Win32:Swizzor[Trj] retrouvé par avast (x2)

Résolu
blandine -  
 blandine -
Bonjour,

Avast m'a trouvé 2 trojans qu'il m'a mis en quarantaine mais pourriez-vous vérifier si tout va bien en analysant ce rapport hijackthis svp. Merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:52, on 05/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\program files\mozilla firefox\firefox.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Heck Glue] C:\DOCUME~1\ADMINI~1\APPLIC~1\INFOKE~1\BOOB BIAS.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1CB5E2-D519-4E54-89C5-DB326AFFF50B}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1CB5E2-D519-4E54-89C5-DB326AFFF50B}: NameServer = 212.27.40.240,212.27.40.241
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 12903 bytes
Configuration: Windows XP
Firefox 3.0.10

17 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bonsoir,

    Il y a des infections LOP dans ton PC.
    Elles s'installent via certains programmes, dont ceux-ci :

    ● Le sponsor de Messenger Plus!
    ● Bittorent
    ● BitDownload
    ● BitGrabber
    ● NetPumper
    ● BitRoll
    ● TorrentQ
    ● Torrent101

    /!\ Fais attention de ne pas faire la même erreur, donc évite ces programmes /!\

    ▶ Télécharger et enregistrer lopSD sur le Bureau

    ▶ Double-clic Lop S&D

    ▶ Faire l'installation

    ▶ Fermer toutes les applications

    ▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau

    Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

    ▶ Taper F pour français , puis presser entrée

    ▶ Taper 1

    ▶ Presser Entrée

    ▶ Le PC va redémarrer

    * Note : si l'antivirus annonce une infection dans TEMP , l'ignorer

    ▶ Attendre l'apparition du rapport

    ▶ Copier le rapport et le coller dans la réponse

    * le rapport se trouve aussi à C:\lopR
    0
    1. blandine
       
      voici le rapport :


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
      BIOS : BIOS Date: 08/27/04 11:09:23 Ver: 08.00.09
      USER : Administrateur ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1335 [VPS 090505-0] 4.8.1335 (Activated)
      Firewall : Sunbelt Personal Firewall 4.5.916 T (Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:143 Go (Free:67 Go)
      D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
      E:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [1] ( 05/05/2009|21:56 )

      --------------------\\ Listing des dossiers dans APPLIC~1

      [21/01/2009|23:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Acreon
      [27/12/2008|20:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
      [15/10/2008|20:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
      [05/03/2007|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
      [17/10/2008|16:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Atari
      [10/01/2008|21:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
      [23/11/2007|20:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
      [19/01/2009|19:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Bioshock
      [04/07/2007|23:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\CamfrogWEB
      [13/01/2008|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
      [30/04/2009|14:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
      [18/10/2007|14:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRight
      [17/10/2007|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo
      [31/08/2007|04:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
      [26/08/2008|19:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
      [22/06/2007|21:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
      [20/08/2003|23:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [05/12/2007|16:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
      [17/03/2007|14:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
      [29/03/2007|20:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel
      [04/05/2007|20:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
      [03/07/2008|18:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
      [16/03/2007|21:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
      [10/03/2007|12:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
      [28/10/2007|20:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
      [19/01/2009|17:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
      [29/08/2008|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
      [22/11/2008|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
      [21/08/2003|03:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
      [05/12/2007|16:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
      [07/10/2008|19:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
      [31/10/2007|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
      [21/08/2003|05:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
      [28/10/2008|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\SystemRequirementsLab
      [18/04/2009|14:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
      [19/03/2007|21:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
      [11/11/2007|22:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\WhenU
      [21/08/2008|11:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search
      [23/08/2008|00:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Search
      [12/04/2008|22:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

      [27/12/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [15/10/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [15/10/2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [09/11/2007|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
      [17/01/2009|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
      [08/12/2008|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
      [31/08/2007|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [01/07/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [21/08/2003|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
      [30/04/2009|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
      [05/04/2008|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [16/02/2009|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [01/11/2007|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
      [07/03/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
      [01/04/2007|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [20/08/2003|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
      [13/03/2009|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [11/01/2008|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [25/12/2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [07/04/2007|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [10/03/2007|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
      [13/01/2008|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [22/11/2008|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

      [21/08/2003|01:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
      [20/08/2003|23:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [21/08/2003|01:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
      [20/08/2003|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [21/08/2003|03:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
      [21/08/2003|01:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [21/08/2003|05:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

      [21/08/2008|11:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [20/08/2003|23:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

      [05/05/2009 21:14][--a------] C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      [11/02/2009 09:56][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [20/08/2003 00:47][-rah-----] C:\WINDOWS\tasks\desktop.ini
      [05/05/2009 17:40][--ah-----] C:\WINDOWS\tasks\SA.DAT

      --------------------\\ Listing des dossiers dans C:\Program Files

      [05/12/2007|16:37] C:\Program Files\2K Games
      [27/12/2008|20:42] C:\Program Files\Adobe
      [07/10/2008|19:28] C:\Program Files\Ahead
      [11/01/2008|04:43] C:\Program Files\AlienGUIse
      [08/03/2007|20:48] C:\Program Files\Alwil Software
      [15/10/2008|19:56] C:\Program Files\Apple Software Update
      [05/02/2007|10:38] C:\Program Files\Arcsoft
      [16/10/2008|20:26] C:\Program Files\Atari
      [11/01/2008|00:32] C:\Program Files\ATI Technologies
      [13/04/2008|15:36] C:\Program Files\AxBx
      [09/11/2007|15:34] C:\Program Files\Azureus
      [07/04/2008|16:30] C:\Program Files\CA Yahoo! Anti-Spy
      [05/04/2008|18:22] C:\Program Files\CCleaner
      [08/12/2008|02:04] C:\Program Files\CCP
      [04/07/2007|23:23] C:\Program Files\CFWebAdvancedU_BOBTV.FR
      [04/05/2009|18:41] C:\Program Files\Circle Developement
      [13/04/2008|14:41] C:\Program Files\Common Files
      [20/08/2003|23:43] C:\Program Files\ComPlus Applications
      [02/03/2008|16:05] C:\Program Files\Creative
      [12/11/2007|15:42] C:\Program Files\DAEMON Tools
      [09/04/2008|18:17] C:\Program Files\directx
      [30/04/2009|14:35] C:\Program Files\Dofus
      [14/11/2008|21:22] C:\Program Files\Doom 3
      [22/07/2007|23:00] C:\Program Files\EA GAMES
      [17/04/2008|00:17] C:\Program Files\Easy Internet signup
      [06/04/2008|20:07] C:\Program Files\Electronic Arts
      [16/04/2009|13:27] C:\Program Files\emule
      [30/04/2009|14:18] C:\Program Files\Fichiers communs
      [23/09/2007|22:56] C:\Program Files\Foolish Entertainment
      [19/10/2008|17:57] C:\Program Files\Full Tilt Poker
      [11/01/2008|02:07] C:\Program Files\GameFace Messenger
      [12/03/2007|19:58] C:\Program Files\GameSpy
      [06/09/2007|17:24] C:\Program Files\Google
      [02/05/2007|20:57] C:\Program Files\Grisoft
      [21/08/2003|01:18] C:\Program Files\Hewlett-Packard
      [16/06/2008|15:44] C:\Program Files\Hits Collection
      [21/08/2003|01:08] C:\Program Files\HP
      [24/12/2007|20:55] C:\Program Files\id Software
      [30/04/2009|14:18] C:\Program Files\InstallShield Installation Information
      [11/01/2008|01:02] C:\Program Files\Intel
      [16/04/2009|04:31] C:\Program Files\Internet Explorer
      [21/08/2003|01:32] C:\Program Files\InterVideo
      [02/04/2009|22:27] C:\Program Files\Java
      [21/08/2003|04:03] C:\Program Files\Java Web Start
      [04/11/2007|17:09] C:\Program Files\K-Lite Codec Pack
      [12/04/2008|17:50] C:\Program Files\Konami
      [04/05/2007|20:17] C:\Program Files\Lavasoft
      [03/07/2008|18:06] C:\Program Files\LimeWire
      [16/03/2007|21:49] C:\Program Files\Logitech
      [13/04/2008|16:05] C:\Program Files\Lopxp
      [30/04/2009|13:47] C:\Program Files\ma-config.com
      [25/03/2008|21:00] C:\Program Files\Mafia
      [19/05/2007|19:03] C:\Program Files\Maxis
      [21/08/2008|11:10] C:\Program Files\Messenger
      [22/02/2009|16:40] C:\Program Files\Messenger Plus! Live
      [19/01/2009|17:47] C:\Program Files\Microsoft
      [20/08/2003|23:50] C:\Program Files\microsoft frontpage
      [27/12/2008|15:07] C:\Program Files\Microsoft Office
      [21/08/2003|01:48] C:\Program Files\Microsoft Picture It! 7
      [01/11/2007|19:50] C:\Program Files\Microsoft Platform SDK
      [27/02/2009|22:17] C:\Program Files\Microsoft Silverlight
      [13/01/2008|14:03] C:\Program Files\Microsoft SQL Server Compact Edition
      [01/11/2007|19:46] C:\Program Files\Microsoft Visual Studio .NET 2003
      [21/08/2003|01:46] C:\Program Files\Microsoft Works
      [21/08/2003|01:42] C:\Program Files\Microsoft Works Suite 2003
      [21/08/2008|10:35] C:\Program Files\Movie Maker
      [05/05/2009|21:52] C:\Program Files\Mozilla Firefox
      [17/11/2007|13:24] C:\Program Files\MSBuild
      [11/11/2008|03:03] C:\Program Files\MSECACHE
      [20/08/2003|23:43] C:\Program Files\MSN
      [20/08/2003|23:41] C:\Program Files\MSN Gaming Zone
      [25/12/2007|20:07] C:\Program Files\MSN Messenger
      [02/04/2007|18:02] C:\Program Files\MSXML 4.0
      [17/11/2007|13:26] C:\Program Files\MSXML 6.0
      [05/02/2007|01:44] C:\Program Files\Multimedia Card Reader
      [16/03/2007|22:11] C:\Program Files\MUSICMATCH
      [22/06/2007|19:55] C:\Program Files\My Company Name
      [21/08/2008|10:31] C:\Program Files\NetMeeting
      [21/08/2008|10:31] C:\Program Files\Outlook Express
      [15/10/2008|19:57] C:\Program Files\QuickTime
      [20/08/2008|17:08] C:\Program Files\Realtek
      [21/08/2003|01:33] C:\Program Files\RecordNow!
      [17/11/2007|13:20] C:\Program Files\Reference Assemblies
      [28/03/2007|16:20] C:\Program Files\Rockstar Games
      [13/01/2008|15:27] C:\Program Files\SEC
      [21/08/2003|04:06] C:\Program Files\Services en ligne
      [25/12/2007|03:55] C:\Program Files\Setup
      [03/09/2008|18:08] C:\Program Files\Sierra Entertainment
      [25/05/2007|22:56] C:\Program Files\Sophos
      [13/03/2009|20:49] C:\Program Files\Spybot - Search & Destroy
      [08/08/2008|20:23] C:\Program Files\Sun
      [03/05/2007|21:21] C:\Program Files\Sunbelt Software
      [11/01/2008|01:33] C:\Program Files\Symantec
      [28/10/2008|17:54] C:\Program Files\SystemRequirementsLab
      [13/05/2008|21:33] C:\Program Files\TeamSpeak 3
      [01/07/2007|23:23] C:\Program Files\Teamspeak2_RC2
      [12/01/2008|05:19] C:\Program Files\TeamSpeak3
      [05/05/2009|19:47] C:\Program Files\Trend Micro
      [20/08/2003|23:55] C:\Program Files\Uninstall Information
      [09/04/2008|18:02] C:\Program Files\Universal Interactive
      [19/03/2007|21:50] C:\Program Files\VideoLAN
      [25/05/2007|14:07] C:\Program Files\VirusTotalUploader
      [30/04/2009|14:18] C:\Program Files\vtplus
      [25/12/2007|17:52] C:\Program Files\WinAce
      [21/08/2008|11:08] C:\Program Files\Windows Desktop Search
      [16/02/2009|21:48] C:\Program Files\Windows Live
      [13/01/2008|14:02] C:\Program Files\Windows Live Favorites
      [10/01/2009|01:17] C:\Program Files\Windows Live Safety Center
      [16/02/2009|21:44] C:\Program Files\Windows Live Toolbar
      [21/08/2008|10:49] C:\Program Files\Windows Media Player
      [21/08/2008|10:31] C:\Program Files\Windows NT
      [11/01/2008|01:32] C:\Program Files\WindowsUpdate
      [12/04/2008|22:47] C:\Program Files\WinRAR
      [30/04/2009|16:24] C:\Program Files\WinTV
      [24/01/2009|02:57] C:\Program Files\WowCartographe
      [20/08/2003|23:50] C:\Program Files\xerox
      [12/04/2008|17:31] C:\Program Files\Xplosiv
      [06/10/2008|20:26] C:\Program Files\Yahoo!

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [27/12/2008|20:42] C:\Program Files\Fichiers communs\Adobe
      [15/10/2008|19:57] C:\Program Files\Fichiers communs\Apple
      [22/06/2007|19:50] C:\Program Files\Fichiers communs\ATI Technologies
      [17/01/2009|18:55] C:\Program Files\Fichiers communs\Blizzard Entertainment
      [30/04/2009|14:09] C:\Program Files\Fichiers communs\Creative Labs Shared
      [21/08/2003|01:45] C:\Program Files\Fichiers communs\Designer
      [21/08/2003|01:04] C:\Program Files\Fichiers communs\HP
      [21/08/2003|03:54] C:\Program Files\Fichiers communs\InstallShield
      [30/04/2009|14:18] C:\Program Files\Fichiers communs\IviSDK
      [14/10/2007|02:04] C:\Program Files\Fichiers communs\Java
      [16/03/2007|21:48] C:\Program Files\Fichiers communs\Logitech
      [27/12/2008|15:07] C:\Program Files\Fichiers communs\Microsoft Shared
      [20/08/2003|23:45] C:\Program Files\Fichiers communs\MSSoap
      [21/08/2003|00:37] C:\Program Files\Fichiers communs\ODBC
      [16/10/2008|20:38] C:\Program Files\Fichiers communs\PocketSoft
      [07/04/2008|16:28] C:\Program Files\Fichiers communs\Scanner
      [20/08/2003|23:45] C:\Program Files\Fichiers communs\Services
      [21/08/2003|01:33] C:\Program Files\Fichiers communs\Sonic
      [21/08/2003|00:37] C:\Program Files\Fichiers communs\SpeechEngines
      [03/11/2007|06:13] C:\Program Files\Fichiers communs\Stardock
      [11/01/2008|01:33] C:\Program Files\Fichiers communs\Symantec Shared
      [21/08/2008|10:31] C:\Program Files\Fichiers communs\System
      [19/01/2009|00:48] C:\Program Files\Fichiers communs\Windows Live
      [25/12/2007|20:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

      --------------------\\ Process

      ( 68 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj7F.tmp
      C:\Program Files\Circle Developement

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 10476 [ 70 ## added by CiD ]

      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-05 22:00:54
      Windows 5.1.2600 Service Pack 3 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 9

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:383][D:65]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
      [F:26][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
      [F:869][D:9]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 05/05/2009|22:03 - Option : [1]

      --------------------\\ Fin du rapport a 22:03:30
      0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ▶ Relance Lop S&D

    ▶ Choisis cette fois-ci l'option 3 (Suppression - hosts)

    ▶ Ne ferme pas la fenêtre lors de la suppression !

    ▶ Poste le rapport généré (C:\lopR.txt)

    * (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    0
    1. blandine
       
      Voici le nouveau rapport :


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
      BIOS : BIOS Date: 08/27/04 11:09:23 Ver: 08.00.09
      USER : Administrateur ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1335 [VPS 090505-0] 4.8.1335 (Activated)
      Firewall : Sunbelt Personal Firewall 4.5.916 T (Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:143 Go (Free:67 Go)
      D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
      E:\ (CD or DVD)
      F:\ (USB)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)

      "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
      Option : [3] ( 05/05/2009|22:46 )


      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

      Supprime! - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj7F.tmp
      Supprime! - C:\Program Files\Circle Developement

      \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


      --------------------\\ Listing des dossiers dans APPLIC~1

      [21/01/2009|23:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Acreon
      [27/12/2008|20:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
      [15/10/2008|20:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
      [05/03/2007|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
      [17/10/2008|16:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Atari
      [10/01/2008|21:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
      [23/11/2007|20:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
      [19/01/2009|19:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\Bioshock
      [04/07/2007|23:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\CamfrogWEB
      [13/01/2008|21:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
      [30/04/2009|14:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
      [18/10/2007|14:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRight
      [17/10/2007|20:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\GetRightToGo
      [31/08/2007|04:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
      [26/08/2008|19:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
      [22/06/2007|21:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
      [20/08/2003|23:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
      [05/12/2007|16:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
      [17/03/2007|14:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
      [29/03/2007|20:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel
      [04/05/2007|20:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
      [03/07/2008|18:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
      [16/03/2007|21:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
      [10/03/2007|12:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
      [28/10/2007|20:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
      [19/01/2009|17:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
      [29/08/2008|21:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
      [22/11/2008|02:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
      [21/08/2003|03:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
      [05/12/2007|16:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
      [07/10/2008|19:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
      [31/10/2007|17:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
      [21/08/2003|05:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
      [28/10/2008|17:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\SystemRequirementsLab
      [18/04/2009|14:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
      [19/03/2007|21:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
      [11/11/2007|22:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\WhenU
      [21/08/2008|11:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Desktop Search
      [23/08/2008|00:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Windows Search
      [12/04/2008|22:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

      [27/12/2008|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [15/10/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [15/10/2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [09/11/2007|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
      [17/01/2009|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
      [08/12/2008|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
      [31/08/2007|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [01/07/2007|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
      [21/08/2003|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
      [30/04/2009|13:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
      [05/04/2008|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      [16/02/2009|21:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [01/11/2007|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
      [07/03/2007|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
      [01/04/2007|23:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
      [20/08/2003|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
      [13/03/2009|20:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
      [11/01/2008|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
      [25/12/2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [07/04/2007|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [10/03/2007|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
      [13/01/2008|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [22/11/2008|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

      [21/08/2003|01:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
      [20/08/2003|23:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
      [21/08/2003|01:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
      [20/08/2003|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
      [21/08/2003|03:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
      [21/08/2003|01:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
      [21/08/2003|05:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

      [21/08/2008|11:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [20/08/2003|23:53] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

      [05/05/2009 22:14][--a------] C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      [11/02/2009 09:56][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [20/08/2003 00:47][-rah-----] C:\WINDOWS\tasks\desktop.ini
      [05/05/2009 17:40][--ah-----] C:\WINDOWS\tasks\SA.DAT

      --------------------\\ Listing des dossiers dans C:\Program Files

      [05/12/2007|16:37] C:\Program Files\2K Games
      [27/12/2008|20:42] C:\Program Files\Adobe
      [07/10/2008|19:28] C:\Program Files\Ahead
      [11/01/2008|04:43] C:\Program Files\AlienGUIse
      [08/03/2007|20:48] C:\Program Files\Alwil Software
      [15/10/2008|19:56] C:\Program Files\Apple Software Update
      [05/02/2007|10:38] C:\Program Files\Arcsoft
      [16/10/2008|20:26] C:\Program Files\Atari
      [11/01/2008|00:32] C:\Program Files\ATI Technologies
      [13/04/2008|15:36] C:\Program Files\AxBx
      [09/11/2007|15:34] C:\Program Files\Azureus
      [07/04/2008|16:30] C:\Program Files\CA Yahoo! Anti-Spy
      [05/04/2008|18:22] C:\Program Files\CCleaner
      [08/12/2008|02:04] C:\Program Files\CCP
      [04/07/2007|23:23] C:\Program Files\CFWebAdvancedU_BOBTV.FR
      [13/04/2008|14:41] C:\Program Files\Common Files
      [20/08/2003|23:43] C:\Program Files\ComPlus Applications
      [02/03/2008|16:05] C:\Program Files\Creative
      [12/11/2007|15:42] C:\Program Files\DAEMON Tools
      [09/04/2008|18:17] C:\Program Files\directx
      [30/04/2009|14:35] C:\Program Files\Dofus
      [14/11/2008|21:22] C:\Program Files\Doom 3
      [22/07/2007|23:00] C:\Program Files\EA GAMES
      [17/04/2008|00:17] C:\Program Files\Easy Internet signup
      [06/04/2008|20:07] C:\Program Files\Electronic Arts
      [16/04/2009|13:27] C:\Program Files\emule
      [30/04/2009|14:18] C:\Program Files\Fichiers communs
      [23/09/2007|22:56] C:\Program Files\Foolish Entertainment
      [19/10/2008|17:57] C:\Program Files\Full Tilt Poker
      [11/01/2008|02:07] C:\Program Files\GameFace Messenger
      [12/03/2007|19:58] C:\Program Files\GameSpy
      [06/09/2007|17:24] C:\Program Files\Google
      [02/05/2007|20:57] C:\Program Files\Grisoft
      [21/08/2003|01:18] C:\Program Files\Hewlett-Packard
      [16/06/2008|15:44] C:\Program Files\Hits Collection
      [21/08/2003|01:08] C:\Program Files\HP
      [24/12/2007|20:55] C:\Program Files\id Software
      [30/04/2009|14:18] C:\Program Files\InstallShield Installation Information
      [11/01/2008|01:02] C:\Program Files\Intel
      [16/04/2009|04:31] C:\Program Files\Internet Explorer
      [21/08/2003|01:32] C:\Program Files\InterVideo
      [02/04/2009|22:27] C:\Program Files\Java
      [21/08/2003|04:03] C:\Program Files\Java Web Start
      [04/11/2007|17:09] C:\Program Files\K-Lite Codec Pack
      [12/04/2008|17:50] C:\Program Files\Konami
      [04/05/2007|20:17] C:\Program Files\Lavasoft
      [03/07/2008|18:06] C:\Program Files\LimeWire
      [16/03/2007|21:49] C:\Program Files\Logitech
      [13/04/2008|16:05] C:\Program Files\Lopxp
      [30/04/2009|13:47] C:\Program Files\ma-config.com
      [25/03/2008|21:00] C:\Program Files\Mafia
      [19/05/2007|19:03] C:\Program Files\Maxis
      [21/08/2008|11:10] C:\Program Files\Messenger
      [22/02/2009|16:40] C:\Program Files\Messenger Plus! Live
      [19/01/2009|17:47] C:\Program Files\Microsoft
      [20/08/2003|23:50] C:\Program Files\microsoft frontpage
      [27/12/2008|15:07] C:\Program Files\Microsoft Office
      [21/08/2003|01:48] C:\Program Files\Microsoft Picture It! 7
      [01/11/2007|19:50] C:\Program Files\Microsoft Platform SDK
      [27/02/2009|22:17] C:\Program Files\Microsoft Silverlight
      [13/01/2008|14:03] C:\Program Files\Microsoft SQL Server Compact Edition
      [01/11/2007|19:46] C:\Program Files\Microsoft Visual Studio .NET 2003
      [21/08/2003|01:46] C:\Program Files\Microsoft Works
      [21/08/2003|01:42] C:\Program Files\Microsoft Works Suite 2003
      [21/08/2008|10:35] C:\Program Files\Movie Maker
      [05/05/2009|22:40] C:\Program Files\Mozilla Firefox
      [17/11/2007|13:24] C:\Program Files\MSBuild
      [11/11/2008|03:03] C:\Program Files\MSECACHE
      [20/08/2003|23:43] C:\Program Files\MSN
      [20/08/2003|23:41] C:\Program Files\MSN Gaming Zone
      [25/12/2007|20:07] C:\Program Files\MSN Messenger
      [02/04/2007|18:02] C:\Program Files\MSXML 4.0
      [17/11/2007|13:26] C:\Program Files\MSXML 6.0
      [05/02/2007|01:44] C:\Program Files\Multimedia Card Reader
      [16/03/2007|22:11] C:\Program Files\MUSICMATCH
      [22/06/2007|19:55] C:\Program Files\My Company Name
      [21/08/2008|10:31] C:\Program Files\NetMeeting
      [21/08/2008|10:31] C:\Program Files\Outlook Express
      [15/10/2008|19:57] C:\Program Files\QuickTime
      [20/08/2008|17:08] C:\Program Files\Realtek
      [21/08/2003|01:33] C:\Program Files\RecordNow!
      [17/11/2007|13:20] C:\Program Files\Reference Assemblies
      [28/03/2007|16:20] C:\Program Files\Rockstar Games
      [13/01/2008|15:27] C:\Program Files\SEC
      [21/08/2003|04:06] C:\Program Files\Services en ligne
      [25/12/2007|03:55] C:\Program Files\Setup
      [03/09/2008|18:08] C:\Program Files\Sierra Entertainment
      [25/05/2007|22:56] C:\Program Files\Sophos
      [13/03/2009|20:49] C:\Program Files\Spybot - Search & Destroy
      [08/08/2008|20:23] C:\Program Files\Sun
      [03/05/2007|21:21] C:\Program Files\Sunbelt Software
      [11/01/2008|01:33] C:\Program Files\Symantec
      [28/10/2008|17:54] C:\Program Files\SystemRequirementsLab
      [13/05/2008|21:33] C:\Program Files\TeamSpeak 3
      [01/07/2007|23:23] C:\Program Files\Teamspeak2_RC2
      [12/01/2008|05:19] C:\Program Files\TeamSpeak3
      [05/05/2009|19:47] C:\Program Files\Trend Micro
      [20/08/2003|23:55] C:\Program Files\Uninstall Information
      [09/04/2008|18:02] C:\Program Files\Universal Interactive
      [19/03/2007|21:50] C:\Program Files\VideoLAN
      [25/05/2007|14:07] C:\Program Files\VirusTotalUploader
      [30/04/2009|14:18] C:\Program Files\vtplus
      [25/12/2007|17:52] C:\Program Files\WinAce
      [21/08/2008|11:08] C:\Program Files\Windows Desktop Search
      [16/02/2009|21:48] C:\Program Files\Windows Live
      [13/01/2008|14:02] C:\Program Files\Windows Live Favorites
      [10/01/2009|01:17] C:\Program Files\Windows Live Safety Center
      [16/02/2009|21:44] C:\Program Files\Windows Live Toolbar
      [21/08/2008|10:49] C:\Program Files\Windows Media Player
      [21/08/2008|10:31] C:\Program Files\Windows NT
      [11/01/2008|01:32] C:\Program Files\WindowsUpdate
      [12/04/2008|22:47] C:\Program Files\WinRAR
      [30/04/2009|16:24] C:\Program Files\WinTV
      [24/01/2009|02:57] C:\Program Files\WowCartographe
      [20/08/2003|23:50] C:\Program Files\xerox
      [12/04/2008|17:31] C:\Program Files\Xplosiv
      [06/10/2008|20:26] C:\Program Files\Yahoo!

      --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

      [27/12/2008|20:42] C:\Program Files\Fichiers communs\Adobe
      [15/10/2008|19:57] C:\Program Files\Fichiers communs\Apple
      [22/06/2007|19:50] C:\Program Files\Fichiers communs\ATI Technologies
      [17/01/2009|18:55] C:\Program Files\Fichiers communs\Blizzard Entertainment
      [30/04/2009|14:09] C:\Program Files\Fichiers communs\Creative Labs Shared
      [21/08/2003|01:45] C:\Program Files\Fichiers communs\Designer
      [21/08/2003|01:04] C:\Program Files\Fichiers communs\HP
      [21/08/2003|03:54] C:\Program Files\Fichiers communs\InstallShield
      [30/04/2009|14:18] C:\Program Files\Fichiers communs\IviSDK
      [14/10/2007|02:04] C:\Program Files\Fichiers communs\Java
      [16/03/2007|21:48] C:\Program Files\Fichiers communs\Logitech
      [27/12/2008|15:07] C:\Program Files\Fichiers communs\Microsoft Shared
      [20/08/2003|23:45] C:\Program Files\Fichiers communs\MSSoap
      [21/08/2003|00:37] C:\Program Files\Fichiers communs\ODBC
      [16/10/2008|20:38] C:\Program Files\Fichiers communs\PocketSoft
      [07/04/2008|16:28] C:\Program Files\Fichiers communs\Scanner
      [20/08/2003|23:45] C:\Program Files\Fichiers communs\Services
      [21/08/2003|01:33] C:\Program Files\Fichiers communs\Sonic
      [21/08/2003|00:37] C:\Program Files\Fichiers communs\SpeechEngines
      [03/11/2007|06:13] C:\Program Files\Fichiers communs\Stardock
      [11/01/2008|01:33] C:\Program Files\Fichiers communs\Symantec Shared
      [21/08/2008|10:31] C:\Program Files\Fichiers communs\System
      [19/01/2009|00:48] C:\Program Files\Fichiers communs\Windows Live
      [25/12/2007|20:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller

      --------------------\\ Process

      ( 66 Processes )

      ... OK !

      --------------------\\ Recherche avec S_Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Recherche de Fichiers / Dossiers Lop

      Aucun fichier / dossier Lop trouvé !

      --------------------\\ Verification du Registre

      ..... OK !

      --------------------\\ Verification du fichier Hosts

      Fichier Hosts MODIFIE

      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD
      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
      127.0.0.1 download.errorsafe.com ## added by CiD
      127.0.0.1 download.systemdoctor.com ## added by CiD
      127.0.0.1 download.winantispyware.com ## added by CiD
      127.0.0.1 download.windrivecleaner.com ## added by CiD
      127.0.0.1 download.winfixer.com ## added by CiD
      127.0.0.1 drivecleaner.com ## added by CiD
      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
      127.0.0.1 errorprotector.com ## added by CiD
      127.0.0.1 errorsafe.com ## added by CiD
      127.0.0.1 es.winantivirus.com ## added by CiD
      127.0.0.1 fr.winantivirus.com ## added by CiD
      127.0.0.1 fr.winfixer.com ## added by CiD
      127.0.0.1 go.drivecleaner.com ## added by CiD
      127.0.0.1 go.errorsafe.com ## added by CiD
      127.0.0.1 go.winantispyware.com ## added by CiD
      127.0.0.1 go.winantivirus.com ## added by CiD
      127.0.0.1 hk.winantivirus.com ## added by CiD
      127.0.0.1 instlog.errorsafe.com ## added by CiD
      127.0.0.1 instlog.winantivirus.com ## added by CiD
      127.0.0.1 instlog.winfixer.com ## added by CiD
      127.0.0.1 jsp.drivecleaner.com ## added by CiD
      127.0.0.1 kb.errorsafe.com ## added by CiD
      127.0.0.1 kb.winantivirus.com ## added by CiD
      127.0.0.1 nl.errorsafe.com ## added by CiD
      127.0.0.1 se.errorsafe.com ## added by CiD
      127.0.0.1 secure.drivecleaner.com ## added by CiD
      127.0.0.1 secure.errorsafe.com ## added by CiD
      127.0.0.1 secure.winantispam.com ## added by CiD
      127.0.0.1 secure.winantispy.com ## added by CiD
      127.0.0.1 secure.winantivirus.com ## added by CiD
      127.0.0.1 support.winantivirus.com ## added by CiD
      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
      127.0.0.1 ulog.winantivirus.com ## added by CiD
      127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
      127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
      127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
      127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
      127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
      127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
      127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

      -> 10476 [ 70 ## added by CiD ]

      --------------------\\ Recherche de fichiers avec Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-05 22:51:47
      Windows 5.1.2600 Service Pack 3 NTFS
      scanning hidden processes ...
      scanning hidden files ...
      scan completed successfully
      hidden processes: 0
      hidden files: 9

      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [F:383][D:66]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
      [F:26][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
      [F:869][D:9]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 05/05/2009|22:03 - Option : [1]
      2 - "C:\Lop SD\LopR_2.txt" - 05/05/2009|22:53 - Option : [3]

      --------------------\\ Fin du rapport a 22:53:59
      0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Ok maintenant fais ceci stp :

    ▶ Télécharge malwarebyte's anti-malware

    ▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.

    ▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

    ▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

    ▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

    ▶ L'analyse peut durer un bon moment.....

    ▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

    ▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

    ▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

    * Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC...
    Faites le en cliquant sur "oui" à la question posée
    0
    1. blandine
       
      voici le rapport de malwarebytes :

      Malwarebytes' Anti-Malware 1.36
      Version de la base de données: 2079
      Windows 5.1.2600 Service Pack 3

      06/05/2009 00:44:56
      mbam-log-2009-05-06 (00-44-56).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 260275
      Temps écoulé: 1 hour(s), 5 minute(s), 26 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 6
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Très bien maintenant fais ceci stp :

    ▶ Télécharge Random's System Information Tool (RSIT).

    ▶ Un tutoriel sera à ta disposition sur mon site web pour l'installer et l'utiliser correctement.

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur 'Continue' à l'écran Disclaimer.

    ▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.

    ( C:\RSIT\log.txt et C:\RSIT\info.txt )

    CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
    0
    1. blandine
       
      voici les 2 rapports RSIT demandés :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2009-05-06 18:43:42
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 69 GB (47%) free of 147 GB
      Total RAM: 1535 MB (50% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:44:00, on 06/05/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\AlienGUIse\wbload.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\CTsvcCDA.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\ehome\ehSched.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Logitech\SetPoint\KEM.exe
      C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\System32\rsvp.exe
      C:\program files\mozilla firefox\firefox.exe
      C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Heck Glue] C:\DOCUME~1\ADMINI~1\APPLIC~1\INFOKE~1\BOOB BIAS.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
      O4 - Startup: NaturalColorLoad.lnk = ?
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
      O4 - Global Startup: NaturalColorLoad.lnk = ?
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1CB5E2-D519-4E54-89C5-DB326AFFF50B}: NameServer = 212.27.40.240,212.27.40.241
      O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1CB5E2-D519-4E54-89C5-DB326AFFF50B}: NameServer = 212.27.40.240,212.27.40.241
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
      O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bonjour,

    le rapport log.txt est incomplet car les rapports sont trop long...

    Pourrais-tu me renvoyer le rapport log.txt stp ??

    Il se trouve là : C:\RSIT\log.txt
    0
    1. blandine
       
      Le voici :

      info.txt logfile of random's system information tool 1.06 2009-05-06 18:44:05

      ======Uninstall list======

      -->"C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S /L:FRN
      -->"C:\Program Files\Creative\SBAudigy2ZS\Program\SETUP.EXE" /S /U /W /L:FRN
      -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
      -->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
      -->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
      -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
      AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
      Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
      Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
      ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x40c
      Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
      ASUS Utilities-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1036
      ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
      ATI Catalyst Control Center-->MsiExec.exe /I{B9EEA623-5396-4489-B542-6E6606286DD6}
      ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
      ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
      avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
      AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
      AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
      Battlefield 2142-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x40c -removeonly
      BF2142 1.40 Clan mod v 3.0-->C:\Program Files\Electronic Arts\Battlefield 2142\Uninstall_clanmod.exe
      BF2142 1.50 Clan mod v 3.02-->C:\Program Files\Electronic Arts\Battlefield 2142\Uninstall_clanmod.exe
      BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x040c -removeonly
      CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
      CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
      Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A}
      Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036
      Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
      Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      Creative Audio Console-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove
      Creative Audio Console-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c /remove
      Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
      Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x40c /remove
      Démonstration Mise en route-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x40c
      Dofus 1.27.0-->C:\Program Files\Dofus\uninstall.exe
      EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
      EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
      eMule-->"C:\Program Files\eMule\Uninstall.exe"
      EVE-ONLINE (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
      Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
      Hauppauge French Help Files and Resources-->C:\PROGRA~1\WinTV\UNHLPfra.EXE C:\PROGRA~1\WinTV\WTV2Kfra.LOG
      Hauppauge WinTV Radio-->C:\PROGRA~1\WinTV\UNrad32.EXE C:\PROGRA~1\WinTV\RADIO32.LOG
      Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log
      Hauppauge WinTV-->C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG
      HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
      Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
      HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
      HP Photo & Imaging 3.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
      HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
      HP Software Update-->MsiExec.exe /X{C05E10AC-BD86-4564-9D16-EF11D7314FB2}
      HPImageZone-->MsiExec.exe /X{11946FA8-329A-4DDF-B867-A32781FED8EE}
      Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
      InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
      InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
      Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
      Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
      Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
      Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
      Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
      KBD-->C:\HP\KBD\KBD.EXE uninstalled
      LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
      LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
      Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
      Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
      Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
      Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
      Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
      Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
      Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
      Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
      Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
      Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
      Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
      Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
      Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
      Mozilla Firefox (3.0.10)-->C:\program files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      Multi Virus Cleaner 2008-->"C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe"
      Multimedia Card Reader-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E05895C5-FE97-4334-8D73-B0089FD07CE3}
      Natural Color-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
      Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
      OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
      Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
      Pilotes Canon MP-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F8C6D9-5B55-486A-A322-4E8D87670031}\Setup.exe" -l0x40c -Uninstall
      PS2-->C:\WINDOWS\system32\ps2.exe uninstall
      Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
      Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
      QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
      Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
      REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly
      RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
      RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x40c
      Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
      Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
      SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
      Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
      Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x40c
      Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
      Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
      Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
      System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
      TeamSpeak 3-->C:\Program Files\TeamSpeak 3\uninstall.exe
      TimeShift-->C:\Program Files\InstallShield Installation Information\{1367FA2F-2B3D-430F-872F-588B93420BFC}\setup.exe -runfromtemp -l0x040c -removeonly
      VTPlus32 pour WinTV (French)-->C:\PROGRA~1\vtplus\UNVTplus.exe C:\PROGRA~1\vtplus\VTPlus.LOG
      Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
      Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
      Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
      Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
      Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
      Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
      Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
      Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
      Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
      Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
      Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
      Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
      World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
      Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe
      XviD MPEG-4 Video Codec-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
      Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

      ======Hosts File======

      127.0.0.1 localhost
      127.0.0.1 bin.errorprotector.com ## added by CiD
      127.0.0.1 br.errorsafe.com ## added by CiD
      127.0.0.1 br.winantivirus.com ## added by CiD
      127.0.0.1 br.winfixer.com ## added by CiD
      127.0.0.1 cdn.drivecleaner.com ## added by CiD
      127.0.0.1 cdn.errorsafe.com ## added by CiD
      127.0.0.1 cdn.winsoftware.com ## added by CiD
      127.0.0.1 de.errorsafe.com ## added by CiD
      127.0.0.1 de.winantivirus.com ## added by CiD

      ======Security center information======

      AV: avast! antivirus 4.8.1335 [VPS 090505-0]
      FW: Sunbelt Personal Firewall

      ======System event log======

      Computer Name: ORDI-DAMIEN
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

      Record Number: 30802
      Source Name: Service Control Manager
      Time Written: 20090321232939.000000+060
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: ORDI-DAMIEN
      Event Code: 7036
      Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

      Record Number: 30801
      Source Name: Service Control Manager
      Time Written: 20090321164642.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 7036
      Message: Le service Carte de performance WMI est entré dans l'état : arrêté.

      Record Number: 30800
      Source Name: Service Control Manager
      Time Written: 20090321164641.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 7036
      Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

      Record Number: 30799
      Source Name: Service Control Manager
      Time Written: 20090321164640.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

      Record Number: 30798
      Source Name: Service Control Manager
      Time Written: 20090321164640.000000+060
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      =====Application event log=====

      Computer Name: ORDI-DAMIEN
      Event Code: 105
      Message: The service was started.

      Record Number: 8148
      Source Name: Creative Service for CDROM Access
      Time Written: 20090129090033.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 101
      Message: MsnMsgr (1236) Le moteur de base de données est arrêté.

      Record Number: 8147
      Source Name: ESENT
      Time Written: 20090128172916.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 103
      Message: MsnMsgr (1236) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\sebastien.t.95@hotmail.fr\SharingMetadata\Working\database_400C_A599_CA5_8B0C\dfsr.db: Le moteur de base de données a arrêté une instance (0).

      Record Number: 8146
      Source Name: ESENT
      Time Written: 20090128172916.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 302
      Message: MsnMsgr (1236) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\sebastien.t.95@hotmail.fr\SharingMetadata\Working\database_400C_A599_CA5_8B0C\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

      Record Number: 8145
      Source Name: ESENT
      Time Written: 20090128151254.000000+060
      Event Type: Informations
      User:

      Computer Name: ORDI-DAMIEN
      Event Code: 301
      Message: MsnMsgr (1236) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\sebastien.t.95@hotmail.fr\SharingMetadata\Working\database_400C_A599_CA5_8B0C\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\sebastien.t.95@hotmail.fr\SharingMetadata\Working\database_400C_A599_CA5_8B0C\fsr.log.

      Record Number: 8144
      Source Name: ESENT
      Time Written: 20090128151253.000000+060
      Event Type: Informations
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
      "windir"=%SystemRoot%
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=15
      "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
      "PROCESSOR_REVISION"=0209
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "FP_NO_HOST_CHECK"=NO
      "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
      "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

      -----------------EOF-----------------
      0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ▶ Télécharge Combofix de sUBs

    ▶ et enregistre le sur le Bureau.

    ▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Je te conseille d'installer la console de récupération !!

    ensuite envois le rapport stp
    0
    1. blandine
       
      rapport :

      ComboFix 09-05-05.05 - Administrateur 06/05/2009 20:13.3 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.887 [GMT 2:00]
      Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Mes fichiers reçus\ComboFix.exe
      AV: avast! antivirus 4.8.1335 [VPS 090505-0] *On-access scanning disabled* (Updated)
      FW: Sunbelt Personal Firewall *enabled*
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\patch.exe
      C:\xcrashdump.dat

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-06 au 2009-05-06 ))))))))))))))))))))))))))))))))))))
      .

      2009-05-06 16:43 . 2009-05-06 16:44 -------- d-----w C:\rsit
      2009-05-05 21:34 . 2009-05-05 21:34 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
      2009-05-05 21:34 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-05-05 21:34 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-05-05 21:34 . 2009-05-05 21:34 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-05-05 21:34 . 2009-05-05 21:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2009-05-05 19:54 . 2009-05-05 20:53 -------- d-----w C:\Lop SD
      2009-04-30 12:18 . 2009-04-30 12:18 -------- d-----w c:\program files\vtplus
      2009-04-30 12:18 . 2009-04-30 12:18 -------- d-----w c:\program files\Fichiers communs\IviSDK
      2009-04-30 12:18 . 2006-05-08 07:55 28672 ----a-w c:\windows\system32\hcwsched.dll
      2009-04-30 12:18 . 2006-01-25 15:38 69632 ----a-w c:\windows\system32\3DES.dll
      2009-04-30 12:17 . 2006-05-08 07:54 65536 ----a-w c:\windows\system32\dmcrypto.dll
      2009-04-30 12:16 . 2009-04-30 14:21 -------- d-----w C:\MyVideos
      2009-04-30 12:16 . 2004-01-26 12:49 90190 ----a-w c:\windows\system32\Bt848WST.DLL
      2009-04-30 12:16 . 2008-03-26 12:54 30720 ----a-w c:\windows\system32\hcwWinTVCI.dll
      2009-04-30 12:16 . 2008-05-29 15:00 806985 ------w c:\windows\system32\hcwtvwnd.dll
      2009-04-30 12:16 . 2008-04-22 12:53 163840 ----a-w c:\windows\system32\hcwChDB.dll
      2009-04-30 12:16 . 2008-03-20 15:50 282680 ------w c:\windows\system32\hcwpnp32.dll
      2009-04-30 12:16 . 1999-04-27 14:26 11264 ----a-w c:\windows\system32\hcwhook.dll
      2009-04-30 12:16 . 2008-03-11 17:36 106552 ----a-w c:\windows\system32\hcwi2c32.dll
      2009-04-30 12:16 . 2004-12-20 10:11 213050 ----a-w c:\windows\system32\hcwChan.dll
      2009-04-30 12:16 . 2003-11-07 10:45 106559 ----a-w c:\windows\system32\hcwTVDlg.dll
      2009-04-30 12:15 . 2001-07-19 06:44 393216 ----a-w c:\windows\system32\hcwsnbd9.dll
      2009-04-30 12:15 . 2009-04-30 14:24 -------- d-----w c:\program files\WinTV
      2009-04-30 12:12 . 2002-09-23 17:11 40960 ----a-w c:\windows\system32\hcwXDS.dll
      2009-04-30 12:12 . 2009-04-30 12:12 -------- d-----w C:\Hauppauge
      2009-04-30 12:09 . 2009-04-30 12:09 -------- d-----w c:\program files\Fichiers communs\Creative Labs Shared
      2009-04-16 00:32 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
      2009-04-16 00:32 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
      2009-04-16 00:32 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
      2009-04-16 00:32 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
      2009-04-16 00:32 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
      2009-04-16 00:32 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
      2009-04-16 00:32 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
      2009-04-16 00:32 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
      2009-04-16 00:32 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
      2009-04-16 00:27 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
      2009-04-16 00:24 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-05-05 17:47 . 2007-10-28 14:49 -------- d-----w c:\program files\Trend Micro
      2009-05-02 17:35 . 2008-04-06 19:08 137992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
      2009-05-02 17:29 . 2008-04-06 19:07 201816 ----a-w c:\windows\system32\PnkBstrB.exe
      2009-04-30 12:35 . 2008-07-12 16:56 -------- d-----w c:\program files\Dofus
      2009-04-30 12:18 . 2003-08-20 23:32 -------- d--h--w c:\program files\InstallShield Installation Information
      2009-04-30 12:08 . 2008-08-20 14:26 444952 ----a-w c:\windows\system32\wrap_oal.dll
      2009-04-30 12:08 . 2008-01-12 00:17 109080 ----a-w c:\windows\system32\OpenAL32.dll
      2009-04-30 11:47 . 2008-08-20 14:11 -------- d-----w c:\program files\ma-config.com
      2009-04-30 11:47 . 2008-08-20 14:11 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
      2009-04-16 18:28 . 2003-08-21 06:32 73366 ----a-w c:\windows\system32\perfc00C.dat
      2009-04-16 18:28 . 2003-08-21 06:32 469070 ----a-w c:\windows\system32\perfh00C.dat
      2009-04-16 11:27 . 2007-03-08 19:06 -------- d-----w c:\program files\emule
      2009-04-02 20:27 . 2003-08-21 02:03 -------- d-----w c:\program files\Java
      2009-03-28 20:59 . 2008-02-22 18:28 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
      2009-03-13 18:49 . 2007-05-04 18:30 -------- d-----w c:\program files\Spybot - Search & Destroy
      2009-03-09 03:19 . 2008-12-04 18:15 410984 ----a-w c:\windows\system32\deploytk.dll
      2009-03-06 14:20 . 2003-08-21 06:31 286720 ----a-w c:\windows\system32\pdh.dll
      2009-03-04 12:47 . 2009-03-04 12:47 15896 ----a-w c:\windows\system32\drivers\pfmodnt.sys
      2009-03-04 12:46 . 2009-03-04 12:46 189464 ----a-w c:\windows\system32\drivers\haP17v2k.sys
      2009-03-04 12:46 . 2009-03-04 12:46 162840 ----a-w c:\windows\system32\drivers\haP16v2k.sys
      2009-03-04 12:46 . 2009-03-04 12:46 798744 ----a-w c:\windows\system32\drivers\ha10kx2k.sys
      2009-03-04 12:46 . 2009-03-04 12:46 92696 ----a-w c:\windows\system32\drivers\emupia2k.sys
      2009-03-04 12:46 . 2009-03-04 12:46 157208 ----a-w c:\windows\system32\drivers\ctsfm2k.sys
      2009-03-04 12:45 . 2009-03-04 12:45 14360 ----a-w c:\windows\system32\drivers\ctprxy2k.sys
      2009-03-04 12:45 . 2009-03-04 12:45 127512 ----a-w c:\windows\system32\drivers\ctoss2k.sys
      2009-03-04 12:45 . 2009-03-04 12:45 1395992 ----a-w c:\windows\system32\drivers\CTMMFILT.SYS
      2009-03-04 12:45 . 2009-03-04 12:45 18840 ----a-w c:\windows\system32\drivers\CTGAME.SYS
      2009-03-04 12:44 . 2009-03-04 12:44 347080 ----a-w c:\windows\system32\drivers\ctdvda2k.sys
      2009-03-04 12:44 . 2009-03-04 12:44 528408 ----a-w c:\windows\system32\drivers\ctaud2k.sys
      2009-03-04 12:44 . 2009-03-04 12:44 511000 ----a-w c:\windows\system32\drivers\ctac32k.sys
      2009-03-04 12:44 . 2009-03-04 12:44 1366424 ----a-w c:\windows\system32\drivers\CT0531FL.SYS
      2009-03-04 12:42 . 2009-03-04 12:42 100888 ----a-w c:\windows\system32\drivers\CTERFXFX.sys
      2009-03-04 12:42 . 2009-03-04 12:42 566296 ----a-w c:\windows\system32\drivers\CTSBLFX.sys
      2009-03-04 12:42 . 2009-03-04 12:42 555032 ----a-w c:\windows\system32\drivers\CTAUDFX.sys
      2009-03-04 12:42 . 2009-03-04 12:42 99352 ----a-w c:\windows\system32\drivers\COMMONFX.sys
      2009-03-04 10:47 . 2009-03-04 10:47 43520 ----a-w c:\windows\system32\CTBurst.dll
      2009-03-04 10:47 . 2009-03-04 10:47 11776 ----a-w c:\windows\system32\inres.dll
      2009-03-04 10:47 . 2007-04-09 11:33 182272 ----a-w c:\windows\system32\ctdvinst.dll
      2009-03-04 10:47 . 2007-04-09 11:33 86528 ----a-w c:\windows\system32\ctcoinst.dll
      2009-03-04 10:46 . 2009-03-04 10:46 11776 ----a-w c:\windows\system32\ac3api.dll
      2009-03-04 10:45 . 2009-03-04 10:45 38400 ----a-w c:\windows\system32\readreg.exe
      2009-03-04 10:45 . 2009-03-04 10:45 37888 ----a-w c:\windows\system32\psconv.exe
      2009-03-04 10:45 . 2009-03-04 10:45 19456 ----a-w c:\windows\system32\CtHelper.exe
      2009-03-04 10:45 . 2009-03-04 10:45 8704 ----a-w c:\windows\system32\ctagent.dll
      2009-03-04 10:45 . 2009-03-04 10:45 45568 ----a-w c:\windows\system32\ctspkhlp.dll
      2009-03-04 10:45 . 2009-03-04 10:45 56832 ----a-w c:\windows\system32\CTpcmcia.dll
      2009-03-04 10:45 . 2009-03-04 10:45 12800 ----a-w c:\windows\system32\ctmmep.dll
      2009-03-04 10:45 . 2009-03-04 10:45 9216 ----a-w c:\windows\system32\ctpres.dll
      2009-03-04 10:45 . 2009-03-04 10:45 32768 ----a-w c:\windows\system32\ctthxcal.dll
      2009-03-04 10:44 . 2009-03-04 10:44 41472 ----a-w c:\windows\system32\ctscal.dll
      2009-03-04 10:44 . 2009-03-04 10:44 131072 ----a-w c:\windows\system32\ctdcifce.dll
      2009-03-04 10:44 . 2009-03-04 10:44 330752 ----a-w c:\windows\system32\ctdc0001.dll
      2009-03-04 10:44 . 2009-03-04 10:44 227840 ----a-w c:\windows\system32\ctdc0000.dll
      2009-03-04 10:44 . 2009-03-04 10:44 10240 ----a-w c:\windows\system32\ctdcres.dll
      2009-03-04 10:33 . 2009-03-04 10:33 51787 ----a-w c:\windows\system32\ctdlang.dat
      2009-03-04 10:33 . 2009-03-04 10:33 386852 ----a-w c:\windows\system32\ctdnlstr.dat
      2009-03-04 10:33 . 2009-03-04 10:33 196096 ----a-w c:\windows\system32\ctemupia.dll
      2009-03-04 10:30 . 2009-03-04 10:30 176128 ----a-w c:\windows\system32\ct_oal.dll
      2009-03-04 10:30 . 2009-03-04 10:30 46592 ----a-w c:\windows\system32\ctasio.dll
      2009-03-04 10:30 . 2009-03-04 10:30 49152 ----a-w c:\windows\system32\ctdproxy.dll
      2009-03-04 10:29 . 2009-03-04 10:29 69632 ----a-w c:\windows\system32\ctosuser.dll
      2009-03-04 10:29 . 2009-03-04 10:29 6144 ----a-w c:\windows\system32\sfman32.dll
      2009-03-04 10:29 . 2009-03-04 10:29 125952 ----a-w c:\windows\system32\sfms32.dll
      2009-03-04 10:28 . 2009-03-04 10:28 13312 ----a-w c:\windows\system32\regplib.exe
      2009-03-04 10:28 . 2009-03-04 10:28 64512 ----a-w c:\windows\system32\piaproxy.dll
      2009-03-04 10:28 . 2009-03-04 10:28 149838 ----a-w c:\windows\system32\ctbas2w.dat
      2009-03-04 10:26 . 2009-03-04 10:26 274587 ----a-w c:\windows\system32\ctsbas2w.dat
      2009-03-04 10:26 . 2009-03-04 10:26 241084 ----a-w c:\windows\system32\CTSBASW.DAT
      2009-03-04 10:26 . 2009-03-04 10:26 115166 ----a-w c:\windows\system32\CTBASICW.DAT
      2009-03-04 10:25 . 2009-03-04 10:25 53932 ----a-w c:\windows\system32\ctdaught.dat
      2009-03-04 10:25 . 2009-03-04 10:25 313207 ----a-w c:\windows\system32\ctstatic.dat
      2009-03-04 10:25 . 2009-03-04 10:25 5120 ----a-w c:\windows\system32\enlocstr.exe
      2009-03-04 10:25 . 2009-03-04 10:25 10240 ----a-w c:\windows\system32\killapps.exe
      2009-03-04 10:25 . 2009-03-04 10:25 28672 ----a-w c:\windows\system32\MIDIDEF.EXE
      2009-03-04 10:25 . 2009-03-04 10:25 33792 ----a-w c:\windows\system32\devreg.dll
      2009-03-03 00:13 . 2006-06-23 12:28 826368 ----a-w c:\windows\system32\wininet.dll
      2009-02-20 17:10 . 2008-01-12 14:33 78336 ----a-w c:\windows\system32\ieencode.dll
      2009-02-13 12:50 . 2009-02-13 12:50 87712 ----a-w c:\windows\system32\ctpxst32.exe
      2009-02-10 17:06 . 2008-01-11 18:56 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
      2009-02-09 14:05 . 2003-08-21 06:31 1846912 ----a-w c:\windows\system32\win32k.sys
      2009-02-09 11:24 . 2008-01-10 21:11 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
      2009-02-09 11:23 . 2003-08-21 06:31 111104 ----a-w c:\windows\system32\services.exe
      2009-02-09 10:53 . 2008-01-11 18:55 735744 ----a-w c:\windows\system32\lsasrv.dll
      2009-02-09 10:53 . 2005-07-26 04:38 401408 ----a-w c:\windows\system32\rpcss.dll
      2009-02-09 10:53 . 2003-08-21 06:31 739840 ----a-w c:\windows\system32\ntdll.dll
      2009-02-09 10:53 . 2003-08-21 06:30 685568 ----a-w c:\windows\system32\advapi32.dll
      2009-02-06 10:39 . 2003-08-21 06:31 35328 ----a-w c:\windows\system32\sc.exe
      2007-05-04 18:16 . 2007-05-04 18:16 2855080 ----a-w c:\program files\aawsepersonal.exe
      2007-05-04 18:00 . 2007-05-04 18:00 11470608 ----a-w c:\program files\avgas-setup-7.5.0.50.exe
      2005-08-16 13:44 . 2007-02-05 08:37 0 --sha-w c:\windows\SMINST\HPCD.SYS
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 24576]
      "RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
      "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
      "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
      "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
      "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
      "StorageGuard"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
      "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
      "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]
      "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
      "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
      "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
      "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
      "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
      "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
      "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
      "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
      "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-03-04 19456]

      c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
      Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-1-11 2074360]
      NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2008-1-13 155715]
      Outil de notification Live Search.lnk - c:\documents and settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-19 143360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
      Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-3-16 450560]
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-3-16 581632]
      NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2008-1-13 155715]
      Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
      2001-12-20 22:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\windows\system32\wbsys.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\emule\\emule.exe"=
      "c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
      "c:\\Program Files\\Sierra Entertainment\\TimeShift\\bin\\TimeShift.Exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=
      "c:\\Program Files\\Fichiers communs\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
      "c:\\WINDOWS\\pchealth\\helpctr\\Binaries\\helpctr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
      "6112:TCP"= 6112:TCP:Blizzard downloader
      "3724:UDP"= 3724:UDP:Blizzard downloader

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 18:03 114768]
      R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 11:21 302000]
      R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 11:21 72624]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 18:03 20560]
      R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [04/03/2009 14:47 15896]
      R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53 226656]
      R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 10:21 1234480]
      R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 99352]
      R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 555032]
      R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 566296]
      S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 99352]
      S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [30/04/2009 14:09 79360]
      S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 555032]
      S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 100888]
      S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 100888]
      S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 566296]
      S3 gkmixern;gkmixern;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\gkmixern.sys [?]
      S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

      2009-05-06 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-Heck Glue - c:\docume~1\ADMINI~1\APPLIC~1\INFOKE~1\BOOB BIAS.exe


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://google.fr/
      uDefault_Search_URL = hxxp://srch-fr9.hpwis.com/
      uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
      mSearch Bar = hxxp://srch-fr9.hpwis.com/
      uInternet Connection Wizard,ShellNext = iexplore
      IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      Trusted Zone: clubic.com\www
      TCP: {1D1CB5E2-D519-4E54-89C5-DB326AFFF50B} = 212.27.40.240,212.27.40.241
      FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ne6xtaq0.default\
      FF - prefs.js: browser.search.selectedEngine - Live Search
      FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
      FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ne6xtaq0.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

      ---- PARAMETRES FIREFOX ----
      FF - user.js: yahoo.homepage.dontask - true.

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-05-06 20:19
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      CTHelper = CTHELPER.EXE?

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-3381462172-2251267874-774157113-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
      @Denied: (Full) (LocalSystem)
      @SACL=

      [HKEY_USERS\S-1-5-21-3381462172-2251267874-774157113-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:4e,41,bf,b2,15,98,4d,af,31,c1,e2,cf,9e,f2,d4,4e,21,44,6a,20,cb,9d,ce,
      d9,83,b4,b6,93,e6,d2,43,ca,f3,26,b5,aa,cb,44,76,f6,ce,ba,56,23,36,6c,89,34,\
      "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(844)
      c:\windows\system32\Ati2evxx.dll
      c:\program files\AlienGUIse\fastload.dll
      .
      Heure de fin: 2009-05-06 20:22
      ComboFix-quarantined-files.txt 2009-05-06 18:22

      Avant-CF: 72 275 132 416 octets libres
      Après-CF: 72 580 792 320 octets libres

      291 --- E O F --- 2009-04-16 02:31
      0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Très bien... Refais un RSIT et poste les rapports stp
    0
    1. blandine
       
      je n'ai eu droit qu'à un rapport cette fois !! le voici, le log.txt :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Administrateur at 2009-05-06 22:29:18
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 69 GB (47%) free of 147 GB
      Total RAM: 1535 MB (54% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:29:42, on 06/05/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\AlienGUIse\wbload.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\System32\CTsvcCDA.exe
      C:\WINDOWS\ehome\ehSched.exe
      C:\Program Files\Logitech\SetPoint\KEM.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
      C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\program files\mozilla firefox\firefox.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
      O4 - Startup: NaturalColorLoad.lnk = ?
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
      O4 - Global Startup: NaturalColorLoad.lnk = ?
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1D1CB5E2-D519-4E54-89C5-DB326AFFF50B}: NameServer = 212.27.40.240,212.27.40.241
      O17 - HKLM\System\CS1\Services\Tcpip\..\{1D1CB5E2-D519-4E54-89C5-DB326AFFF50B}: NameServer = 212.27.40.240,212.27.40.241
      O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
      O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    relance hijackthis en cliquant sur scan only et coches ces lignes stp :

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    puis tu cliques sur fix checked.

    ensuite :

    Je te conseille de désinstaller Avast via ajout/suppression de programmes et de télécharger Antivir qui est beaucoup plus performant :

    Antivir 2009 en français

    Voici un tutoriel pour l'installer et l'utiliser correctement.

    Voici aussi un autre tutoriel pour Antivir en français : http://www.libellules.ch/tuto_antivir.php

    ensuite :

    ▶ Télécharge CCleaner

    ▶ Tu auras un tutoriel pour l'installer et l'utiliser correctement.

    ▶ Fais le nettoyage et recherche les erreurs du registre comme expliqué en bas du tutoriel.

    Est-ce que tu as encore des problèmes ??
    0
    1. blandine
       
      Ok, je ferai ça demain car là j'ai fermé l'ordi concerné (celui de mon fils qui dort).
      Mais il me semble que antivir demande plus de surveillance et de mise à jour qu'avast ? car mon fils ayant un peu tendance à ne pas prendre le temps de passer d'antivirus et antispywares, je cherche le plus pratique pour lui. Mais ceci dit s'il est plus efficace, il faudra bien qu'il s'y mette !
      Merci en attendant. Bonne nuit si ce n'est déjà en cours. A demain.
      0
    2. blandine
       
      Voilà, j'ai fait la dernière opération et j'ai terminé en passant ccleaner. Mais je garde ton lien pour antivir sous la main car je le teste déjà sur mon ordi (AVG 8 -version 30 j gratuit- allait se terminer). C'est par erreur, en croyant télécharger une mise à jour pour mon AVG 7.5 que je l'avais téléchargé !! donc c'était l'occasion de le changer.
      Cependant j'ai un souci car j'ai désinstallé AVG, puis passer ccleaner, mais en recherchant j'ai encore plein de fichiers AVG !!!! donc un que je ne peux même pas supprimer car ça me dit qu'il doit être en cours d'exécution, sans que je n'ai rien d'ouvert pourtant !! il s'agit du fichier : avg_free_stf_eu_85_278a1439.exe. Bizarre non ?
      0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bonsoir,

    Essaye ceci pour supprimer les traces d' AVG :

    http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

    Est-ce que tu as encore des problèmes ??
    0
    1. blandine
       
      toujours même problème !
      0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Le problème avec les fichiers d'Avast ??
    0
    1. blandine
       
      non non, avg remover inefficace apparemment (voir ton post 18)
      Pour l'ordi de mon fils, ça semble ok. Je n'ai pas oté avast encore. J'expérimente d'abord antivir sur mon ordi !
      0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Euh... Oui je voulais dire AVG, pardon lol

    On dirait le fichier d'installation d'AVG ??

    As-tu essayé de le supprimer en mode sans échec ??
    0
    1. blandine
       
      oui déjà essayé sans succès. Mais comme c'était la version payante après essai de 30 jours, je pense que c'est plus résistant à virer !!!
      0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Essaye en lançant AVGremover en mode sans échec
    0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Ouvre le gestionnaire des tâches en faisant Ctrl + Alt + Supp et regarde si tu ne vois pas le processus.
    0
    1. blandine
       
      Non, il ne figure pas dans les processus
      0
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bin alors je ne sais pas... Bizarre ce fichier d'installation qui ne veut pas se supprimer...
    0
    1. blandine
       
      Tu me conseilles d'ouvrir un nouveau post pour voir si quelqu'un d'autre pourrait avoir une solution ? ou bien tu continues de chercher ?
      0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Est-ce que ce fichier te pose problème ??
    0
    1. blandine
       
      Apparemment non, mais c'est juste que ce n'est pas normal que ça m'indique que le fichier doit être occupé par un autre programme !!! enfin, comme tu dis, s'il n'y a pas de conséquence !!
      Mais j'ai cru apercevoir, lors de la dernière fermeture (pour redémarrage) de mon ordi, une fenêtre m'indiquant que l'application n'a pas pu s'exécuter car la station était en train de se fermer. Et il me semble que c'était la dll drwtsn32.exe. Il faudra que je regarde lors des prochaines fermetures et je te confirmerai.
      Il faut te dire que je venais de fermer un post pour m'oter le même problème que ci-dessus mais avec la dll dwwin.exe qui provenait d'une mise à jour du pilote logitech pour ma web cam apparemment non compatible !
      Je te tiendrai au courant lors de ma fermeture.
      En attendant, si tu ne vois plus rien à faire d'autre, je te souhaite une bonne nuit et peut être à demain ou sinon bon 8 mai.
      0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Je ne pense pas que ce fichier te posera des problèmes... Peut-être un peu gênant mais inoffenssif..

    Tu pourras faire ceci pour terminer stp :

    Voici un excellent petit logiciel très utile qui te permettra de savoir les nouvelles mises à jour disponibles pour les différents logiciels installés sur ton PC :

    ▶ Télécharge Update Checker

    ▶ Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.

    ▶ Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.

    ▶ Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.

    Un conseil : n'installe pas les BETA qui sont listées en dessous.

    ▶ Tu installes les mises à jour que tu désires, les plus importantes sont :

    ● Java

    ● Adobe Reader

    ● Adobe Flash Player

    ● Internet explorer

    Ensuite :

    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

    ▶ Télécharge Toolscleaner sur ton Bureau

    ▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
    ▶ Clique sur Recherche et laisse le scan se terminer.
    ▶ Clique sur Suppression pour finaliser.
    ▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
    ▶ Clique sur Quitter, pour que le rapport puisse se créer.
    ▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

    Ensuite :

    Désactive et réactive la Restauration du système :

    Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
    points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire :

    1 Dans la barre des tâches de Windows, clique sur Démarrer.

    2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

    3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

    4 Clique sur Appliquer.

    5 Ensuite décoche "Désactiver la restauration du systeme"

    6 clique sur appliquer puis ok

    7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

    outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

    (exemple : après désinfection sur CCM) puis tu valides.

    Tu peux mettre ton problème résolu !! Comment mettre résolu ??

    IMPORTANT : lire les quelques liens pour la prévention et la sécurité de votre PC qui se trouvent en bas de la page !!

    WOT - Extension pour ton navigateur internet :

    Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :

    Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

    Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp

    0
    1. blandine
       
      Je peux faire tout ce que tu m'indiques sur les 2 ordis, car je te rappelle que, en dernier, tu intervenais sur un problème sur mon ordi (initialement problèmes traités sur l'ordi de mon fils).
      Est ce que ça va éliminer Ccleaner car j'aimerais le garder, je m'en sers régulièrement ?
      Merci pour tout, je ferai fermer mon post après cette dernière réponse.
      Bon week end.
      0
  18. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bonjour,

    non ça ne supprimera pas CCleaner, ni Malwarebytes ;-)

    Oui tu peux faire ce dernier message sur les 2 PC si l'autre n'est plus infecté
    0
    1. blandine
       
      Voici le petit rapport final, pour mon ordi et je vais faire de même pour l'ordi de mon fils (cf prochain post) :

      [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

      --> Recherche:


      ---------------------------------
      --> Suppression:


      Fichiers temporaires nettoyés !
      Corbeille vidée!
      0
    2. blandine
       
      et voici pour le rapport de l'ordi de mon fils :

      [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

      --> Recherche:

      C:\Combofix.txt: trouvé !
      C:\fixnavi.txt: trouvé !
      C:\lopR.txt: trouvé !
      C:\Combofix: trouvé !
      C:\Lop SD: trouvé !
      C:\Qoobox: trouvé !
      C:\Rsit: trouvé !
      C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

      ---------------------------------
      --> Suppression:

      C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe: supprimé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\Combofix.txt: supprimé !
      C:\fixnavi.txt: supprimé !
      C:\lopR.txt: supprimé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
      C:\Combofix: supprimé !
      C:\Lop SD: supprimé !
      C:\Qoobox: supprimé !
      C:\Rsit: supprimé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      0