Systemesecurity 2009 ihaupd32.exe ect...
tithom
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
voilà il y a quelques temps j'ai eu un problème avec SystemeSecurity2009 qui du coup engendre plein de problème, je pense m'être débarrassé de lui mais depuis j'ai beaucoup d'erreurs.
tout d'abord au long démarrage plein de petites fenêtres Erreur : STARTING s'ouvre ainsi que d'autre avec svchost.exe a rencontré un probleme... et pareil avec ihaupd32.exe.
je remarque que dans Démarrer => Programme => Démarrage j'ai Ihaupd32.exe ainsi que Zqosys32.exe.
le probleme qui me semble le plus gênant c'est que je ne peux pas lancer de scan avec mon antivirus Antivir qui lorsque j'essaie fait que mon ordi s'éteint...
j'ai bien entendu essayé Spybot, Smitfraud ect... le probleme étant que seul, je n'arrive pas vraiment a tout comprendre...
dans ce cas je vous sollicite afin que, si possible, quelqu'un m'aiguille dans les manip je me sentirai plus aguérit...
De plus j'aimerais ne pas en venir au formatage qui me serai très long a faire vu le nombre de données qu'il me faudrait conserver...
Quelques infos pouvant vous être utiles :
Systeme :
Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3
vous remerciant d'avance
voilà il y a quelques temps j'ai eu un problème avec SystemeSecurity2009 qui du coup engendre plein de problème, je pense m'être débarrassé de lui mais depuis j'ai beaucoup d'erreurs.
tout d'abord au long démarrage plein de petites fenêtres Erreur : STARTING s'ouvre ainsi que d'autre avec svchost.exe a rencontré un probleme... et pareil avec ihaupd32.exe.
je remarque que dans Démarrer => Programme => Démarrage j'ai Ihaupd32.exe ainsi que Zqosys32.exe.
le probleme qui me semble le plus gênant c'est que je ne peux pas lancer de scan avec mon antivirus Antivir qui lorsque j'essaie fait que mon ordi s'éteint...
j'ai bien entendu essayé Spybot, Smitfraud ect... le probleme étant que seul, je n'arrive pas vraiment a tout comprendre...
dans ce cas je vous sollicite afin que, si possible, quelqu'un m'aiguille dans les manip je me sentirai plus aguérit...
De plus j'aimerais ne pas en venir au formatage qui me serai très long a faire vu le nombre de données qu'il me faudrait conserver...
Quelques infos pouvant vous être utiles :
Systeme :
Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3
vous remerciant d'avance
Configuration: Windows XP Firefox 3.0.12
12 réponses
-
Slt,
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit -
-
voici le premier résultat du scan demandé avec MalwareByte:
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2498
Windows 5.1.2600 Service Pack 3
25/07/2009 16:32:15
mbam-log-2009-07-25 (16-32-15).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 208974
Temps écoulé: 43 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 20
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 146
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\geyekrxveniycj.dll (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\59879681729mmx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ghaf8jkdfd.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Darkness (Trojan.Backdoor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spybotsd teatimer (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\swg (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbd (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\program files\HP\hp software update\hpwuschd2.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\HP_Administrateur\Application Data\Messenger\Drivers (Trojan.Agent.M) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\application data\messenger\Drivers\Aud32 (Trojan.Agent.M) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Application Data\Messenger\Sys (Trojan.Agent.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ghaf8jkdfd.dll (Trojan.Zlob.H) -> Delete on reboot.
c:\documents and settings\hp_administrateur\local settings\application data\ceome_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\ceome.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmmow_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmmow_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmmow.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmmow.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmscwis_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmscwis_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmscwis.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\cmscwis.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\msoqk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\msoqk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\msoqk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\uscka_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\uscka_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\local settings\application data\uscka.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
\\?\globalroot\systemroot\system32\geyekrxveniycj.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\59879681729mmx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\Spybot - Search & Destroy\teatimer.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
C:\hp\KBD\kbd.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\19825464\19825464 .exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\Bureau\programme\Speed-Downloading_setup(2).exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\Bureau\programme\Speed-Downloading_setup.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\menu démarrer\programmes\démarrage\ihaupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\menu démarrer\programmes\démarrage\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\DBG7JDED\RecordTheRadio Setup[1].exe (Adware.Navipromo) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\Q0J2LM5F\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\Q0J2LM5F\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\hp\KBD\kbd.exe1919 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\hp\KBD\kbd.exe2060 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\hp\KBD\kbd.exe278 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\fichiers communs\installshield\updateservice\isuspm .exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe -startup (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe1224 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe1917 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe208 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe211 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe217 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe226 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe258 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe260 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe262 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe274 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe301 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe496 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe873 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\HP\hp software update\hpwuschd2.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe.aawbak (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Lavasoft\Ad-Aware\aawtray.exe1229 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\Lavasoft\Ad-Aware\aawtray.exe1328 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe1225 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe1323 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe1518 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe1599 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe189 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe1916 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe2057 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe206 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe210 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe216 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe225 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe244 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe246 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe259 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe261 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe269 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe273 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe278 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe301 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe382 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe497 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\program files\spybot - search & destroy\teatimer.exe934 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe1325 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe245 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe260 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe261 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe263 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe499 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe876 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe936 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10 .exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe1227 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe1326 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe1520 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe1600 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe169 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe2058 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe213 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe246 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe247 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe264 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe271 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe275 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe279 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe302 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe306 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe383 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe500 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe877 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe933 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\pp10.exe937 (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\cooecp.tlb (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\logcde.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.Log (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\winpaged.ocx (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mobsyn.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncache.dllx (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\usbewt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_26504827405.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_318016252805.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_73426666117.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_797751131381.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp0_891692581340.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp1_179883239877.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tmp1_246522628223.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_266741720731.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_298243407658.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_781050516344.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_824546640718.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_885692167794.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\txpxr_94748203411.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrateur\application data\messenger\Drivers\pub.dll (Trojan.Agent.M) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ogmqs_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ogmqs_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrateur\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\sFX\sfx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\uudoam.exe (Trojan.Dropper) -> Quarantined and deleted successfully. -
voici le log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrateur at 2009-07-25 16:42:24
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 13 GB (6%) free of 231 GB
Total RAM: 1022 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:39, on 25/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\HP_Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {73ecb3aa-4717-450c-a2ab-d00dad9ee203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\59879681729mmx.dll
O23 - Service: Avira AntiVir Planificateur (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
voici le info.txt :
info.txt logfile of random's system information tool 1.06 2009-07-25 16:42:42
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Amélioration de nos services-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Belkin Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
BitComet 1.13-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
CometBird (3.0.11)-->C:\Program Files\CometBird\uninstall\helper.exe
Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Correctif pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
gBurner-->"C:\Program Files\gBurner\uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hercules Deluxe Optical Glass-->C:\Program Files\InstallShield Installation Information\{56298F72-C2CC-4FE5-ACEA-30C7A866BF4C}\setup.exe -runfromtemp -l0x040c -removeonly
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Le logiciel Intel® Viiv™-->MsiExec.exe /X{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder 0.6.2-->C:\Program Files\MediaCoder\uninst.exe
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MpcStar 3.9-->C:\Program Files\MpcStar\uninst.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x40c
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x40c
nCleaner second 2.3.2.0-->C:\Program Files\NKProds\nCleaner\uninstall.exe
Nero Suite-->C:\Program Files\Fichiers communs\Ahead\Uninstall\setup.exe /uninstall
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia Home Media Server-->MsiExec.exe /X{F5A3D2C9-22CF-489B-8B01-F7159D1A7412}
Nokia Music-->MsiExec.exe /I{9333DA9B-4F8C-4580-88A7-F12D7B10DC2A}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Suite-->MsiExec.exe /I{B5264B25-8908-49BB-A708-5A70DFBF8094}
Nokia Ovi System Utilities 6.85.3016-->msiexec /qn /x {FF34EA62-92C1-41E6-BA64-B2B7ECB53737}
Nokia Ovi System Utilities-->MsiExec.exe /X{FF34EA62-92C1-41E6-BA64-B2B7ECB53737}
Nokia Photos-->MsiExec.exe /I{AE977FE5-F014-4F1E-83F7-B4FD143B5EEF}
Nokia Software Updater-->MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton Internet Security 2006 (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\FrenchOtto\uninstallotto.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC-Doctor 5 pour Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Samsung Samples Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Services Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5CFD7508-7774-48FE-8280-7A3C0AE71755} /l1036
SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
TV sur PC-->C:\Program Files\Neuf\TV_PC\uninstall.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\adslTV\uninstall.exe
Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
======Security center information======
AV: Norton Internet Security 2006 (disabled) (outdated)
AV: AntiVir Desktop
FW: Norton Internet Worm Protection (disabled)
FW: Norton Internet Security 2006 (disabled)
======System event log======
Computer Name: AMOUR
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.
Record Number: 39320
Source Name: Service Control Manager
Time Written: 20090718164359.000000+120
Event Type: Informations
User:
Computer Name: AMOUR
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 39319
Source Name: Service Control Manager
Time Written: 20090718164359.000000+120
Event Type: Informations
User: AMOUR\HP_Administrateur
Computer Name: AMOUR
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 39318
Source Name: Service Control Manager
Time Written: 20090718164358.000000+120
Event Type: Informations
User:
Computer Name: AMOUR
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.
Record Number: 39317
Source Name: Service Control Manager
Time Written: 20090718164358.000000+120
Event Type: Informations
User: AMOUR\HP_Administrateur
Computer Name: AMOUR
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.
Record Number: 39316
Source Name: Service Control Manager
Time Written: 20090718164358.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: AMOUR
Event Code: 26
Message: Application starting
Record Number: 10183
Source Name: SNDSrvc
Time Written: 20090703105220.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: AMOUR
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 10182
Source Name: SecurityCenter
Time Written: 20090703105203.000000+120
Event Type: Informations
User:
Computer Name: AMOUR
Event Code: 1
Message:
Record Number: 10181
Source Name: Nokia M Platform
Time Written: 20090703105157.000000+120
Event Type: Informations
User:
Computer Name: AMOUR
Event Code: 1
Message:
Record Number: 10180
Source Name: Nokia M Platform
Time Written: 20090703105156.000000+120
Event Type: Informations
User:
Computer Name: AMOUR
Event Code: 1
Message:
Record Number: 10179
Source Name: Nokia M Platform
Time Written: 20090703105153.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime Alternative\QTSystem\;C:\Program Files\Fichiers communs\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF----------------- -
il semblerait que je n'ai plus ihaupd32.exe et zqosys32.exe dans démarrer=> programme=> démarrage.
j'ai cependant toujours lorsque je démarre l'ordi un message d'erreur concernant svchost qui a rencontrer un pb... ect -
vire tout ce qui est en quarantaine dans malwarebyte
puis
- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.
puis
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix -
-
voici donc le rapport :
ComboFix 09-07-24.01 - HP_Administrateur 25/07/2009 17:40.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.658 [GMT 2:00]
Running from: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\QUAD Utilities
c:\program files\sFX
c:\recycler\S-1-5-21-1042281830-2596113689-4216471197-1007
c:\recycler\S-1-5-21-3142290306-4259825926-2972502295-1007
c:\recycler\S-1-5-21-418868126-2868896245-297984682-1007
c:\windows\Install.txt
c:\windows\Installer\1af06c.msi
c:\windows\Installer\1af06d.msp
c:\windows\Installer\1af06e.msp
c:\windows\Installer\1af06f.msp
c:\windows\Installer\1af070.msp
c:\windows\Installer\1af071.msp
c:\windows\Installer\1af072.msp
c:\windows\Installer\1af073.msp
c:\windows\Installer\1af074.msp
c:\windows\Installer\1af075.msp
c:\windows\Installer\1af076.msp
c:\windows\Installer\2939ff.msi
c:\windows\Installer\293a05.msi
c:\windows\Installer\293a0e.msi
c:\windows\Installer\293a18.msi
c:\windows\Installer\293a1e.msi
c:\windows\Installer\293a27.msi
c:\windows\Installer\2d1140.msi
c:\windows\Installer\2d114b.msi
c:\windows\Installer\2d1151.msi
c:\windows\Installer\2d115b.msi
c:\windows\Installer\2d5bb6.msi
c:\windows\Installer\2d5bc0.msi
c:\windows\Installer\2d5bcc.msi
c:\windows\Installer\2d5bd2.msi
c:\windows\Installer\2d5bd8.msi
c:\windows\Installer\2d5bde.msi
c:\windows\Installer\2e1f78.msi
c:\windows\Installer\2e1f7e.msi
c:\windows\Installer\2e1f88.msi
c:\windows\Installer\2e1f92.msi
c:\windows\Installer\2e1f98.msi
c:\windows\Installer\2e1f9e.msi
c:\windows\Installer\2e1fa5.msi
c:\windows\Installer\2e1fab.msi
c:\windows\Installer\2e1fb1.msi
c:\windows\Installer\300cab.msi
c:\windows\Installer\35980.msi
c:\windows\Installer\35987.msi
c:\windows\Installer\3598d.msi
c:\windows\Installer\35999.msi
c:\windows\Installer\377a1e34.msi
c:\windows\Installer\46f4c.msi
c:\windows\Installer\46f60.msi
c:\windows\Installer\46f6f.msi
c:\windows\Installer\46f9b.msi
c:\windows\Installer\46fa1.msi
c:\windows\Installer\46faa.msi
c:\windows\Installer\50c2ce4.msi
c:\windows\Installer\5a8b6.msi
c:\windows\Installer\5a8ca.msi
c:\windows\Installer\5a8d9.msi
c:\windows\Installer\5a905.msi
c:\windows\Installer\5a90b.msi
c:\windows\Installer\5a914.msi
c:\windows\Installer\69189.msi
c:\windows\Installer\691a5.msi
c:\windows\Installer\691ac.msi
c:\windows\Installer\691d7.msi
c:\windows\Installer\71918.msi
c:\windows\Installer\71922.msi
c:\windows\Installer\7192f.msi
c:\windows\Installer\7193e.msi
c:\windows\Installer\71944.msi
c:\windows\Installer\7194a.msi
c:\windows\Installer\72c72.msi
c:\windows\Installer\72c8e.msi
c:\windows\Installer\72c95.msi
c:\windows\Installer\72cc0.msi
c:\windows\Installer\7d4cb.msi
c:\windows\Installer\7d4d8.msi
c:\windows\Installer\7d4e2.msi
c:\windows\Installer\7d4ec.msi
c:\windows\Installer\7d4f3.msi
c:\windows\Installer\7d8ee.msi
c:\windows\Installer\7d8f8.msi
c:\windows\Installer\7d905.msi
c:\windows\Installer\7d914.msi
c:\windows\Installer\7d91a.msi
c:\windows\Installer\7d920.msi
c:\windows\Installer\8cc89.msi
c:\windows\Installer\8cc96.msi
c:\windows\Installer\8cca0.msi
c:\windows\Installer\8ccaa.msi
c:\windows\Installer\8ccb1.msi
c:\windows\Installer\ba4be.msi
c:\windows\Installer\f001.msi
c:\windows\Installer\f008.msi
c:\windows\Installer\f00e.msi
c:\windows\Installer\f01a.msi
c:\windows\Installer\f020.msi
c:\windows\kb913800.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\17000750.sys
c:\windows\system32\drivers\geyekruydxlvoq.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\geyekrkjjtvqtv.dat
c:\windows\system32\geyekrovbrfvkk.dat
c:\windows\system32\geyekrpkcxecmy.dll
c:\windows\system32\geyekrxveniycj.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Install.txt
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekrcdorjkcp
-------\Legacy_6TO4
-------\Legacy_msncache
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_USBEWT
-------\Service_sfx
-------\Service_usbewt
-------\Service_17000750
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-25 15:14 . 2009-07-25 15:14 -------- d-----w- c:\program files\CCleaner
2009-07-25 14:42 . 2009-07-25 14:42 -------- d-----w- c:\program files\trend micro
2009-07-25 14:42 . 2009-07-25 14:42 -------- d-----w- C:\rsit
2009-07-25 13:46 . 2009-07-25 13:46 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2009-07-25 13:46 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 13:46 . 2009-07-25 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 13:46 . 2009-07-25 13:46 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-25 13:46 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 12:18 . 2009-07-25 12:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SITEguard
2009-07-25 12:17 . 2009-07-25 12:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\STOPzilla!
2009-07-25 12:17 . 2009-07-25 12:17 -------- d-----w- c:\program files\Fichiers communs\iS3
2009-07-24 22:53 . 2009-07-24 22:53 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-07-23 23:15 . 2009-07-23 23:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2009-07-23 23:14 . 2009-07-23 23:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-18 02:46 . 2009-07-18 02:46 38024 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-18 00:30 . 2009-07-18 00:30 -------- d-----w- c:\program files\ma-config.com
2009-07-18 00:30 . 2009-07-18 00:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ma-config.com
2009-07-17 20:23 . 2009-07-17 20:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\WinBatch
2009-07-17 18:18 . 2009-07-17 18:18 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-07-17 18:04 . 2009-07-25 14:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-17 18:00 . 2009-07-25 14:54 -------- d-----w- c:\program files\Lavasoft
2009-07-17 14:51 . 2009-07-17 14:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-17 14:51 . 2009-07-17 15:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-17 14:51 . 2009-07-17 14:51 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\SUPERAntiSpyware.com
2009-07-17 14:50 . 2009-07-17 14:50 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-17 14:48 . 2009-07-17 14:48 -------- d-----w- c:\program files\NKProds
2009-07-17 14:14 . 2009-07-25 12:05 140 ----a-w- c:\windows\34rdft.bat
2009-07-17 12:27 . 2009-07-17 16:45 -------- d-----w- c:\program files\Enigma Software Group
2009-07-17 11:54 . 2009-07-17 11:54 -------- d-----w- c:\program files\Uniblue
2009-07-17 11:53 . 2009-07-17 11:54 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-17 11:17 . 2009-07-17 11:17 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2009-07-17 11:16 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-17 11:16 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 11:16 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-17 11:16 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-17 11:16 . 2009-07-17 11:16 -------- d-----w- c:\program files\Avira
2009-07-17 11:16 . 2009-07-17 11:16 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-07-17 10:40 . 2009-07-25 14:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\19825464
2009-07-17 10:40 . 2009-07-25 14:32 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Messenger
2009-07-10 17:23 . 2009-07-10 17:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\CometNetwork
2009-07-10 17:23 . 2009-07-10 17:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\CometNetwork
2009-07-10 17:21 . 2009-07-17 11:37 -------- d-----w- c:\program files\CometBird
2009-07-10 15:31 . 2009-07-10 15:32 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 15:17 . 2009-04-10 20:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-25 15:17 . 2009-01-17 23:53 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Azureus
2009-07-25 15:06 . 2006-11-24 13:42 16884 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2009-07-25 14:59 . 2008-06-28 16:18 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Skype
2009-07-25 14:37 . 2008-06-28 16:19 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\skypePM
2009-07-25 12:21 . 2009-07-25 12:20 496 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-25 10:14 . 2009-04-10 20:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-22 13:18 . 2006-11-24 11:00 89960 ----a-w- c:\windows\hpoins06.dat
2009-07-19 14:09 . 2006-09-19 04:46 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-07-19 14:07 . 2008-03-25 18:32 -------- d-----w- c:\program files\Yahoo!
2009-07-18 13:38 . 2008-07-13 19:30 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\DNA
2009-07-18 11:45 . 2008-07-13 19:30 -------- d-----w- c:\program files\DNA
2009-07-18 02:24 . 2006-09-19 04:37 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-07-17 20:23 . 2006-09-19 04:22 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-17 20:21 . 2006-09-19 04:15 -------- d-----w- c:\program files\HP
2009-07-17 17:48 . 2006-09-19 04:43 -------- d-----w- c:\program files\Google
2009-07-15 10:53 . 2009-03-08 20:16 -------- d-----w- c:\program files\BitComet
2009-07-13 18:44 . 2008-06-14 18:41 -------- d-----w- c:\program files\adslTV
2009-07-11 10:26 . 2006-11-24 10:59 57008 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-10 18:37 . 2006-09-19 04:26 -------- d-----w- c:\program files\DivX
2009-07-10 17:18 . 2009-03-08 21:28 -------- d-----w- c:\program files\MpcStar
2009-07-03 17:33 . 2008-11-30 17:16 -------- d-----w- c:\program files\MediaCoder
2009-07-03 14:24 . 2008-07-13 19:30 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\BitTorrent
2009-06-20 22:48 . 2009-07-10 11:15 25220 ----a-w- c:\windows\Fonts\Degenere.ttf
2009-06-20 14:54 . 2009-07-10 11:35 35736 ----a-w- c:\windows\Fonts\point de suture.ttf
2009-06-16 14:40 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-10 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 01:56 . 2009-06-09 01:56 -------- d-----w- c:\program files\InterActual
2009-06-03 19:10 . 2004-08-10 11:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 12:50 . 2009-04-08 11:00 -------- d-----w- c:\program files\QuickTime Alternative
2009-05-27 23:39 . 2006-12-13 17:24 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\dvdcss
2009-05-13 23:57 . 2009-05-13 15:14 166736 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-12 22:48 . 2005-10-10 11:39 90750 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-12 22:48 . 2005-10-10 11:39 523044 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-07 15:33 . 2004-08-10 11:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 04:34 . 2004-08-10 11:00 670720 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2007-03-30 17:34 . 2007-03-30 17:34 251 ----a-w- c:\program files\wt3d.ini
2009-07-22 01:37 . 2009-01-14 22:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2005-03-14 08:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-10 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-03-14 07:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-03-08 20:17 361600 CD00787894008369F56153B91FC28847 c:\windows\system32\dllcache\tcpip.sys
[-] 2009-03-08 20:17 361600 CD00787894008369F56153B91FC28847 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-03-07 53096]
"Symantec PIF AlertEng"="c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
c:\docume~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nokia Ovi Suite.lnk]
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Totocam
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"CamserviceDeluxe2"=c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\Documents and Settings\\HP_Administrateur\\Bureau\\Duke_Nukem_3D\\EDuke32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"7436:TCP"= 7436:TCP:BitComet 7436 TCP
"7436:UDP"= 7436:UDP:BitComet 7436 UDP
"6667:UDP"= 6667:UDP:VIDEOALLOCAM UDP
"6666:TCP"= 6666:TCP:*:Disabled:TOTOCAM TCP
"8085:TCP"= 8085:TCP:sfx
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 13:53 5632]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 32256]
R2 antivirschedulerservice;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 13:16 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [18/01/2009 01:53 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [18/01/2009 01:53 234888]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/02/2009 22:46 55152]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [08/04/2009 13:58 94720]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/m/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://fr.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Envoyer à &Bluetooth - c:\program files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: {{2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E}
FF - ProfilePath - c:\docume~1\HP_ADM~1\APPLIC~1\Mozilla\Firefox\Profiles\d0vgek25.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://lo.st
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\d0vgek25.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\d0vgek25.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 17:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{26c16bf6-de79-4698-a88e-e0e23ac3093b}]
@Denied: (Full) (Everyone)
"Model"=dword:000000de
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):39,b6,ab,f3,66,03,00,c0,b1,74,53,3b,00,d3,d0,28,1e,ea,68,4d,d7,
57,5a,8b,25,b6,bc,dd,8c,8a,3d,70,10,22,e8,9b,33,85,31,a6,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Fichiers communs\Symantec Shared\CCPROXY.EXE
c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
c:\program files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2009-07-25 18:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 16:01
Pre-Run: 14 047 506 432 octets libres
Post-Run: 13 884 227 584 octets libres
457 --- E O F --- 2009-07-16 01:06 -
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr -
-
