shutter\Shutter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Audio Sliders\volume.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Cool Beans System Info\Cool Beans System Info.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Auto EPSON Stylus D88 Series sur SAM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P36 "Auto EPSON Stylus D88 Series sur SAM" /O14 "\\SAM\SAM-FLOW" /M "Stylus D88"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Shutter] C:\Program Files\Shutter\Shutter.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Audio Sliders Launch] "C:\Program Files\Audio Sliders\volume.exe" /s
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Cool Beans System Info] C:\Program Files\Cool Beans System Info\Cool Beans System Info.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Startup: RK Launcher.lnk = ?
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CFC446F-E8A4-4818-B869-255B5FB961B4}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{D70EB71D-B220-4A9A-8056-0C38CC2F6F8B}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEED32CD-9AE5-4131-9273-86D77CCEC498}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intellipool Network Monitor - Intellipool AB - C:\Program Files\Intellipool Network Monitor\inmservice.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 12501 bytes


*** FIN DU RAPPORT ***

Merci à vous.

Bonne journée,
flow-06.
Configuration: Windows XP
Firefox 3.0.5

15 réponses

  1. flow-06 Messages postés 17 Statut Membre 1
     
    Salut jlpjlp, et merci de ta réponse si rapide !

    Le problème, c'est que le lien que tu me donnes est mort pour moi ("Erreur de chargement de la page").
    Donc, je l'ai télécharger sur un autre site. L'installation est super longue, et au final, quand il est installé, je le lance, et rien ne se passe. Il y a pourtant bien le nom du processus lancé dans le gestionnaire de tâches, mais rien...

    Tu as une autre idée ?
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
  3. flow-06 Messages postés 17 Statut Membre 1
     
    Aucun des deux ne marchent !

    Je pense que je suis bien infecté :(
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. flow-06 Messages postés 17 Statut Membre 1
     
    Ca y est !

    J'ai essayé un truc tout con !
    J'ai renommé le nom du programme "MalwareByte's Anti-Malware" (mbam.exe) en haha.exe, et il s'est lancé !
    J'ai pu faire l'analyse, j'ai supprimé 14 éléments et tout est niquel !

    Merci à toi jlpjlp !
    0
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu as le rapport malwarebyte?

    mets le nous pour voir

    a plus
    0
  7. flow-06 Messages postés 17 Statut Membre 1
     
    Le voici !

    *** DEBUT DU RAPPORT ***

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1654
    Windows 5.1.2600 Service Pack 2

    02/02/2009 16:11:03
    mbam-log-2009-02-02 (16-11-03).txt

    Type de recherche: Examen rapide
    Eléments examinés: 70816
    Temps écoulé: 5 minute(s), 32 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\TDSSedwv.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSfvfe.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSShrgi.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSpuaq.dll (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\TDSSrhdt.sys (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\Temp\TDSS5a02.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS5ec4.tmp (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\Temp\TDSS6617.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS6de7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\TDSS74ae.tmp (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\~.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSayoa.log (Trojan.TDSS) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSobam.dll (Rootkit.Agent) -> Delete on reboot.


    *** FIN DU RAPPORT ***

    En espérant que cela puisse aider certains d'entre vous ;)

    A+ !
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok parfait alors fais ceci:

    Télécharge SDFix =sdrenomme (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

    http://sd-1.archive-host.com/membres/up/193094576412487685/SDrenomme.exe

    guide: http://site-naheulbeuk.com/
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  9. flow-06 Messages postés 17 Statut Membre 1
     
    Voici le rapport de SDFix !

    *** DEBUT DU RAPPORT ***

    [b]SDFix: Version 1.240 [/b]
    Run by HP_Propri‚taire on 02/02/2009 at 19:08

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    [b]Name [/b]:
    TDSSserv.sys

    [b]Path [/b]:
    \systemroot\system32\drivers\TDSSrhdt.sys

    TDSSserv.sys - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\drivers\TDSSrhdt.sys - Deleted
    C:\WINDOWS\system32\TDSSnero.dat - Deleted
    C:\WINDOWS\SYSTEM32\TDSSNERO.dat - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-02 19:22:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:8b13ed0c
    "s2"=dword:99009ab3
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:5b,c4,9f,c3,09,bf,43,51,b4,7f,83,4e,7f,54,c8,39,a0,77,9e,69,16,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000001
    "khjeh"=hex:b8,07,4b,b4,39,1b,7f,cf,2a,c2,97,f7,55,30,2a,34,e9,67,69,a1,7e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,74,91,99,2e,f5,dc,1e,59,94,0b,10,d7,88,c6,2f,e1,1a,..
    "khjeh"=hex:54,56,48,ed,bd,02,ad,d1,a8,0b,b7,52,79,43,bb,bf,44,5d,1d,c9,fc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:a4,5f,71,be,40,aa,6b,dd,d0,b2,df,7e,c7,54,fb,d9,c0,4e,f2,f7,85,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:5b,c4,9f,c3,09,bf,43,51,b4,7f,83,4e,7f,54,c8,39,a0,77,9e,69,16,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000001
    "khjeh"=hex:b8,07,4b,b4,39,1b,7f,cf,2a,c2,97,f7,55,30,2a,34,e9,67,69,a1,7e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,74,91,99,2e,f5,dc,1e,59,94,0b,10,d7,88,c6,2f,e1,1a,..
    "khjeh"=hex:54,56,48,ed,bd,02,ad,d1,a8,0b,b7,52,79,43,bb,bf,44,5d,1d,c9,fc,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:a4,5f,71,be,40,aa,6b,dd,d0,b2,df,7e,c7,54,fb,d9,c0,4e,f2,f7,85,..

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4FA99465-854A-9B55-B72F-E6B522487A6F}]
    "nadmgefohabfmeclpndhaahgcoel"=hex:6a,61,61,6a,6f,6f,6c,6e,6c,65,68,6e,61,70,6d,65,63,68,69,6d,00,..
    "manmefddoihfngkemikeekbglc"=hex:6a,61,61,6a,6f,6f,6c,6e,6c,65,68,6e,61,70,6d,65,63,68,69,6d,00,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
    "C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
    "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Sat 10 Feb 2007 218 A.SHR --- "C:\BOOT.BAK"
    Mon 10 Nov 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Wed 29 Nov 2006 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
    Tue 13 Feb 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 10 Jul 2006 71,168 A.SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
    Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
    Thu 10 Jan 2008 71,168 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
    Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
    Thu 14 Oct 2004 1,694,208 A.SH. --- "C:\WINDOWS\FlyakiteOSX\Backup\msmsgs.exe"
    Wed 29 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    [b]Finished![/b]


    *** FIN DU RAPPORT ***

    Mille mercis à toi Jlpjlp !
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    lance combofix renommé en killfix et colle le rapport:

    http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ___________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  11. flow-06 Messages postés 17 Statut Membre 1
     
    Pour plus de lisibilité, je vais coller les 3 fichiers dans 3 posts différents !

    *** DEBUT DU RAPPORT DE COMBOFIX ***

    ComboFix 09-02-01.01 - HP_Propriétaire 2009-02-02 21:53:33.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.958.618 [GMT 1:00]
    Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\Killfix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090202-0] *On-access scanning disabled* (Updated)
    FW: ZoneAlarm Pro Firewall *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf
    K:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_OREANS32

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-02 au 2009-02-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-02 19:02 . 2009-02-02 19:02 <REP> d-------- c:\windows\ERUNT
    2009-02-02 18:54 . 2009-02-02 19:27 <REP> d-------- C:\SDFix
    2009-02-02 16:00 . 2009-02-02 16:02 <REP> d-------- c:\program files\haha
    2009-02-02 16:00 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-02 16:00 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-02-02 15:56 . 2009-02-02 15:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-01 22:47 . 2009-02-01 22:47 <REP> d-------- c:\program files\Cool Beans System Info
    2009-02-01 22:31 . 2009-02-01 22:49 <REP> d-------- c:\program files\Spyware Terminator
    2009-02-01 22:31 . 2009-02-01 22:31 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Spyware Terminator
    2009-02-01 22:31 . 2009-02-01 22:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2009-02-01 22:31 . 2009-02-01 22:31 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
    2009-02-01 20:44 . 2009-02-01 20:44 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
    2009-02-01 20:18 . 2009-02-01 20:48 <REP> d-------- c:\program files\Xoft
    2009-02-01 18:44 . 2009-02-01 20:10 <REP> d-------- C:\fixwareout
    2009-02-01 18:28 . 2009-02-01 18:28 <REP> d-------- c:\program files\SUPERAntiSpyware
    2009-02-01 18:28 . 2009-02-01 18:28 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\SUPERAntiSpyware.com
    2009-02-01 18:24 . 2009-02-01 18:24 <REP> d-------- c:\program files\RogueRemover FREE
    2009-02-01 18:17 . 2009-02-01 18:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-01 10:48 . 2009-02-01 18:06 1,056,768 --a------ c:\windows\sectest.db
    2009-01-31 00:21 . 2009-02-01 21:08 <REP> d-------- c:\program files\a-squared Anti-Malware
    2009-01-30 23:43 . 2009-01-30 23:43 <REP> d-------- c:\program files\Trend Micro
    2009-01-30 22:45 . 2009-01-30 23:17 <REP> d-------- c:\program files\Navilog1
    2009-01-30 21:14 . 2009-01-30 21:14 <REP> d-------- c:\program files\JitBit
    2009-01-29 18:31 . 2009-01-29 18:31 <REP> d-------- c:\program files\Sun
    2009-01-27 23:53 . 2009-01-27 23:53 222 --a------ c:\windows\pdf2word.INI
    2009-01-27 23:45 . 2009-01-27 23:46 <REP> d-------- c:\program files\VeryPDF PDF2Word v3.0
    2009-01-26 18:11 . 2009-01-26 18:11 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\JCreator
    2009-01-26 18:11 . 2009-01-26 18:11 <REP> d-------- c:\documents and settings\All Users\Application Data\JCreator
    2009-01-24 15:21 . 2009-01-24 15:21 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-01-23 21:22 . 2009-01-23 21:22 <REP> d-------- c:\program files\Fichiers communs\xing shared
    2009-01-22 17:54 . 2009-01-22 17:54 <REP> d-------- c:\program files\FreeRAM
    2009-01-21 14:27 . 2009-01-21 14:28 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\AdSigner
    2009-01-21 14:17 . 2009-01-21 14:17 5,120 --ahs---- c:\windows\Thumbs.db
    2009-01-21 14:11 . 2009-01-21 14:14 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-01-20 18:04 . 2009-01-31 18:00 <REP> d-------- c:\program files\FlashFXP
    2009-01-20 18:04 . 2009-01-20 18:04 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\FlashFXP
    2009-01-20 10:18 . 2009-01-20 10:18 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-01-19 23:50 . 2009-01-19 23:50 <REP> d-------- c:\program files\Microsoft SQL Server 2005 Mobile Edition
    2009-01-19 23:50 . 2009-01-19 23:50 <REP> d-------- c:\program files\Microsoft Device Emulator
    2009-01-19 23:24 . 2009-01-19 23:24 <REP> d-------- c:\windows\Symbols
    2009-01-19 23:24 . 2009-01-19 23:36 <REP> d-------- c:\program files\HTML Help Workshop
    2009-01-19 23:24 . 2009-01-19 23:35 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
    2009-01-19 23:24 . 2009-01-19 23:26 <REP> d-------- c:\program files\Fichiers communs\Business Objects
    2009-01-19 23:24 . 2009-01-19 23:24 <REP> d-------- c:\program files\CE Remote Tools
    2009-01-19 23:24 . 2009-01-19 23:25 <REP> d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
    2009-01-19 19:25 . 2009-01-19 19:25 <REP> d-------- c:\program files\JCreatorV4 Pro
    2009-01-18 12:40 . 2009-02-01 17:56 95,432 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-01-18 01:13 . 2009-01-28 20:31 <REP> d-------- c:\program files\Ski Challenge 2009
    2009-01-17 20:57 . 2009-01-17 20:57 <REP> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
    2009-01-17 20:56 . 2009-01-21 14:16 <REP> d-------- c:\program files\TVUPlayer
    2009-01-17 20:56 . 2009-01-17 20:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\LocalLow
    2009-01-17 20:56 . 2009-01-17 20:56 <REP> d-------- c:\documents and settings\HP_Propriétaire\LocalLow
    2009-01-16 21:20 . 2009-01-16 21:20 <REP> d-------- c:\program files\CounterPath
    2009-01-16 20:42 . 2009-01-21 10:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-01-16 20:24 . 2009-01-21 14:17 <REP> d-------- c:\program files\wamp
    2009-01-15 14:16 . 2009-01-15 14:16 124 --a------ c:\windows\system32\~.inf
    2009-01-14 22:26 . 2009-01-15 07:30 <REP> d-------- c:\program files\MSNFix
    2009-01-14 19:33 . 2009-01-14 19:33 <REP> d-------- c:\program files\Fichiers communs\Stardock
    2009-01-14 19:30 . 2009-01-14 19:30 <REP> d-------- c:\program files\RK Launcher
    2009-01-12 19:19 . 2009-01-21 14:14 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-11 21:26 . 2009-01-11 21:26 <REP> d-------- c:\documents and settings\Parents
    2009-01-06 17:30 . 2009-01-06 17:30 <REP> d-------- c:\program files\Webcam32
    2009-01-06 17:03 . 2009-01-06 17:03 <REP> d-------- c:\program files\Surveyor Corporation
    2009-01-06 15:45 . 2009-02-02 22:03 <REP> d-------- c:\program files\Audio Sliders
    2009-01-06 15:31 . 2002-07-17 10:03 45,056 --a------ c:\windows\system32\WNASPI32.DLL
    2009-01-06 15:31 . 2002-07-17 09:05 16,512 --a------ c:\windows\system32\drivers\aspi32.sys
    2009-01-04 18:53 . 2009-01-04 18:53 <REP> d-------- c:\program files\UniversalExtractor1.6
    2009-01-04 11:04 . 2009-01-04 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Recisio

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-02 14:58 --------- d-----w c:\program files\Lavasoft
    2009-02-02 14:56 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-02-02 14:56 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Lavasoft
    2009-02-02 01:57 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
    2009-02-01 23:05 --------- d-----w c:\program files\adslTV
    2009-02-01 20:44 --------- d-----w c:\program files\Download Direct
    2009-02-01 16:39 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\GigaTribe
    2009-01-29 16:39 --------- d-----w c:\program files\Windows Live Safety Center
    2009-01-29 13:18 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\SolidDocuments
    2009-01-27 23:00 10,226 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\mdbu.bin
    2009-01-26 17:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-25 19:12 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Canon
    2009-01-23 20:22 --------- d-----w c:\program files\Fichiers communs\Real
    2009-01-21 13:17 --------- d-----w c:\program files\Paltalk Messenger
    2009-01-21 13:17 --------- d-----w c:\program files\ObjectDock
    2009-01-21 13:17 --------- d-----w c:\program files\GigaTribe
    2009-01-21 13:17 --------- d-----w c:\program files\DivX
    2009-01-21 13:16 --------- d-----w c:\program files\Zattoo
    2009-01-21 13:13 --------- d-----w c:\program files\Java
    2009-01-21 09:34 --------- d-----w c:\program files\Google
    2009-01-20 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-19 22:58 --------- d-----w c:\program files\Microsoft Visual Studio 8
    2009-01-19 22:36 --------- d-----w c:\program files\MSBuild
    2009-01-18 11:25 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-16 19:41 --------- d-----w c:\program files\Yahoo!
    2009-01-16 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
    2009-01-14 18:33 --------- d-----w c:\program files\Stardock
    2009-01-11 19:21 --------- d-----w c:\program files\Micro Application
    2009-01-06 19:36 --------- d-----w c:\program files\DSynchronize
    2009-01-06 15:59 --------- d-----w c:\program files\WMR11
    2008-12-28 11:23 --------- d-----w c:\program files\iTunes
    2008-12-28 11:23 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-28 11:22 --------- d-----w c:\program files\iPod
    2008-12-28 11:22 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-12-28 11:19 --------- d-----w c:\program files\QuickTime
    2008-12-28 11:06 --------- d-----w c:\program files\Safari
    2008-12-27 10:21 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\GoodSync
    2008-12-23 13:48 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\XnView
    2008-12-21 13:31 --------- d-----w c:\program files\PeerTV
    2008-12-21 13:31 --------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
    2008-12-21 13:29 --------- d-----w c:\program files\Skype
    2008-12-18 15:40 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\U3
    2008-12-16 18:09 --------- d-----w c:\program files\Foto.com
    2008-12-15 20:21 --------- d-----w c:\program files\Audacity
    2008-12-14 15:24 --------- d-----w c:\program files\Ashampoo
    2008-12-14 15:08 --------- d-----w c:\program files\WinHTTrack
    2008-12-12 20:11 --------- d-----w c:\program files\emu8086
    2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-07 09:53 --------- d-----w c:\program files\Microsoft ActiveSync
    2008-10-06 18:12 378 -c--a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
    2004-10-13 23:24 1,694,208 --sha-w c:\windows\FlyakiteOSX\Backup\msmsgs.exe
    .

    ------- Sigcheck -------

    2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 c:\windows\FlyakiteOSX\Backup\user32.dll
    2007-03-08 16:37 578560 2ed0a71b1a374baf75d2301637307278 c:\windows\system32\user32.dll
    2007-03-08 16:37 578560 2ed0a71b1a374baf75d2301637307278 c:\windows\system32\dllcache\user32.dll

    2007-06-13 14:22 1370112 72b28fb361e6c582b4e06f2f6caed83d c:\windows\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\FlyakiteOSX\Backup\explorer.exe
    2007-06-13 14:22 1370112 72b28fb361e6c582b4e06f2f6caed83d c:\windows\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "Auto EPSON Stylus D88 Series sur SAM"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
    "Shutter"="c:\program files\Shutter\Shutter.exe" [2006-07-24 931840]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "Audio Sliders Launch"="c:\program files\Audio Sliders\volume.exe" [2006-04-06 231424]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "Cool Beans System Info"="c:\program files\Cool Beans System Info\Cool Beans System Info.exe" [2003-10-24 390144]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-02-28 27136]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-02-28 27136]

    c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-02-28 27136]

    c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\Accessoires\D‚marrage\
    GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-12-30 1071104]
    RK Launcher.lnk - c:\program files\RK Launcher\RKLauncher.exe [2009-01-14 393216]
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-01-14 3450608]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.dvsd"= pdvcodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Gestionnaire de APM.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Gestionnaire de APM.lnk
    backup=c:\windows\pss\Gestionnaire de APM.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel de Synchronisation Orange.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel de Synchronisation Orange.lnk
    backup=c:\windows\pss\Logiciel de Synchronisation Orange.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MioSync.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MioSync.lnk
    backup=c:\windows\pss\MioSync.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
    backup=c:\windows\pss\PalTalk.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Redémarrage Studio.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Redémarrage Studio.lnk
    backup=c:\windows\pss\Redémarrage Studio.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Accessoires^Démarrage^TribalWeb.lnk]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Accessoires\Démarrage\TribalWeb.lnk
    backup=c:\windows\pss\TribalWeb.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Accessoires^Démarrage^UberIcon.lnk]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Accessoires\Démarrage\UberIcon.lnk
    backup=c:\windows\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Accessoires^Démarrage^WKCALREM.LNK]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Accessoires\Démarrage\WKCALREM.LNK
    backup=c:\windows\pss\WKCALREM.LNKStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Accessoires^Démarrage^Y'z Shadow.lnk]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Accessoires\Démarrage\Y'z Shadow.lnk
    backup=c:\windows\pss\Y'z Shadow.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Accessoires^Démarrage^Yahoo! Widget Engine.lnk]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Accessoires\Démarrage\Yahoo! Widget Engine.lnk
    backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Accessoires^Démarrage^Yahoo! Widgets.lnk]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Accessoires\Démarrage\Yahoo! Widgets.lnk
    backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
    path=c:\documents and settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
    backup=c:\windows\pss\TribalWeb.net.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    c:\program files\DAEMON Tools -lang 1033 -noicon [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
    --a------ 2009-01-27 16:59 2784912 c:\program files\a-squared Anti-Malware\a2guard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alt+Q Hotkey Tool]
    --a------ 2005-12-18 20:14 27648 c:\windows\Alt+Q Hotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    --a------ 2007-09-08 00:01 43008 c:\program files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D88 Series]
    --a------ 2005-01-27 05:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIABE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    --a----t- 2008-09-10 19:41 133104 c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 13:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-05-12 06:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    --a--c--- 2005-11-10 01:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    --a--c--- 2005-06-02 07:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
    --a------ 2007-02-10 18:10 200747 c:\program files\IncrediMail\bin\IncMail.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-08-09 05:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2004-08-09 05:03 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a--c--- 2007-09-26 20:02 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMDVox]
    --a------ 2007-12-18 11:09 456704 c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    --a--c--- 2004-10-08 11:06 196608 c:\program files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a--c--- 2004-10-08 11:31 458752 c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2004-10-08 11:24 217088 c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2004-10-08 10:52 221184 c:\windows\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    --a------ 2009-01-08 19:38 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    --a------ 2007-09-06 14:53 169264 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSD]
    --a------ 2007-01-21 20:50 86016 c:\windows\osd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a--c--- 2005-07-22 22:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    --a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
    --a------ 2009-02-01 22:31 2267136 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2009-01-21 14:14 136600 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2009-01-23 21:21 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
    --a------ 2006-05-21 08:43 180224 c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
    --a------ 2003-06-04 11:49 294912 c:\program files\NetDrive\NetDrive.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2009-01-08 19:38 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "gusvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "wampmysqld"=3 (0x3)
    "wampapache"=3 (0x3)
    "ScReadSpool"=2 (0x2)
    "ose"=3 (0x3)
    "OracleXETNSListener"=2 (0x2)
    "OracleXEClrAgent"=3 (0x3)
    "OracleServiceXE"=2 (0x2)
    "OracleMTSRecoveryService"=3 (0x3)
    "MySQL"=2 (0x2)
    "MSSQL$SQLEXPRESS"=2 (0x2)
    "maconfservice"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Apache2"=2 (0x2)
    "Fax"=3 (0x3)
    "StarWindService"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "a2AntiMalware"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "TuneUp.Defrag"=3 (0x3)
    "SNMPTRAP"=3 (0x3)
    "rpcapd"=3 (0x3)
    "Pml Driver HPZ12"=0 (0x0)
    "odserv"=3 (0x3)
    "IDriverT"=3 (0x3)
    "ATI Smart"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\HP_Propriétaire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\HP_Propriétaire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowOutboundSourceQuench"= 1 (0x1)

    R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-02-03 17264]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-08 111184]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-09-29 95888]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-09-29 41680]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-08 20560]
    R2 Intellipool Network Monitor;Intellipool Network Monitor;c:\program files\Intellipool Network Monitor\inmservice.exe [2008-11-11 6342656]
    R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-02-01 6016]
    R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [2007-05-19 67032]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-02-28 468768]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
    S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 2799808]
    S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
    S4 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
    S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-02 204800]
    S4 RFNP32;WebDrive Provider; [x]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-29 c:\windows\Tasks\Eteindre l'écran.job
    - k:\pc fixe de flo\Mes documents\Fichiers t []

    2009-01-29 c:\windows\Tasks\Fermer adslTV.job
    - k:\pc fixe de flo\Mes documents\Fichiers t []

    2009-02-02 c:\windows\Tasks\XoftSpySE 2.job
    - c:\program files\Xoft\Xoft.exe [2009-02-01 20:38]

    2009-02-01 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\Xoft\Xoft.exe [2009-02-01 20:38]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    MSConfigStartUp-AdVantage - c:\program files\AdVantage\AdVantage.exe
    MSConfigStartUp-Bubble - c:\program files\Windows SteadyState\Bubble.exe
    MSConfigStartUp-Canal Widget - c:\program files\Canal\Canal Widget\Launcher.exe
    MSConfigStartUp-EPSON Product Rappel concernant l'enregistrement - c:\windows\Temp\RegModule.exe
    MSConfigStartUp-Football365 Toolbar - c:\program files\Sporever\Football365 Toolbar\launcher.exe
    MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
    MSConfigStartUp-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
    MSConfigStartUp-rg - c:\program files\Roland Garros 2007\oneclick.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: {7CFC446F-E8A4-4818-B869-255B5FB961B4} = 212.27.54.252,212.27.53.252
    TCP: {D70EB71D-B220-4A9A-8056-0C38CC2F6F8B} = 212.27.54.252,212.27.53.252
    TCP: {FEED32CD-9AE5-4131-9273-86D77CCEC498} = 212.27.54.252,212.27.53.252
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\wtsr1wka.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT752278&SearchSource=3&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
    FF - component: c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\wtsr1wka.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npicdclient.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPJava11.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPJava12.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPJava13.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPJava14.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPJava32.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPJPI142_18.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPOJI610.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\VLC\npvlc.dll
    FF - plugin: c:\windows\system32\Rawflow\npicdclient.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: nglayout.initialpaint.delay - 600
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-02 22:05:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-58623142-1644913020-3694738410-1008\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-58623142-1644913020-3694738410-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4FA99465-854A-9B55-B72F-E6B522487A6F}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "nadmgefohabfmeclpndhaahgcoel"=hex:6a,61,61,6a,6f,6f,6c,6e,6c,65,68,6e,61,70,
    6d,65,63,68,69,6d,00,00
    "manmefddoihfngkemikeekbglc"=hex:6a,61,61,6a,6f,6f,6c,6e,6c,65,68,6e,61,70,6d,
    65,63,68,69,6d,00,f6

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040510900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(624)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\RFNP32.DLL
    c:\windows\system32\RFHelper.dll
    c:\windows\system32\rfhres.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\SAgent4.exe
    c:\program files\NetDrive\wdService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-02 22:09:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-02-02 21:09:18

    Avant-CF: 66 354 503 680 octets libres
    Après-CF: 66,382,475,264 octets libres

    510 --- E O F --- 2009-01-20 09:34:10


    *** FIN DU RAPPORT DE COMBOFIX ***
    0
  12. flow-06 Messages postés 17 Statut Membre 1
     
    *** DEBUT DU RAPPORT DE "LOG.TXT" de RSIT ***

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Propriétaire at 2009-02-02 22:19:06
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 63 GB (34%) free of 185 GB
    Total RAM: 958 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:19:26, on 02/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intellipool Network Monitor\inmservice.exe
    C:\Program Files\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NetDrive\wdservice.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\HP\KBD\KBD.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\My Lockbox\flockbox.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Shutter\Shutter.exe
    C:\Program Files\Audio Sliders\volume.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Cool Beans System Info\Cool Beans System Info.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\GigaTribe\gigatribe.exe
    C:\Program Files\RK Launcher\RKLauncher.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Propriétaire.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Auto EPSON Stylus D88 Series sur SAM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P36 "Auto EPSON Stylus D88 Series sur SAM" /O14 "\\SAM\SAM-FLOW" /M "Stylus D88"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Shutter] C:\Program Files\Shutter\Shutter.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Audio Sliders Launch] "C:\Program Files\Audio Sliders\volume.exe" /s
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Cool Beans System Info] C:\Program Files\Cool Beans System Info\Cool Beans System Info.exe
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
    O4 - Startup: RK Launcher.lnk = ?
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7CFC446F-E8A4-4818-B869-255B5FB961B4}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D70EB71D-B220-4A9A-8056-0C38CC2F6F8B}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FEED32CD-9AE5-4131-9273-86D77CCEC498}: NameServer = 212.27.54.252,212.27.53.252
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intellipool Network Monitor - Intellipool AB - C:\Program Files\Intellipool Network Monitor\inmservice.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    0
  13. flow-06 Messages postés 17 Statut Membre 1
     
    *** DEBUT DU RAPPORT "INFO.TXT" DE RSIT ***

    info.txt logfile of random's system information tool 1.05 2009-02-02 22:19:30

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    adsl TV-->C:\Program Files\adslTV\Uninstal.exe
    AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
    AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly
    Amélioration de nos services-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
    Ant Movie Catalog-->"C:\Program Files\Ant Movie Catalog\unins000.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Ashampoo WinOptimizer 5.03-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 5\unins000.exe"
    a-squared Anti-Malware 4.0-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Audio Sliders-->"C:\Program Files\Audio Sliders\unins000.exe"
    AutoShutdown-->C:\PROGRA~1\AUTOSH~1\UNWISE.EXE C:\PROGRA~1\AUTOSH~1\INSTALL.LOG
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe"
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CamStudio-->C:\Program Files\CamStudio\uninstall.exe
    CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x40c
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CoffeeCup Firestarter-->C:\PROGRA~1\COFFEE~1\FIREST~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\FIREST~1\INSTALL.LOG
    Cool Beans System Info 2.0-->"C:\Program Files\Cool Beans System Info\unins000.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dots for Pocket PC-->"C:\Program Files\Microsoft ActiveSync\GameBag One PKT\Dots\RemovePPC.exe" Dots PKT
    Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
    DV5X9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{860B1419-14A8-47E1-A1D1-67D996A6EC79}\Setup.exe" -l0x40c -removeonly
    EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"
    Editeur Foto.com 2.3-->"C:\Program Files\Foto.com\Editeur Foto.com\unins000.exe"
    ELSA Famille-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\AFL\Elsa Famille\UnInst.log" "/APPNAME=ELSA Famille"
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    Entraîneur Cérébral 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A62C42C-FDB3-4BCC-A41A-89FA813250E3}\setup.exe" -l0x40c -removeonly
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EuroPoker (remove only)-->"C:\Program Files\EuroPoker\uninstall.exe"
    Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
    Flowcode pour les PICmicros-->C:\PROGRA~1\MULTIP~1\Flowcode\UNWISE.EXE C:\PROGRA~1\MULTIP~1\Flowcode\INSTALL.LOG
    FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
    FlyakiteOSX-->C:\WINDOWS\FlyakiteOSX\Uninstall.exe
    FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
    FreeRAM-->"C:\Program Files\FreeRAM\uninstall.exe"
    GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
    GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
    getPlus(R)_dll-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
    GigaTribe 2.50-->"C:\Program Files\GigaTribe\unins000.exe"
    GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
    Google Talk Plugin-->MsiExec.exe /I{108921F0-2DDB-3C3D-A02D-CC18285F514C}
    GrabIt 1.6.2 Beta (build 940)-->"C:\Program Files\GrabIt\unins000.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Appareils photos Photosmart 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
    HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
    HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
    HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
    HP DVD Play 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
    HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
    HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
    HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
    HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    iColorFolder-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\uninstall.exe
    IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
    IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
    Intellipool Network Monitor-->"C:\WINDOWS\Intellipool Network Monitor\uninstall.exe" "/U:C:\Program Files\Intellipool Network Monitor\Uninstall\uninstall.xml"
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    Jahia 5.0.4 (remove only)-->"c:\jahia5.0.4_r21181\Uninstall.exe"
    Java 2 Runtime Environment, SE v1.4.2_18-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142180}
    Java 2 SDK, SE v1.4.2_18-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142180}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    JCreator LE 3.10-->"C:\Program Files\JCreatorV3 LE\unins000.exe"
    la version d'évaluation de Namo WebBoard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA2984C5-8727-456B-9FB9-8545F9A7465B}\setup.exe" -l0x40c
    la version d'évaluation de Namo WebCanvas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB0F8A49-2833-43E1-948B-58E552710DEB}\setup.exe" -l0x40c
    la version d'évaluation de Namo WebEdiotor 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3FA287-2622-4340-AAF6-0AD29F21A691}\setup.exe" -l0x40c
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LimeWire 4.12.11-->"C:\Program Files\LimeWire\uninstall.exe"
    Logiciel de Synchronisation Orange-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}\setup.exe" -l0x40c -removeonly
    Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
    Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
    Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
    Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
    Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
    Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
    Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
    Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
    Malwarebytes' Anti-Malware-->"C:\Program Files\haha\unins000.exe"
    Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
    Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{357966B4-ED3B-4CAE-965F-825552888E31}\setup.exe" -runfromtemp -l0x040c -removeonly
    Maxtor Manager-->MsiExec.exe /I{357966B4-ED3B-4CAE-965F-825552888E31}
    mes données 1.0.0.7-->C:\Program Files\Mes données Orange\uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Device Emulator version 1.0 - FRA-->MsiExec.exe /X{F6E08BCD-8411-4943-85B6-C8F79AC613AC}
    Microsoft Document Explorer 2005 Language Pack - FRA-->MsiExec.exe /X{A0EEDF22-8A8A-45C3-9571-FCCE846ABAED}
    Microsoft Document Explorer 2005-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
    Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft MSDN 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - FRA\install.exe
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access 2003-->MsiExec.exe /I{9015040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Project Professional 2002-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0050048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
    Microsoft SQL Server 2005 Mobile [FRA] Developer Tools-->MsiExec.exe /X{8BBF1F9B-846E-412E-A291-D471E5BED251}
    Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{3F59A7E0-BC01-4435-9E93-C7D7015C21DA}
    Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Microsoft Visual Studio 2005 Professional - Français-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - FRA\setup.exe
    Microsoft Visual Studio 6.0 Professional Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
    Microsoft Visual Web Developer 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - FRA\setup.exe
    Microsoft Visual Web Developer 2005 Express Edition - FRA-->MsiExec.exe /X{C9301CC8-66FD-4040-9C9B-B850E8DFA70A}
    Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
    Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mio Technology Speedcam Synchronisation ( PNA Version ) 1.2.10.07.06-->C:\PROGRA~1\MIOTEC~1\MioSync\Setup.exe /remove
    Mio Technology SpeedCam Tool-->C:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove
    MioTransfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F00501-E02F-458F-8AED-85949AB9656F}\Setup.exe" -l0x9
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - FRA\install.exe
    Module de prise en charge linguistique de Microsoft Visual J# 2.0 Redistributable - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Module de prise en charge linguistique de Microsoft Visual J# 2.0 Redistributable - FRA\install.exe
    MozBackup 1.4.4-->"C:\Program Files\MozBackup\unins000.exe"
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MPLAB-->C:\PROGRA~1\MPLAB\UNWISE32.EXE C:\PROGRA~1\MPLAB\INSTALL.LOG
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSNFix 1.749-->"C:\Program Files\MSNFix\unins000.exe"
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
    muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E073D315-3C54-44BF-A1B2-B5583AEA618C}\setup.exe" -l0x40c
    My Lockbox 1.2 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe"
    Namo WebUtilities-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A55DFA8-747B-431F-9CF1-E31FD6C94FF2}\setup.exe" -l0x40c
    Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
    NetDrive-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
    ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~2\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\INSTALL.LOG
    Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
    Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
    Oracle Database 10g Express Edition-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75} /l1036
    Orange Plug-in messagerie vocale 888-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
    Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
    PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
    Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    PC Booster-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\setup.exe" -l0x9 -removeonly
    PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    Poker 770-->"C:\Poker\Poker 770\_Poker770.exe" /uninstall
    Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    PS2-->C:\WINDOWS\system32\ps2.exe uninstall
    Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
    Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    R for Windows 2.8.0-->"C:\Program Files\R\R-2.8.0\unins000.exe"
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly
    Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
    Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
    SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Security Update pour Microsoft Visual Studio 2005 Professional - Français (KB925674)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} /package {D061040C-EAF9-4F1B-B0CA-060A31115151}
    Security Update pour Microsoft Visual Studio 2005 Professional - Français (KB937060)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {D061040C-EAF9-4F1B-B0CA-060A31115151}
    Services Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5CFD7508-7774-48FE-8280-7A3C0AE71755} /l1036
    Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
    Shutter-->"C:\Program Files\Shutter\unins000.exe"
    Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SolidConverterPDF-->MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}
    Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SpeedCams_Serveur (C:\Program Files\SpeedCams_Serveur\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\SpeedCams_Serveur\ST6UNST.000"
    SpeedCams_Serveur-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\SpeedCams_Serveur\ST6UNST.LOG"
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    SpeedswitchXP V1.5-->"C:\Program Files\SpeedswitchXP\uninstall.exe"
    Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
    Sun xVM VirtualBox-->MsiExec.exe /I{30A01FF6-D5DD-4DEE-AA57-253AF79A57B9}
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    SyncToy-->MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
    Tests de QI et Mémoire-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A164036A-722E-41CB-A1C1-3C3825A575D6}\Setup.exe" -l0x40c
    Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
    TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    TVUPlayer 2.4.1.0-->C:\Program Files\TVUPlayer\uninst.exe
    TYPSoft FTP Server-->"C:\TYPSoft FTP Server\unins000.exe"
    Ubuntu-->C:\ubuntu\Uninstall-Ubuntu.exe
    UltraEdit v14.00-->MsiExec.exe /I{D7A33067-9016-4D52-BC5B-D42E245AD3BA}
    UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins001.exe"
    Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
    VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    VeryPDF PDF2Word v3.0-->"C:\Program Files\VeryPDF PDF2Word v3.0\unins000.exe"
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VLC\uninstall.exe
    Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
    VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
    Votre PC prend la parole-->MsiExec.exe /I{1335A7E0-6055-47B8-92FC-714D65117CAA}
    WakeOnLan v3.0.4-->"C:\Program Files\WakeOnLan\unins000.exe"
    WampServer 2.0-->"C:\Program Files\wamp\unins000.exe"
    Webcam32-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Surveyor Corporation\Webcam32\Uninst.isu"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinHTTrack Website Copier 3.43-2-->"C:\Program Files\WinHTTrack\unins000.exe"
    WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
    WinSCP 4.1 beta-->"C:\Program Files\WinSCP\unins000.exe"
    WinSynchro-->C:\Program Files\WinSynchro\setup.exe
    Wireshark 0.99.7-->"C:\Program Files\Wireshark\uninstall.exe"
    WM Recorder 11.2-->C:\Program Files\WMR11\Uninstal.exe
    X-Lite 3.0-->"C:\Program Files\CounterPath\X-Lite\unins000.exe"
    XnView 1.93.4-->"C:\Program Files\XnView\unins000.exe"
    XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
    Zattoo 3.3.1 Beta-->C:\Program Files\Zattoo\uninst.exe
    ZICOMPTA Version 4.1.0-->"C:\WINDOWS\UNISTB32.EXE" /U "C:\Program Files\ZICOMPTA\UNINST0.000" "C:\Program Files\ZICOMPTA\UNINST1.000"
    ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090202-0]
    FW: ZoneAlarm Pro Firewall

    System event log

    Computer Name: FLOW
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk5\D au cours d'une opération de pagination.

    Record Number: 28362
    Source Name: Disk
    Time Written: 20090109220707.000000+060
    Event Type: Avertissement
    User:

    Computer Name: FLOW
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk5\D au cours d'une opération de pagination.

    Record Number: 28361
    Source Name: Disk
    Time Written: 20090109220656.000000+060
    Event Type: Avertissement
    User:

    Computer Name: FLOW
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk5\D au cours d'une opération de pagination.

    Record Number: 28360
    Source Name: Disk
    Time Written: 20090109220645.000000+060
    Event Type: Avertissement
    User:

    Computer Name: FLOW
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk5\D au cours d'une opération de pagination.

    Record Number: 28359
    Source Name: Disk
    Time Written: 20090109220635.000000+060
    Event Type: Avertissement
    User:

    Computer Name: FLOW
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk5\D au cours d'une opération de pagination.

    Record Number: 28358
    Source Name: Disk
    Time Written: 20090109220624.000000+060
    Event Type: Avertissement
    User:

    Application event log

    Computer Name: FLOW
    Event Code: 1
    Message: Connections: closed: 192.168.0.254::53469 (Console is not session zero - oreconnect to restore Console sessin)

    Record Number: 35142
    Source Name: WinVNC4
    Time Written: 20081230190905.000000+060
    Event Type: Informations
    User:

    Computer Name: FLOW
    Event Code: 1
    Message: Connections: accepted: 192.168.0.254::53469

    Record Number: 35141
    Source Name: WinVNC4
    Time Written: 20081230190838.000000+060
    Event Type: Informations
    User:

    Computer Name: FLOW
    Event Code: 1
    Message: Connections: closed: 192.168.0.254::53468 (Unable to connect session to Console: L'accès à la session requis est refusé. (7045))

    Record Number: 35140
    Source Name: WinVNC4
    Time Written: 20081230190823.000000+060
    Event Type: Informations
    User:

    Computer Name: FLOW
    Event Code: 1
    Message: Connections: accepted: 192.168.0.254::53468

    Record Number: 35139
    Source Name: WinVNC4
    Time Written: 20081230190823.000000+060
    Event Type: Informations
    User:

    Computer Name: FLOW
    Event Code: 1
    Message: Connections: closed: 192.168.0.254::53467 (Unable to connect session to Console: L'accès à la session requis est refusé. (7045))

    Record Number: 35138
    Source Name: WinVNC4
    Time Written: 20081230190820.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\oraclexe\app\oracle\product\10.2.0\server\bin;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2402
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
    "tvdumpflags"=8
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

    -----------------EOF-----------------


    *** FIN DU RAPPORT "INFO.TXT" DE RSIT ***
    0
  14. flow-06 Messages postés 17 Statut Membre 1
     
    Encore merci pour tout ce que tu fais pour moi ;)
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait cela devrait etre bon!

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
    (dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
    https://www.malekal.com/tutoriel-ccleaner/
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    -----------------------

    pour vérifier car avast c'est pas le top:

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

    a plus
    0