aider moi, fenetre intempestive CiD... Fermé

Question

Bonjour,

jai des fenetre intempestive (CiD) tout le temps...aider moi a les enlever.
jai deja scanner mon ordi 4 fois avec ccleaner, spybot et mon antivirus, mais rien trouver et elles son toujours la...

aider moi...

voici mon log hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:44 AM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\eTrust\caissdt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\eTrust\caissdt.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\First Readme.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [multidebug] C:\DOCUME~1\Sharon\APPLIC~1\DrawMemo\jump cash.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c965e531f0fb44) (gupdate1c965e531f0fb44) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Destrio5 · Answer

Salut,

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).

morgane · Answer

voici le log: --------------------\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Sharon ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:49 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) E:\ (CD or DVD) F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) G:\ (USB) - FAT32 - Total:7654 Mo (Free:7 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Fri 03/27/2009|11:11 ) --------------------\ Listing des dossiers dans APPLIC~1 [01/27/2007|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe [10/24/2006|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL [10/23/2006|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL Downloads [10/23/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL OCP [12/28/2005|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple Computer [02/05/2009|05:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ avg8 [06/06/2006|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ CA [06/04/2005|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ CyberLink [03/26/2009|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Google Updater [02/18/2009|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ great coal love default [03/16/2007|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Hewlett-Packard [04/08/2006|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Intuit [12/24/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Messenger Plus! [12/23/2008|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft [12/13/2008|09:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Motive [05/17/2006|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ nView_Profiles [06/14/2005|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ QuickTime [06/04/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ SBT [04/01/2007|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TurboTax 2006 [10/23/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Viewpoint [06/01/2006|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage [12/24/2008|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WLInstaller [01/01/2009|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo! [06/04/2005|07:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft [02/05/2009|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft [02/05/2009|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft [10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\ acccore [01/23/2009|01:12] C:\DOCUME~1\Sharon\APPLIC~1\ Adobe [05/22/2008|05:10] C:\DOCUME~1\Sharon\APPLIC~1\ AdobeUM [06/04/2005|08:05] C:\DOCUME~1\Sharon\APPLIC~1\ Ahead [10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\ AIMLogger [02/06/2006|06:34] C:\DOCUME~1\Sharon\APPLIC~1\ Apple Computer [08/11/2005|04:09] C:\DOCUME~1\Sharon\APPLIC~1\ ArcSoft [04/04/2006|08:54] C:\DOCUME~1\Sharon\APPLIC~1\ CyberLink [02/18/2009|01:03] C:\DOCUME~1\Sharon\APPLIC~1\ DrawMemo [12/24/2008|12:33] C:\DOCUME~1\Sharon\APPLIC~1\ Google [12/08/2005|08:37] C:\DOCUME~1\Sharon\APPLIC~1\ Help [06/22/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\ Identities [04/01/2007|08:53] C:\DOCUME~1\Sharon\APPLIC~1\ InstallShield [03/19/2008|08:38] C:\DOCUME~1\Sharon\APPLIC~1\ Intuit [12/27/2005|11:38] C:\DOCUME~1\Sharon\APPLIC~1\ Macromedia [10/12/2006|08:28] C:\DOCUME~1\Sharon\APPLIC~1\ Media Player Classic [02/05/2009|05:25] C:\DOCUME~1\Sharon\APPLIC~1\ Microsoft [06/04/2005|07:49] C:\DOCUME~1\Sharon\APPLIC~1\ Microsoft Web Folders [12/13/2008|09:24] C:\DOCUME~1\Sharon\APPLIC~1\ Motive [06/14/2005|10:09] C:\DOCUME~1\Sharon\APPLIC~1\ Nikon [02/21/2006|06:08] C:\DOCUME~1\Sharon\APPLIC~1\ Opera [12/28/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\ Snapfish [01/22/2006|07:23] C:\DOCUME~1\Sharon\APPLIC~1\ Sun [03/23/2009|06:54] C:\DOCUME~1\Sharon\APPLIC~1\ U3 [09/04/2005|03:20] C:\DOCUME~1\Sharon\APPLIC~1\ Xerox [01/01/2009|04:08] C:\DOCUME~1\Sharon\APPLIC~1\ Yahoo! --------------------\ Tâches planifiées dans C:\WINDOWS asks [03/27/2009 10:50 AM][--a------] C:\WINDOWS asks\Google Software Updater.job [03/27/2009 11:00 AM][--ah-----] C:\WINDOWS asks\A73DCFEA91864072.job [03/27/2009 10:20 AM][--a------] C:\WINDOWS asks\GoogleUpdateTaskMachine.job [03/27/2009 10:20 AM][--ah-----] C:\WINDOWS asks\SA.DAT [08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS asks\desktop.ini ( A73DCFEA91864072.job )=( c:\docume~1\sharon\applic~1\drawmemo\Typeboreplatform.exe ) --------------------\ Listing des dossiers dans C:\Program Files [12/22/2008|06:51] C:\Program Files\ Adobe [06/04/2005|08:04] C:\Program Files\ Ahead [06/26/2005|09:08] C:\Program Files\ ArcSoft [02/05/2009|05:26] C:\Program Files\ AVG [02/21/2009|03:58] C:\Program Files\ BookSmart [11/12/2008|10:09] C:\Program Files\ Britannica 2003 [06/05/2006|10:11] C:\Program Files\ CA [02/18/2009|01:01] C:\Program Files\ Circe Developement [12/24/2008|11:22] C:\Program Files\ Common Files [06/04/2005|07:18] C:\Program Files\ ComPlus Applications [12/01/2007|05:04] C:\Program Files\ CONEXANT [06/04/2005|07:48] C:\Program Files\ CREATIVE [06/04/2005|07:33] C:\Program Files\ CyberLink [02/18/2009|01:02] C:\Program Files\ DrawMemo [07/04/2006|12:31] C:\Program Files\ eTrust [02/10/2009|10:04] C:\Program Files\ Google [03/10/2007|07:30] C:\Program Files\ Grisoft [03/16/2007|06:51] C:\Program Files\ Hewlett-Packard [03/16/2007|06:51] C:\Program Files\ HP [12/13/2008|09:24] C:\Program Files\ HughesNetTools [12/22/2008|06:48] C:\Program Files\ InstallShield Installation Information [02/11/2009|09:12] C:\Program Files\ Internet Explorer [03/17/2006|09:57] C:\Program Files\ iPod [04/08/2006|08:42] C:\Program Files\ ItsDeductible2005 [04/01/2007|09:04] C:\Program Files\ ItsDeductible2006 [03/17/2006|09:57] C:\Program Files\ iTunes [11/14/2005|05:11] C:\Program Files\ Java [12/17/2008|09:34] C:\Program Files\ Messenger [12/23/2008|04:10] C:\Program Files\ Microsoft [05/09/2007|11:22] C:\Program Files\ Microsoft CAPICOM 2.1.0.2 [06/04/2005|07:21] C:\Program Files\ microsoft frontpage [06/04/2005|07:56] C:\Program Files\ Microsoft Office [02/28/2009|10:21] C:\Program Files\ Microsoft Silverlight [02/20/2009|05:27] C:\Program Files\ Microsoft SQL Server Compact Edition [06/04/2005|07:52] C:\Program Files\ Microsoft Visual Studio [12/17/2008|09:30] C:\Program Files\ Movie Maker [12/31/2005|07:01] C:\Program Files\ MSN [06/04/2005|07:18] C:\Program Files\ MSN Gaming Zone [11/20/2006|01:42] C:\Program Files\ MSXML 4.0 [06/06/2006|06:23] C:\Program Files\ netbeans-4.1 [12/17/2008|09:27] C:\Program Files\ NetMeeting [12/01/2007|05:01] C:\Program Files\ NetWaiting [06/14/2005|10:08] C:\Program Files\ Nikon [06/04/2005|07:20] C:\Program Files\ Online Services [12/17/2008|09:27] C:\Program Files\ Outlook Express [03/13/2009|12:43] C:\Program Files\ Photo Story 3 for Windows [06/09/2008|06:32] C:\Program Files\ QuickTime [06/04/2005|07:56] C:\Program Files\ Snapshot Viewer [06/09/2008|06:29] C:\Program Files\ Tech4Learning [11/22/2007|02:11] C:\Program Files\ The Birthday Banner [03/26/2009|09:49] C:\Program Files\ Trend Micro [03/19/2008|08:27] C:\Program Files\ TurboTax [06/04/2005|07:25] C:\Program Files\ Uninstall Information [10/23/2006|09:46] C:\Program Files\ Viewpoint [02/20/2009|05:28] C:\Program Files\ Windows Live [12/23/2008|04:10] C:\Program Files\ Windows Live SkyDrive [03/02/2009|08:14] C:\Program Files\ Windows Media Connect 2 [03/02/2009|08:17] C:\Program Files\ Windows Media Player [12/17/2008|09:27] C:\Program Files\ Windows NT [06/04/2005|07:20] C:\Program Files\ WindowsUpdate [06/04/2005|07:21] C:\Program Files\ xerox [01/01/2009|12:48] C:\Program Files\ Yahoo! [11/12/2008|10:08] C:\Program Files\ Zero G Registry --------------------\ Listing des dossiers dans C:\Program Files\Common Files [09/01/2007|04:49] C:\Program Files\Common Files\ Adobe [12/22/2008|06:52] C:\Program Files\Common Files\ Adobe Systems Shared [06/04/2005|08:02] C:\Program Files\Common Files\ Ahead [03/19/2008|08:33] C:\Program Files\Common Files\ AnswerWorks 4.0 [06/04/2005|07:52] C:\Program Files\Common Files\ Designer [06/26/2005|09:05] C:\Program Files\Common Files\ Hewlett-Packard [12/28/2005|09:05] C:\Program Files\Common Files\ InstallShield [04/08/2006|08:41] C:\Program Files\Common Files\ Intuit [11/14/2005|05:08] C:\Program Files\Common Files\ Java [02/20/2009|05:25] C:\Program Files\Common Files\ Microsoft Shared [12/13/2008|09:22] C:\Program Files\Common Files\ Motive [06/04/2005|07:19] C:\Program Files\Common Files\ MSSoap [06/14/2005|10:08] C:\Program Files\Common Files\ Nikon [06/04/2005|03:11] C:\Program Files\Common Files\ ODBC [06/06/2006|06:15] C:\Program Files\Common Files\ Scanner [06/04/2005|07:19] C:\Program Files\Common Files\ Services [06/04/2005|03:11] C:\Program Files\Common Files\ SpeechEngines [02/01/2009|09:20] C:\Program Files\Common Files\ System [12/14/2008|11:50] C:\Program Files\Common Files\ Windows Live [12/24/2008|11:27] C:\Program Files\Common Files\ WindowsLiveInstaller --------------------\ Process ( 44 Processes ) IEXPLORE.EXE ~ [PID:980] IEXPLORE.EXE ~ [PID:1224] iexplore.exe ~ [PID:320] --------------------\ Recherche avec S_Lop C:\DOCUME~1\Sharon\LOCALS~1\Temp\bis1F.exe --------------------\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.exe C:\DOCUME~1\Sharon\APPLIC~1\drawmemo C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Boob balm bone data.exe C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\gxtktvlx.exe C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\jump cash.exe C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Type bore platform.exe C:\Program Files\drawmemo C:\DOCUME~1\Sharon\LOCALS~1\Temp\NSWODYWX.emf C:\DOCUME~1\Sharon\Cookies\sharon@kidipede.advertserve[1].txt C:\DOCUME~1\Sharon\Cookies\sharon@advertising.healthguru[2].txt C:\DOCUME~1\Sharon\Cookies\sharon@bigpoint[1].txt C:\DOCUME~1\Sharon\Cookies\sharon@us1.darkorbit.bigpoint[1].txt C:\DOCUME~1\Sharon\Cookies\sharon@vegas[2].txt C:\WINDOWS\Tasks\A73DCFEA91864072.job --------------------\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "multidebug"="C:\DOCUME~1\Sharon\APPLIC~1\DrawMemo\jump cash.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Love default global mess"="C:\Documents and Settings\All Users\Application Data\great coal love default\First Readme.exe" --------------------\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 11:12:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 114 --------------------\ Recherche d'autres infections Aucune autre infection trouvée ! [F:2510][D:113]-> C:\DOCUME~1\Sharon\LOCALS~1\Temp [F:2023][D:0]-> C:\DOCUME~1\Sharon\Cookies [F:15755][D:22]-> C:\DOCUME~1\Sharon\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Fri 03/27/2009|11:15 - Option : [1] --------------------\ Fin du rapport a 11:15:14

Destrio5 · Answer

--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur) 

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

morgane · Answer

voici le log apres avoir effuctuer l'option 2 log: --------------------\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Sharon ( Administrator ) BOOT : Normal boot Antivirus : AVG Anti-Virus Free 8.0 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:49 Go) D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) E:\ (CD or DVD) F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) G:\ (USB) - FAT32 - Total:7654 Mo (Free:7 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( Fri 03/27/2009|11:35 ) \\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default\First Readme.exe Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Boob balm bone data.exe Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\gxtktvlx.exe Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\jump cash.exe Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo\Type bore platform.exe Supprime! - C:\DOCUME~1\Sharon\LOCALS~1\Temp\NSWODYWX.emf Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@kidipede.advertserve[1].txt Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@advertising.healthguru[2].txt Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@bigpoint[1].txt Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@us1.darkorbit.bigpoint[1].txt Supprime! - C:\DOCUME~1\Sharon\Cookies\sharon@vegas[2].txt Supprime! - C:\WINDOWS\Tasks\A73DCFEA91864072.job Supprime! - C:\DOCUME~1\Sharon\LOCALS~1\Temp\bis1F.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\great coal love default Supprime! - C:\DOCUME~1\Sharon\APPLIC~1\drawmemo Supprime! - C:\Program Files\drawmemo - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\ Supprime! - C:\Program Files\Viewpoint Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint \\\\\\\\\\\\\\\ --------------------\ Listing des dossiers dans APPLIC~1 [01/27/2007|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe [10/24/2006|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL [10/23/2006|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL Downloads [10/23/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ AOL OCP [12/28/2005|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple Computer [02/05/2009|05:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ avg8 [06/06/2006|06:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ CA [06/04/2005|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ CyberLink [03/26/2009|08:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Google Updater [03/16/2007|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Hewlett-Packard [04/08/2006|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Intuit [12/24/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Messenger Plus! [12/23/2008|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft [12/13/2008|09:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Motive [05/17/2006|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ nView_Profiles [06/14/2005|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ QuickTime [06/04/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ SBT [04/01/2007|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TurboTax 2006 [06/01/2006|05:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage [12/24/2008|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WLInstaller [01/01/2009|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo! [06/04/2005|07:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft [02/05/2009|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft [02/05/2009|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft [10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\ acccore [01/23/2009|01:12] C:\DOCUME~1\Sharon\APPLIC~1\ Adobe [05/22/2008|05:10] C:\DOCUME~1\Sharon\APPLIC~1\ AdobeUM [06/04/2005|08:05] C:\DOCUME~1\Sharon\APPLIC~1\ Ahead [10/23/2006|10:29] C:\DOCUME~1\Sharon\APPLIC~1\ AIMLogger [02/06/2006|06:34] C:\DOCUME~1\Sharon\APPLIC~1\ Apple Computer [08/11/2005|04:09] C:\DOCUME~1\Sharon\APPLIC~1\ ArcSoft [04/04/2006|08:54] C:\DOCUME~1\Sharon\APPLIC~1\ CyberLink [12/24/2008|12:33] C:\DOCUME~1\Sharon\APPLIC~1\ Google [12/08/2005|08:37] C:\DOCUME~1\Sharon\APPLIC~1\ Help [06/22/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\ Identities [04/01/2007|08:53] C:\DOCUME~1\Sharon\APPLIC~1\ InstallShield [03/19/2008|08:38] C:\DOCUME~1\Sharon\APPLIC~1\ Intuit [12/27/2005|11:38] C:\DOCUME~1\Sharon\APPLIC~1\ Macromedia [10/12/2006|08:28] C:\DOCUME~1\Sharon\APPLIC~1\ Media Player Classic [02/05/2009|05:25] C:\DOCUME~1\Sharon\APPLIC~1\ Microsoft [06/04/2005|07:49] C:\DOCUME~1\Sharon\APPLIC~1\ Microsoft Web Folders [12/13/2008|09:24] C:\DOCUME~1\Sharon\APPLIC~1\ Motive [06/14/2005|10:09] C:\DOCUME~1\Sharon\APPLIC~1\ Nikon [02/21/2006|06:08] C:\DOCUME~1\Sharon\APPLIC~1\ Opera [12/28/2005|09:54] C:\DOCUME~1\Sharon\APPLIC~1\ Snapfish [01/22/2006|07:23] C:\DOCUME~1\Sharon\APPLIC~1\ Sun [03/23/2009|06:54] C:\DOCUME~1\Sharon\APPLIC~1\ U3 [09/04/2005|03:20] C:\DOCUME~1\Sharon\APPLIC~1\ Xerox [01/01/2009|04:08] C:\DOCUME~1\Sharon\APPLIC~1\ Yahoo! --------------------\ Tâches planifiées dans C:\WINDOWS asks [03/27/2009 10:50 AM][--a------] C:\WINDOWS asks\Google Software Updater.job [03/27/2009 10:20 AM][--a------] C:\WINDOWS asks\GoogleUpdateTaskMachine.job [03/27/2009 10:20 AM][--ah-----] C:\WINDOWS asks\SA.DAT [08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS asks\desktop.ini --------------------\ Listing des dossiers dans C:\Program Files [12/22/2008|06:51] C:\Program Files\ Adobe [06/04/2005|08:04] C:\Program Files\ Ahead [06/26/2005|09:08] C:\Program Files\ ArcSoft [02/05/2009|05:26] C:\Program Files\ AVG [02/21/2009|03:58] C:\Program Files\ BookSmart [11/12/2008|10:09] C:\Program Files\ Britannica 2003 [06/05/2006|10:11] C:\Program Files\ CA [02/18/2009|01:01] C:\Program Files\ Circe Developement [12/24/2008|11:22] C:\Program Files\ Common Files [06/04/2005|07:18] C:\Program Files\ ComPlus Applications [12/01/2007|05:04] C:\Program Files\ CONEXANT [06/04/2005|07:48] C:\Program Files\ CREATIVE [06/04/2005|07:33] C:\Program Files\ CyberLink [07/04/2006|12:31] C:\Program Files\ eTrust [02/10/2009|10:04] C:\Program Files\ Google [03/10/2007|07:30] C:\Program Files\ Grisoft [03/16/2007|06:51] C:\Program Files\ Hewlett-Packard [03/16/2007|06:51] C:\Program Files\ HP [12/13/2008|09:24] C:\Program Files\ HughesNetTools [12/22/2008|06:48] C:\Program Files\ InstallShield Installation Information [02/11/2009|09:12] C:\Program Files\ Internet Explorer [03/17/2006|09:57] C:\Program Files\ iPod [04/08/2006|08:42] C:\Program Files\ ItsDeductible2005 [04/01/2007|09:04] C:\Program Files\ ItsDeductible2006 [03/17/2006|09:57] C:\Program Files\ iTunes [11/14/2005|05:11] C:\Program Files\ Java [12/17/2008|09:34] C:\Program Files\ Messenger [12/23/2008|04:10] C:\Program Files\ Microsoft [05/09/2007|11:22] C:\Program Files\ Microsoft CAPICOM 2.1.0.2 [06/04/2005|07:21] C:\Program Files\ microsoft frontpage [06/04/2005|07:56] C:\Program Files\ Microsoft Office [02/28/2009|10:21] C:\Program Files\ Microsoft Silverlight [02/20/2009|05:27] C:\Program Files\ Microsoft SQL Server Compact Edition [06/04/2005|07:52] C:\Program Files\ Microsoft Visual Studio [12/17/2008|09:30] C:\Program Files\ Movie Maker [12/31/2005|07:01] C:\Program Files\ MSN [06/04/2005|07:18] C:\Program Files\ MSN Gaming Zone [11/20/2006|01:42] C:\Program Files\ MSXML 4.0 [06/06/2006|06:23] C:\Program Files\ netbeans-4.1 [12/17/2008|09:27] C:\Program Files\ NetMeeting [12/01/2007|05:01] C:\Program Files\ NetWaiting [06/14/2005|10:08] C:\Program Files\ Nikon [06/04/2005|07:20] C:\Program Files\ Online Services [12/17/2008|09:27] C:\Program Files\ Outlook Express [03/13/2009|12:43] C:\Program Files\ Photo Story 3 for Windows [06/09/2008|06:32] C:\Program Files\ QuickTime [06/04/2005|07:56] C:\Program Files\ Snapshot Viewer [06/09/2008|06:29] C:\Program Files\ Tech4Learning [11/22/2007|02:11] C:\Program Files\ The Birthday Banner [03/26/2009|09:49] C:\Program Files\ Trend Micro [03/19/2008|08:27] C:\Program Files\ TurboTax [06/04/2005|07:25] C:\Program Files\ Uninstall Information [02/20/2009|05:28] C:\Program Files\ Windows Live [12/23/2008|04:10] C:\Program Files\ Windows Live SkyDrive [03/02/2009|08:14] C:\Program Files\ Windows Media Connect 2 [03/02/2009|08:17] C:\Program Files\ Windows Media Player [12/17/2008|09:27] C:\Program Files\ Windows NT [06/04/2005|07:20] C:\Program Files\ WindowsUpdate [06/04/2005|07:21] C:\Program Files\ xerox [01/01/2009|12:48] C:\Program Files\ Yahoo! [11/12/2008|10:08] C:\Program Files\ Zero G Registry --------------------\ Listing des dossiers dans C:\Program Files\Common Files [09/01/2007|04:49] C:\Program Files\Common Files\ Adobe [12/22/2008|06:52] C:\Program Files\Common Files\ Adobe Systems Shared [06/04/2005|08:02] C:\Program Files\Common Files\ Ahead [03/19/2008|08:33] C:\Program Files\Common Files\ AnswerWorks 4.0 [06/04/2005|07:52] C:\Program Files\Common Files\ Designer [06/26/2005|09:05] C:\Program Files\Common Files\ Hewlett-Packard [12/28/2005|09:05] C:\Program Files\Common Files\ InstallShield [04/08/2006|08:41] C:\Program Files\Common Files\ Intuit [11/14/2005|05:08] C:\Program Files\Common Files\ Java [02/20/2009|05:25] C:\Program Files\Common Files\ Microsoft Shared [12/13/2008|09:22] C:\Program Files\Common Files\ Motive [06/04/2005|07:19] C:\Program Files\Common Files\ MSSoap [06/14/2005|10:08] C:\Program Files\Common Files\ Nikon [06/04/2005|03:11] C:\Program Files\Common Files\ ODBC [06/06/2006|06:15] C:\Program Files\Common Files\ Scanner [06/04/2005|07:19] C:\Program Files\Common Files\ Services [06/04/2005|03:11] C:\Program Files\Common Files\ SpeechEngines [02/01/2009|09:20] C:\Program Files\Common Files\ System [12/14/2008|11:50] C:\Program Files\Common Files\ Windows Live [12/24/2008|11:27] C:\Program Files\Common Files\ WindowsLiveInstaller --------------------\ Process ( 41 Processes ) ... OK ! --------------------\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\ Verification du Registre ..... OK ! --------------------\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 11:36:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 114 --------------------\ Recherche d'autres infections Aucune autre infection trouvée ! [F:2508][D:113]-> C:\DOCUME~1\Sharon\LOCALS~1\Temp [F:2018][D:0]-> C:\DOCUME~1\Sharon\Cookies [F:15779][D:22]-> C:\DOCUME~1\Sharon\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Fri 03/27/2009|11:15 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - Fri 03/27/2009|11:38 - Option : [2] --------------------\ Fin du rapport a 11:38:22

Destrio5 · Answer

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

morgane · Answer

log1:

info.txt logfile of random's system information tool 1.06 2009-03-27 11:54:38

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9  -removeonly
ArcSoft Collage Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C93A6CFE-2C74-428B-9CFE-6EAF1BE34BFA}\setup.exe" -l0x9 
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BookSmart™ 1.9.9 1.9.9-->C:\Program Files\BookSmart\uninstall.exe
CA eTrust PestPatrol Anti-Spyware-->"C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Creative Modem Blaster PCI Value DI5652-1-->C:\Program Files\CREATIVE\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_1055148D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_1055148D
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Encyclopædia Britannica Complete Home Library-->"C:\Program Files\Britannica 2003\Complete Home Library\Uninstaller.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.53\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HP Image Zone 4.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Scanjet 4070-->C:\Program Files\HP\Digital Imaging\{7DB9BF65-46AC-4803-82AA-14EFCA927789}\setup\hpzscr01.exe -datfile hpgscr01.dat
HughesNetTools-->C:\WINDOWS\system32\h53unin.bat
ImageBlender 3-->C:\WINDOWS\unvise32.exe C:\Program Files\Tech4Learning\ImageBlender 3_Install.log
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033 
J2SE Development Kit 5.0 Update 4-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150040}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Media Player Classic fr-->"C:\Documents and Settings\Sharon\Desktop\Julien\Media Player Classic\uninstall.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Documents and Settings\Sharon\My Documents\marieswork\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead
ero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Display Driver-->C:\WINDOWS\system32
vudisp.exe Uninstall C:\WINDOWS\system32
vdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033 
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
The Birthday Banner-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Birthday Banner\DeIsL1.isu"  -c"C:\Program Files\The Birthday Banner\_ISREG32.DLL"
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_USB_ACF\UIU32c.exe -U -I*.INF
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9  -eliminate
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: SHARON-E84B59B7
Event Code: 6161
Message: The document Microsoft Word - Document in Windows Internet Explorer owned by Sharon failed to print on printer Epson Stylus COLOR 660 ESC/P 2. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 47009. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \SHARON-E84B59B7. Win32 error code returned by the print processor: 87 (0x57). 

Record Number: 27206
Source Name: Print
Time Written: 20090316094658.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SHARON-E84B59B7
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 26556
Source Name: Fastfat
Time Written: 20090310200341.000000-300
Event Type: warning
User: 

Computer Name: SHARON-E84B59B7
Event Code: 6161
Message: The document Microsoft Word - FLEX_Guidelines_QuarterlyReport__3_CL[1].doc owned by Sharon failed to print on printer Epson Stylus COLOR 660 ESC/P 2. Data type: NT EMF 1.008. Size of the spool file in bytes: 280968. Number of bytes printed: 154892. Total number of pages in the document: 3. Number of pages printed: 1. Client machine: \SHARON-E84B59B7. Win32 error code returned by the print processor: 1167 (0x48f). The device is not connected.


Record Number: 26178
Source Name: Print
Time Written: 20090306125136.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SHARON-E84B59B7
Event Code: 8
Message: Printer Epson Stylus COLOR 660 ESC/P 2 was purged.

Record Number: 26177
Source Name: Print
Time Written: 20090306125042.000000-300
Event Type: warning
User: SHARON-E84B59B7\Sharon

Computer Name: SHARON-E84B59B7
Event Code: 8
Message: Printer Epson Stylus COLOR 660 ESC/P 2 was purged.

Record Number: 26176
Source Name: Print
Time Written: 20090306125032.000000-300
Event Type: warning
User: SHARON-E84B59B7\Sharon

=====Application event log=====

Computer Name: SHARON-E84B59B7
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4779
Source Name: Application Hang
Time Written: 20081021130539.000000-240
Event Type: error
User: 

Computer Name: SHARON-E84B59B7
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4778
Source Name: Application Hang
Time Written: 20081021124953.000000-240
Event Type: error
User: 

Computer Name: SHARON-E84B59B7
Event Code: 1000
Message: Faulting application nkvbrows.exe, version 6.0.0.3005, faulting module unknown, version 0.0.0.0, fault address 0xe8ed3df0.

Record Number: 4759
Source Name: Application Error
Time Written: 20081015090427.000000-240
Event Type: error
User: 

Computer Name: SHARON-E84B59B7
Event Code: 1000
Message: Faulting application nkvbrows.exe, version 6.0.0.3005, faulting module unknown, version 0.0.0.0, fault address 0xe8ed3df0.

Record Number: 4758
Source Name: Application Error
Time Written: 20081015090347.000000-240
Event Type: error
User: 

Computer Name: SHARON-E84B59B7
Event Code: 1000
Message: Faulting application nkvbrows.exe, version 6.0.0.3005, faulting module unknown, version 0.0.0.0, fault address 0xe8ed3df0.

Record Number: 4757
Source Name: Application Error
Time Written: 20081015090211.000000-240
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------



log 2:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sharon at 2009-03-27 11:54:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (66%) free of 76 GB
Total RAM: 511 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:36 AM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\eTrust\caissdt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sharon\Local Settings\Temporary Internet Files\Content.IE5\MED2Y1IO\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Sharon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.yahoo.com/?p=us
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\eTrust\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\eTrust\caissdt.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c965e531f0fb44) (gupdate1c965e531f0fb44) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

Destrio5 · Answer

"Messenger Plus! Live & Sponsor (CiD)"
---> Voici la cause de ton infection Lop/Swizzor. La prochaine fois que tu installes Messenger Plus Live, n'installe pas le sponsor.

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:files 
C:\Program Files\Circe Developement 

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

morgane · Answer

voici le log mai en me connectan sur internet apre le reboot, une fenetre s'est ouverte.....donc ca na pa du marcher...


log:


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Circe Developement moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
 
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03272009_121600

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Destrio5 · Answer

Ça a fonctionné.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Destrio5 · Answer

Des nouvelles ?

Aider moi, fenetre intempestive CiD...

10 réponses

Discussions similaires