Google

Fermé

YAN - 18 août 2009 à 13:21
YAN - 18 août 2009 à 16:58

Bonjour,

J'ai moi aussi un soucis avec Google, apparement les mêmes symptômes.

J'ai lancé RSIT avec les rapports ci-dessous,

Merci d'avance de votre aide,

A+

YanLogfile of random's system information tool 1.06 (written by random/random)
Run by Hamel at 2009-08-18 11:46:17
Microsoft Windows XP Professionnel Service Pack 2
System drive I: has 123 GB (81%) free of 153 GB
Total RAM: 1278 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:24, on 18/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\COMODO\SafeSurf\cssurf.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\Documents and Settings\Hamel\Bureau\RSIT.exe
I:\Program Files\trend micro\Hamel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark 1200 Series] "I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "I:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: rncsys32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O20 - AppInit_DLLs: I:\WINDOWS\system32\cssdll32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1ca0d04fd99b13e) (gupdate1ca0d04fd99b13e) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - I:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

End of file - 8215 bytes

======Scheduled tasks folder======

I:\WINDOWS\tasks\AppleSoftwareUpdate.job
I:\WINDOWS\tasks\Google Software Updater.job
I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}]
Download Manager Browser Helper Object - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL [2006-08-17 520704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - I:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - I:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WOOTASKBARICON"=I:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
"SoundMan"=I:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"NvMediaCenter"=I:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"NvCplDaemon"=I:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"Lexmark 1200 Series"=I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-03-16 57344]
"COMODO SafeSurf"=I:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-06-02 278264]
"avgnt"=I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-20 266497]
"QuickTime Task"=I:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"=I:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]
"ctfmon.exe"=I:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wlancfg"=2

I:\Documents and Settings\Hamel\Menu Démarrer\Programmes\Démarrage
Outil de détection de support Picture Motion Browser.lnk - I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
rncsys32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="I:\WINDOWS\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"I:\WINDOWS\system32\sessmgr.exe"="I:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"I:\Program Files\DNA\btdna.exe"="I:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"I:\Program Files\VideoLAN\VLC\vlc.exe"="I:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"I:\Program Files\Warcraft III\Warcraft III.exe"="I:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"I:\Program Files\Bonjour\mDNSResponder.exe"="I:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"I:\Program Files\iTunes\iTunes.exe"="I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"I:\Program Files\ma-config.com\maconfservice.exe"="I:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-18 11:46:17 ----D---- I:\rsit
2009-08-18 03:36:55 ----A---- I:\WINDOWS\system32\xa.tmp
2009-08-17 07:11:48 ----HDC---- I:\WINDOWS\$NtUninstallKB961118$
2009-08-17 07:11:20 ----HDC---- I:\WINDOWS\$NtUninstallKB925720$
2009-08-16 10:19:42 ----HDC---- I:\WINDOWS\$NtUninstallKB960859$
2009-08-16 10:19:37 ----HDC---- I:\WINDOWS\$NtUninstallKB971657$
2009-08-16 10:19:30 ----HDC---- I:\WINDOWS\$NtUninstallKB971557$
2009-08-16 10:15:46 ----D---- I:\WINDOWS\system32\XPSViewer
2009-08-16 10:15:42 ----D---- I:\Program Files\MSBuild
2009-08-16 10:15:40 ----D---- I:\WINDOWS\system32\en-US
2009-08-16 10:15:33 ----D---- I:\Program Files\Reference Assemblies
2009-08-16 10:15:09 ----N---- I:\WINDOWS\system32\xpssvcs.dll
2009-08-16 10:15:09 ----N---- I:\WINDOWS\system32\xpsshhdr.dll
2009-08-16 10:15:09 ----N---- I:\WINDOWS\system32\prntvpt.dll
2009-08-16 10:15:08 ----D---- I:\0587b78221c883714f7e5cb353e2
2009-08-16 10:12:35 ----HDC---- I:\WINDOWS\$NtUninstallWIC$
2009-08-16 10:12:31 ----D---- I:\Program Files\MSXML 6.0
2009-08-16 10:11:41 ----HDC---- I:\WINDOWS\$NtUninstallKB973869$
2009-08-16 10:11:35 ----HDC---- I:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-16 10:11:31 ----HDC---- I:\WINDOWS\$NtUninstallKB973507$
2009-08-16 10:11:26 ----HDC---- I:\WINDOWS\$NtUninstallKB973354$
2009-08-16 10:11:18 ----D---- I:\WINDOWS\ServicePackFiles
2009-08-16 10:11:17 ----HDC---- I:\WINDOWS\$NtUninstallKB958470$
2009-08-16 10:11:10 ----HDC---- I:\WINDOWS\$NtUninstallKB973815$
2009-08-16 10:11:01 ----HDC---- I:\WINDOWS\$NtUninstallKB971032$
2009-08-16 10:10:48 ----HDC---- I:\WINDOWS\$NtUninstallKB968389$
2009-07-25 10:49:52 ----D---- I:\Documents and Settings\All Users\Application Data\Google Updater

======List of files/folders modified in the last 1 months======

2009-08-18 11:46:24 ----D---- I:\Program Files\Trend Micro
2009-08-18 11:46:10 ----SD---- I:\WINDOWS\Tasks
2009-08-18 11:44:20 ----D---- I:\Program Files\Wanadoo
2009-08-18 11:40:31 ----D---- I:\WINDOWS\Temp
2009-08-18 11:40:31 ----D---- I:\WINDOWS
2009-08-18 11:16:57 ----D---- I:\WINDOWS\system32
2009-08-18 05:35:03 ----N---- I:\WINDOWS\SchedLgU.Txt
2009-08-18 05:23:13 ----D---- I:\WINDOWS\system32\CatRoot2
2009-08-18 03:51:23 ----D---- I:\WINDOWS\system32\drivers
2009-08-17 07:12:16 ----HD---- I:\WINDOWS\inf
2009-08-17 07:12:15 ----D---- I:\WINDOWS\system32\CatRoot
2009-08-17 07:12:00 ----RSHDC---- I:\WINDOWS\system32\dllcache
2009-08-17 07:11:48 ----HD---- I:\WINDOWS\$hf_mig$
2009-08-17 07:11:45 ----SHD---- I:\WINDOWS\Installer
2009-08-17 07:11:45 ----D---- I:\WINDOWS\Microsoft.NET
2009-08-17 04:52:49 ----D---- I:\WINDOWS\Prefetch
2009-08-17 04:51:31 ----RSD---- I:\WINDOWS\assembly
2009-08-17 04:48:54 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI
2009-08-17 04:48:07 ----D---- I:\WINDOWS\system32\Setup
2009-08-16 10:18:19 ----D---- I:\WINDOWS\WinSxS
2009-08-16 10:15:42 ----D---- I:\Program Files
2009-08-16 10:15:38 ----RSD---- I:\WINDOWS\Fonts
2009-08-16 10:15:20 ----D---- I:\WINDOWS\system32\spool
2009-08-16 10:13:41 ----D---- I:\WINDOWS\system32\mui
2009-08-16 10:13:40 ----D---- I:\Program Files\Internet Explorer
2009-08-16 10:11:27 ----D---- I:\Program Files\Outlook Express
2009-08-05 11:06:31 ----A---- I:\WINDOWS\system32\mswebdvd.dll
2009-07-25 10:50:56 ----D---- I:\Program Files\Google
2009-07-19 18:45:00 ----A---- I:\WINDOWS\system32\ieframe.dll
2009-07-19 15:15:02 ----A---- I:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; I:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; I:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-31 75096]
R1 oreans32;oreans32; \??\I:\WINDOWS\system32\drivers\oreans32.sys []
R1 ssmdrv;ssmdrv; I:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Aspi32;Aspi32; I:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 Afc;PPdus ASPI Shell; I:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); I:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-11-06 4024832]
R3 Arp1394;Protocole client ARP 1394; I:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 avgntflt;avgntflt; \??\I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HidUsb;Pilote de classe HID Microsoft; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; I:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; I:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; I:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-10-13 81664]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; I:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Pilote de stockage de masse USB; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vulfnths;VIA USB Host Controller Lower Filter; I:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; I:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\I:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 catchme;catchme; \??\I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 driverhardwarev2;driverhardwarev2; \??\I:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\I:\DOCUME~1\Hamel\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; I:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 npkcrypt;npkcrypt; \??\I:\Documents and Settings\Hamel\Bureau\lineage II\system\npkcrypt.sys []
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 ovt530;Webcam Classic; I:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\I:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\I:\WINDOWS\system32\PCANDIS5.SYS []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SLIP;Détrameur décalage BDA; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sonypvs1;Sony Digital Imaging Video2; I:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 102220]
S3 streamip;BDA IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;Pilote USB audio (WDM); I:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 Apple Mobile Device;Apple Mobile Device; I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Service Bonjour; I:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 FTRTSVC;France Telecom Routing Table Service; I:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 gusvc;Google Software Updater; I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-25 190448]
R2 JavaQuickStarterService;Java Quick Starter; I:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LexBceS;LexBce Server; I:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 UMWdf;Windows User Mode Driver Framework; I:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
S2 gupdate1ca0d04fd99b13e;Service Google Update (gupdate1ca0d04fd99b13e); I:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-25 133104]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; i:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; i:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; I:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 maconfservice;Ma-Config Service; I:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S3 ose;Office Source Engine; I:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; I:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; i:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PPPoESupport;Support du transport PPPoE; I:\WINDOWS\system32\DBR115\DB2\svchost.exe -service []
S4 Wlancfg;Service de lancement de WlanCfg; I:\Program Files\Inventel\Gateway\wlancfg.exe [2005-08-29 1466368]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-18 11:46:25

======Uninstall list======

-->I:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x40c /cont /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x40c /removeonly -removeonly
-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c /removeonly -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf
802.11 USB Wireless LAN Adapter-->I:\WINDOWS\system32\unwlsdrv.exe SiS163u
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe AIR-->i:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->I:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player-->I:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE I:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Any FLV Player 1.1.3-->I:\Program Files\Any FLV Player\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->I:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->I:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"I:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Audio Converter version 4.1-->"I:\Program Files\AVS4YOU\AVSAudioConverter\unins000.exe"
AVS Audio Converter version 5.1-->"I:\Program Files\AVS4YOU\AVSAudioConverter\unins001.exe"
AVS4YOU Software Navigator 1.2-->"I:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"I:\Program Files\CCleaner\uninst.exe"
COMODO SafeSurf-->I:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Compel Adaptec WinASPI-->"I:\Program Files\WinASPI\unins000.exe"
Correctif pour Windows XP (KB952287)-->"I:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"I:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DivX 3.11a-->I:\Program Files\DivX3.11a\uninst.exe
DivX Codec-->I:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->I:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->I:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->I:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->I:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 5 Mpeg Decoders-->"I:\Program Files\DScaler5\unins000.exe"
DVD Shrink 3.2-->"I:\Program Files\DVD Shrink\unins000.exe"
Easy Movie Splitter 2.5.18-->"I:\Program Files\Easy Movie Splitter\unins000.exe"
Easy Video Splitter 1.28-->"I:\Program Files\Easy Video Splitter\unins000.exe"
EVEREST Home Edition v2.20-->"I:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
ffdshow [rev 2060] [2008-08-01]-->"I:\Program Files\ffdshow\unins000.exe"
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Filtre Matroska-->I:\Program Files\Filtre Matroska\Uninstal.exe
Filtre Real Media 9 et 10-->I:\WINDOWS\system32\Uninstalreal.exe
FLV Player-->I:\Program Files\FLV Player\uninstall.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Hercules Webcam-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}\Setup.exe" -l0x40c
HijackThis 2.0.2-->"I:\Program Files\trend micro\HijackThis.exe" /uninstall
Hijackthis Version Française-->"I:\Program Files\Hijackthis Version Française\unins000.exe"
Hospital Tycoon-->I:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"I:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP USB Disk Storage Format Tool-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Online Scanner-->I:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->I:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lame ACM MP3 Codec-->I:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 I:\WINDOWS\INF\LameACM.inf
Lecteur Windows Media 10-->"I:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lexmark 1200 Series-->I:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
m0o launcher-->MsiExec.exe /I{46F171D5-5465-4C7D-89A8-2D3311ADAA34}
Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}
Malwarebytes' Anti-Malware-->"I:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Pack - Lazy Man's MKV 0.9.9-->"I:\Program Files\LD-Anime\unins000.exe"
Medal of Honor débarquement allié-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x40c
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->I:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft PowerPoint 2000 SR-1-->MsiExec.exe /I{0013040C-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"I:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"I:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"I:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"I:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"I:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"I:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"I:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"I:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"I:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"I:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"I:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"I:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"I:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"I:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"I:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"I:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"I:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"I:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"I:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"I:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"I:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958470)-->"I:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"I:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"I:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"I:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"I:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"I:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"I:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"I:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"I:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"I:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"I:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"I:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"I:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"I:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"I:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971032)-->"I:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"I:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"I:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"I:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"I:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"I:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"I:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"I:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720)-->"I:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"I:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"I:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"I:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"I:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Movavi Flash Converter-->MsiExec.exe /I{ED3DA206-194C-4061-B55E-8E27170BE621}
Mozilla Firefox (2.0.0.11)-->I:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mpeg Layer3 Codec FHG-Radium v1.263-->I:\WINDOWS\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->I:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de connexion Wanadoo-->I:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo
Outil de mise à jour Google-->"I:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PC Wizard 2007.1.72-->"I:\Program Files\PC Wizard 2007\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x40c -removeonly
Ri4m v5.0.1d-->I:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Riva FLV Encoder 2.0-->"I:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Sony Picture Utility-->I:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x40c UNINSTALL -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Utilitaire de réinitialisation iPod-->MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}
VD Codec Pack 3.7-->I:\Program Files\VDCodecPack3.7\uninst.exe
VIA Platform Device Manager-->I:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6a-->I:\Program Files\VideoLAN\VLC\uninstall.exe
VirginMega DownloadManager-->"I:\Program Files\VirginMega\DownloadManager\Uninstall.exe" "I:\Program Files\VirginMega\DownloadManager\install.log"
Wanadoo Messager-->I:\PROGRA~1\WANADO~1\UNWISE.EXE I:\PROGRA~1\WANADO~1\INSTALL.LOG
Windows Imaging Component-->"I:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"I:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"I:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
x264 VFW (remove only)-->"I:\WINDOWS\system32\x264-uninstall.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: COMODO Firewall Pro

======System event log======

Computer Name: UNICORNI-555983
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 73852
Source Name: Service Control Manager
Time Written: 20090713140427.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: UNICORNI-555983
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 73851
Source Name: Service Control Manager
Time Written: 20090713140427.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-555983
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{93A64A34-A037-4403-8B15-13C35209E289} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 73850
Source Name: Tcpip
Time Written: 20090713140416.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-555983
Event Code: 17
Message: AVGNTFLT successfully loaded

Record Number: 73849
Source Name: avgntflt
Time Written: 20090713140413.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-555983
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 73848
Source Name: EventLog
Time Written: 20090713140406.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: UNICORNI-555983
Event Code: 4113
Message:
Record Number: 14464
Source Name: Avira AntiVir
Time Written: 20090301060355.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: UNICORNI-555983
Event Code: 4113
Message:
Record Number: 14463
Source Name: Avira AntiVir
Time Written: 20090301060355.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: UNICORNI-555983
Event Code: 11729
Message: Produit : Microsoft PowerPoint 2000 SR-1 -- La configuration a échoué.

Record Number: 14462
Source Name: MsiInstaller
Time Written: 20090301052530.000000+060
Event Type: Informations
User: UNICORNI-555983\Hamel

Computer Name: UNICORNI-555983
Event Code: 1001
Message: Échec de détection du produit '{0013040C-78E1-11D2-B60F-006097C998E7}', fonctionnalité 'HTMLSourceEditing' lors de la demande du composant '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 14461
Source Name: MsiInstaller
Time Written: 20090301052528.000000+060
Event Type: Avertissement
User: UNICORNI-555983\Hamel

Computer Name: UNICORNI-555983
Event Code: 4113
Message:
Record Number: 14460
Source Name: Avira AntiVir
Time Written: 20090301043331.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;I:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;I:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=I:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

A voir également:

Google
Google maps satellite - Guide
Dns google - Guide
Google earth - Télécharger - 3D
Google - Guide
Créer un compte google - Guide

3 réponses

Réponse 1 / 3

sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
18 août 2009 à 15:06

infection PWS:Win32.Daurso.A
Télécharge combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt

Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
arrete les anti virus et autres protection pendand l'analyse
Pendant la durée de l'analyse ne te sert pas de ton pc

une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares

YAN
18 août 2009 à 16:14

Sherred, bonjour

Ci-dessous le rapport,
ComboFix 09-08-10.06 - Hamel 18/08/2009 16:02.7.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1278.962 [GMT 2:00]
Running from: i:\documents and settings\Hamel\Bureau\Killfix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\docume~1\ALLUSE~1\APPLIC~1\97720616.ini
i:\documents and settings\Hamel\Application Data\wiaserva.log
i:\documents and settings\Hamel\system.exe
i:\windows\system32\drivers\UACbpjovbondl.sys
i:\windows\system32\UACdyijkdlymk.db
i:\windows\system32\uacinit.dll
i:\windows\system32\UACrmkkjbotvk.dll
i:\windows\system32\UACrnoedklypm.dll
i:\windows\system32\UACvrduynstak.dat
i:\windows\system32\UACvxowjqpapl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 09:46 . 2009-08-18 09:46 -------- d-----w- I:\rsit
2009-08-18 01:51 . 2009-08-18 01:51 -------- d-sh--w- i:\windows\system32\config\systemprofile\IETldCache
2009-08-16 08:15 . 2009-08-16 08:15 -------- d-----w- i:\windows\system32\XPSViewer
2009-08-16 08:15 . 2009-08-16 08:15 -------- d-----w- i:\program files\MSBuild
2009-08-16 08:15 . 2009-08-16 08:15 -------- d-----w- i:\program files\Reference Assemblies
2009-08-16 08:15 . 2008-07-06 12:06 89088 -c----w- i:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 08:15 . 2008-07-06 12:06 575488 -c----w- i:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 08:15 . 2008-07-06 12:06 575488 ------w- i:\windows\system32\xpsshhdr.dll
2009-08-16 08:15 . 2008-07-06 12:06 1676288 -c----w- i:\windows\system32\dllcache\xpssvcs.dll
2009-08-16 08:15 . 2008-07-06 12:06 1676288 ------w- i:\windows\system32\xpssvcs.dll
2009-08-16 08:15 . 2008-07-06 12:06 117760 ------w- i:\windows\system32\prntvpt.dll
2009-08-16 08:15 . 2008-07-06 10:50 597504 -c----w- i:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 08:15 . 2009-08-16 08:15 -------- d-----w- I:\0587b78221c883714f7e5cb353e2
2009-08-16 08:12 . 2009-08-16 08:12 -------- d-----w- i:\program files\MSXML 6.0
2009-08-16 08:11 . 2009-08-16 08:11 -------- d-----w- i:\windows\ServicePackFiles
2009-07-29 00:51 . 2009-07-03 16:57 55296 -c----w- i:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 00:51 . 2009-07-03 16:57 594432 -c----w- i:\windows\system32\dllcache\msfeeds.dll
2009-07-25 09:08 . 2009-07-25 09:08 -------- d-----w- i:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-25 08:50 . 2009-07-25 08:50 -------- d-----w- i:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-25 08:49 . 2009-07-25 08:49 -------- d-----w- i:\docume~1\ALLUSE~1\APPLIC~1\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 14:09 . 2008-04-05 08:55 -------- d-----w- i:\program files\Wanadoo
2009-08-18 09:46 . 2008-11-29 10:51 -------- d-----w- i:\program files\Trend Micro
2009-08-18 01:36 . 2009-08-18 01:36 784502 ----a-w- i:\windows\system32\xa.tmp
2009-08-17 02:48 . 2001-08-24 12:00 80508 ----a-w- i:\windows\system32\perfc00C.dat
2009-08-17 02:48 . 2001-08-24 12:00 500482 ----a-w- i:\windows\system32\perfh00C.dat
2009-08-05 09:06 . 2004-08-03 22:54 205312 ----a-w- i:\windows\system32\mswebdvd.dll
2009-07-25 08:50 . 2007-02-27 13:03 -------- d-----w- i:\program files\Google
2009-07-17 18:56 . 2004-08-03 22:54 58880 ----a-w- i:\windows\system32\atl.dll
2009-07-13 08:08 . 2004-08-03 22:54 286720 ----a-w- i:\windows\system32\wmpdxm.dll
2009-07-05 06:31 . 2007-02-27 09:22 22112 ----a-w- i:\documents and settings\Hamel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 06:19 . 2009-07-05 06:19 -------- d-----w- i:\program files\Cucusoft
2009-07-04 17:08 . 2009-07-04 17:08 -------- d-----w- i:\program files\eRightSoft
2009-07-04 15:48 . 2009-07-04 15:48 33824 ----a-w- i:\windows\system32\drivers\oreans32.sys
2009-07-03 16:57 . 2004-08-03 22:54 915456 ----a-w- i:\windows\system32\wininet.dll
2009-06-25 18:36 . 2004-08-03 22:54 95744 ----a-w- i:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 22:54 661504 ----a-w- i:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 22:54 527360 ----a-w- i:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 22:54 517120 ----a-w- i:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 22:54 48640 ----a-w- i:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 22:54 186880 ----a-w- i:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 22:54 177152 ----a-w- i:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 22:54 123392 ----a-w- i:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2004-08-03 22:54 47104 ----a-w- i:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 22:54 225280 ----a-w- i:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 22:54 16896 ----a-w- i:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 22:54 138240 ----a-w- i:\windows\system32\mqad.dll
2009-06-25 08:44 . 2004-08-03 22:54 59392 ----a-w- i:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 22:54 56320 ----a-w- i:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 22:54 168448 ----a-w- i:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 22:54 133632 ----a-w- i:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-03 22:54 731136 ----a-w- i:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 22:54 298496 ----a-w- i:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-03 22:54 19968 ----a-w- i:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 22:54 117248 ----a-w- i:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 22:54 4608 ----a-w- i:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- i:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 20:59 92544 ----a-w- i:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:54 . 2004-08-03 22:54 119808 ----a-w- i:\windows\system32\t2embed.dll
2009-06-16 14:54 . 2001-08-24 12:00 82432 ----a-w- i:\windows\system32\fontsub.dll
2009-06-15 11:33 . 2004-08-03 22:55 78848 ----a-w- i:\windows\system32\telnet.exe
2009-06-15 11:32 . 2004-08-03 22:55 82944 ----a-w- i:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2004-08-03 22:54 85504 ----a-w- i:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-03 22:54 132096 ----a-w- i:\windows\system32\wkssvc.dll
2009-06-05 07:46 . 2007-02-24 18:27 655872 ----a-w- i:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-03 22:54 1296896 ----a-w- i:\windows\system32\quartz.dll
2009-05-31 06:01 . 2008-06-01 11:32 75096 ----a-w- i:\windows\system32\drivers\avipbb.sys
2008-04-05 09:02 . 2007-02-27 12:35 278528 ----a-w- i:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="i:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOTASKBARICON"="i:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Lexmark 1200 Series"="i:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"COMODO SafeSurf"="i:\program files\COMODO\SafeSurf\cssurf.exe" [2008-06-02 278264]
"avgnt"="i:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - i:\windows\soundman.exe [2006-08-02 577536]

i:\documents and settings\Hamel\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - i:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-7-12 344064]
rncsys32.exe [2004-8-4 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=i:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wlancfg"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"i:\\WINDOWS\\system32\\sessmgr.exe"=
"i:\\Program Files\\DNA\\btdna.exe"=
"i:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"i:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15625:TCP"= 15625:TCP:BitComet 15625 TCP
"15625:UDP"= 15625:UDP:BitComet 15625 UDP

R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;i:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
S2 gupdate1ca0d04fd99b13e;Service Google Update (gupdate1ca0d04fd99b13e);i:\program files\Google\Update\GoogleUpdate.exe [25/07/2009 10:50 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;i:\windows\system32\drivers\Aspi32.sys [04/12/2007 14:18 25244]
S3 maconfservice;Ma-Config Service;i:\program files\ma-config.com\maconfservice.exe [15/03/2009 10:34 216232]
S3 ovt530;Webcam Classic;i:\windows\system32\drivers\ov530vid.sys [12/03/2007 17:14 161792]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 PPPoESupport;Support du transport PPPoE;"i:\windows\system32\DBR115\DB2\svchost.exe" -service --> i:\windows\system32\DBR115\DB2\svchost.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3100970B-5B44-706C-2ABF-A00315A1F060}]
i:\windows\system32:iexplore.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wanadoo.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
Trusted Zone: secuser.com\www
DPF: Microsoft XML Parser for Java - file://i:\windows\Java\classes\xmldso.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - i:\docume~1\Hamel\APPLIC~1\Mozilla\Firefox\Profiles\57ewjog1.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 16:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2972)
i:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\LEXBCES.EXE
i:\windows\system32\LEXPPS.EXE
i:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
i:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
i:\program files\Bonjour\mDNSResponder.exe
i:\windows\system32\FTRTSVC.exe
i:\program files\Java\jre6\bin\jqs.exe
i:\windows\system32\nvsvc32.exe
i:\windows\system32\wdfmgr.exe
i:\windows\system32\wscntfy.exe
i:\program files\Lexmark 1200 Series\lxczbmon.exe
i:\progra~1\Wanadoo\TaskBarIcon.exe
i:\progra~1\Wanadoo\EspaceWanadoo.exe
i:\progra~1\Wanadoo\ComComp.exe
i:\progra~1\Wanadoo\Toaster.exe
i:\progra~1\Wanadoo\Inactivity.exe
i:\progra~1\Wanadoo\PollingModule.exe
i:\progra~1\Wanadoo\Watch.exe
.
**************************************************************************
.
Completion time: 2009-08-18 16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 14:12

Pre-Run: 129 501 556 736 octets libres
Post-Run: 129 478 447 104 octets libres

204 --- E O F --- 2009-08-17 05:12

Réponse 2 / 3

sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
18 août 2009 à 16:24

télécharge Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des éléments on été trouvés > click sur supprimer la sélection.

si il t´es demandé de redémarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

YAN
18 août 2009 à 16:46

Sherred,

Voici le rapport,

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2649
Windows 5.1.2600 Service Pack 2

18/08/2009 16:41:30
mbam-log-2009-08-18 (16-41-29).txt

Type de recherche: Examen rapide
Eléments examinés: 92318
Temps écoulé: 4 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
I:\Documents and Settings\Hamel\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
I:\Documents and Settings\Hamel\Menu Démarrer\Programmes\Démarrage\rncsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Réponse 3 / 3

sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
18 août 2009 à 16:48

comment ce comporte ton pc?

YAN
18 août 2009 à 16:58

Je crois que tout fonctionne correctement maintenant.

Merci beaucoup.

Yan

Discussions similaires

Prélèvement Google Ireland Limited

Discussions similaires

Newsletters