IE pub sans raison

Granstek -
Utilisateur anonyme - 27 déc. 2009 à 20:08

Bonjour,

Alors voici mon probléme, a n'importe quel moment IE s'ouvrait sur des pages publicitaire, depuis peux en recherchant intérieurement via panda global protection 2009, celui ci arrive a bloqué les pages publicitaires, en me proposant de redémarré pour supprimé le fichier vérolé....petit hic....aprés redémarrage le fichier source doit surement encore éxisté, vu que panda est repartit pour m'annoncer qu'il continue d'en bloqué, voir me redemande de re-démarré encore une fois mon ordinateur pour encore tenter de le supprimer....

Les fichier trouvé par panda ne sont jamais 2 fois les même.... voici donc 2 rapport qui pourront peut-être vous aidé, voir m'aidé...merci par avance

RAPPORT 1 :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Granstek at 2009-12-27 17:09:59
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 629 GB (93%) free of 675 GB
Total RAM: 3070 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:29, on 27/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Granstek\Downloads\RSIT.exe
C:\Program Files\trend micro\Granstek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NETGATE Registry Cleaner Service (NGRegClnSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 8659 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\Nettoyage de base.job
C:\Windows\tasks\User_Feed_Synchronization-{6ED5E05E-7418-404C-A353-351CE42B18B2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE [2009-07-15 881920]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe [2008-07-07 50432]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-30 7289376]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2017b699-43d1-11de-b3fc-00218563668e}]
shell\AutoRun\command - G:\autorun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\PROGRA~1\Panda Security\Panda Global Protection 2009\PAVSCRIP.EXE "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.vbs - open - C:\PROGRA~1\Panda Security\Panda Global Protection 2009\PAVSCRIP.EXE "%1" %*

======List of files/folders created in the last 1 months======

2009-12-27 17:09:59 ----D---- C:\rsit
2009-12-27 17:09:59 ----D---- C:\Program Files\trend micro
2009-12-27 12:01:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-27 12:01:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-27 11:27:06 ----D---- C:\Users\Granstek\AppData\Roaming\Malwarebytes
2009-12-27 11:27:00 ----D---- C:\ProgramData\Malwarebytes
2009-12-27 11:06:02 ----D---- C:\Users\Granstek\AppData\Roaming\BleachBit
2009-12-27 11:05:52 ----D---- C:\Program Files\BleachBit
2009-12-27 10:51:44 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-27 10:49:28 ----D---- C:\ProgramData\Lavasoft
2009-12-26 20:17:35 ----D---- C:\gPotato.eu
2009-12-26 14:51:11 ----D---- C:\ProgramData\ATI
2009-12-26 14:46:52 ----A---- C:\Windows\system32\Oemdspif.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atiumdva.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atiumdag.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atitmmxx.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atipdlxx.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atioglxx.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\ATIODE.exe
2009-12-26 14:46:52 ----A---- C:\Windows\system32\ATIODCLI.exe
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atimuixx.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atimpc32.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atiesrxx.exe
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atieclxx.exe
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atidxx32.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\ATIDEMGX.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\aticalrt.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\aticaldd.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\aticalcl.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atibtmon.exe
2009-12-26 14:46:52 ----A---- C:\Windows\system32\atiadlxx.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\ati2edxx.dll
2009-12-26 14:46:52 ----A---- C:\Windows\system32\amdpcom32.dll
2009-12-26 13:31:34 ----D---- C:\Windows\Sun
2009-12-23 23:26:32 ----A---- C:\Windows\lz_tcm.ini
2009-12-20 09:10:57 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-12-20 09:10:57 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-12-20 09:10:54 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-12-20 09:10:53 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-12-20 09:10:52 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-12-20 09:10:52 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-12-20 09:10:51 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-12-20 09:10:51 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-12-20 09:10:50 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-12-20 09:09:38 ----D---- C:\Program Files\CAPCOM
2009-12-19 18:25:57 ----D---- C:\Users\Granstek\AppData\Roaming\runic games
2009-12-19 18:24:22 ----D---- C:\Program Files\Runic Games
2009-12-19 11:19:12 ----D---- C:\Program Files\Creative Labs
2009-12-19 11:19:12 ----A---- C:\Windows\system32\eax.dll
2009-12-19 11:18:06 ----A---- C:\Windows\IsUn040c.exe
2009-12-09 23:43:58 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 23:43:56 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 23:41:26 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 23:41:25 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 23:41:25 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 23:41:25 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 23:41:24 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 23:41:24 ----A---- C:\Windows\system32\occache.dll
2009-12-09 23:41:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 23:41:24 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 23:41:24 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 23:41:24 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 23:41:23 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 23:41:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 23:41:23 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 23:41:23 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 23:41:23 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 23:41:23 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 23:41:23 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 23:41:23 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 16:47:39 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 16:47:15 ----A---- C:\Windows\system32\rastls.dll
2009-11-30 18:02:40 ----A---- C:\Windows\system32\xliveinstall.dll
2009-11-30 18:02:38 ----A---- C:\Windows\system32\xliveinstallhost.exe

======List of files/folders modified in the last 1 months======

2009-12-27 17:10:06 ----D---- C:\Windows\Temp
2009-12-27 17:10:02 ----D---- C:\Windows\system32\drivers
2009-12-27 17:09:59 ----RD---- C:\Program Files
2009-12-27 16:46:49 ----D---- C:\Windows\System32
2009-12-27 16:46:49 ----D---- C:\Windows\inf
2009-12-27 16:46:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-27 16:42:43 ----D---- C:\Windows
2009-12-27 16:38:13 ----D---- C:\Windows\system32\catroot
2009-12-27 16:38:00 ----D---- C:\Windows\system32\catroot2
2009-12-27 16:37:59 ----SHD---- C:\System Volume Information
2009-12-27 16:24:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-27 16:02:36 ----D---- C:\Program Files\D-Link
2009-12-27 14:06:10 ----D---- C:\Users\Granstek\AppData\Roaming\Macromedia
2009-12-27 13:18:23 ----HD---- C:\ProgramData
2009-12-27 12:55:07 ----SHD---- C:\Windows\Installer
2009-12-27 12:52:25 ----D---- C:\Windows\system32\Tasks
2009-12-27 00:00:02 ----D---- C:\Windows\Tasks
2009-12-27 00:00:00 ----SHD---- C:\$Recycle.Bin
2009-12-26 19:10:28 ----D---- C:\Program Files\League of Legends
2009-12-26 17:23:53 ----D---- C:\Users\Granstek\AppData\Roaming\uTorrent
2009-12-26 15:52:30 ----D---- C:\Windows\pss
2009-12-26 14:49:10 ----RSD---- C:\Windows\assembly
2009-12-26 14:46:59 ----D---- C:\Program Files\ATI Technologies
2009-12-26 14:35:26 ----SD---- C:\Windows\Downloaded Program Files
2009-12-26 14:35:24 ----D---- C:\ProgramData\ma-config.com
2009-12-26 14:35:24 ----D---- C:\Program Files\ma-config.com
2009-12-26 14:32:31 ----D---- C:\Program Files\Ubisoft
2009-12-26 13:01:09 ----D---- C:\Program Files\Glary Utilities
2009-12-25 22:41:17 ----D---- C:\Users\Granstek\AppData\Roaming\vlc
2009-12-23 17:02:50 ----SD---- C:\ProgramData\Microsoft
2009-12-20 20:13:52 ----D---- C:\Windows\winsxs
2009-12-15 19:48:08 ----D---- C:\ProgramData\Microsoft Help
2009-12-15 19:47:19 ----RSD---- C:\Windows\Fonts
2009-12-15 19:47:18 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-15 19:47:11 ----D---- C:\Program Files\Microsoft Works
2009-12-15 19:44:21 ----A---- C:\Windows\win.ini
2009-12-15 19:44:20 ----D---- C:\Program Files\Common Files\System
2009-12-15 19:44:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-15 17:58:13 ----D---- C:\Users\Granstek\AppData\Roaming\teamspeak2
2009-12-12 19:42:10 ----D---- C:\Windows\Debug
2009-12-10 16:52:43 ----D---- C:\Windows\rescache
2009-12-09 23:47:15 ----D---- C:\Windows\system32\migration
2009-12-09 23:47:15 ----D---- C:\Windows\system32\fr-FR
2009-12-09 23:47:15 ----D---- C:\Program Files\Windows Mail
2009-12-09 23:47:15 ----D---- C:\Program Files\Internet Explorer
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 13:52:04 ----D---- C:\Users\Granstek\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPFLT;App Filter Plugin; \??\C:\Windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
R1 DSAFLT;DSA Filter Plugin; \??\C:\Windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
R1 FNETMON;NetMon Filter Plugin; \??\C:\Windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
R1 IDSFLT;Ids Filter Plugin; \??\C:\Windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\Windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 158848]
R1 ShldDrv;Panda File Shield Driver; C:\Windows\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-03-05 5632]
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\Windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
R2 ACEDRV07;ACEDRV07; \??\C:\Windows\system32\drivers\ACEDRV07.sys [2009-08-12 101376]
R2 AmFSM;AmFSM; C:\Windows\system32\DRIVERS\amm8660.sys [2008-02-13 49208]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-08 281760]
R2 ComFiltr;Panda Anti-Dialer; \??\C:\Windows\system32\DRIVERS\COMFiltr.sys [2009-04-04 13880]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-08 25888]
R2 PavProc;Panda Process Protection Driver; \??\C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-30 2350624]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 LVUVC;Logitech QuickCam S5500(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34; C:\Windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-02-20 153952]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-11-16 216576]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S1 SuperMounter;SuperMounter; C:\Windows\system32\drivers\SuperMounter.sys []
S3 aa1y55yz;aa1y55yz; C:\Windows\system32\drivers\aa1y55yz.sys []
S3 acxoo0dw;acxoo0dw; C:\Windows\system32\drivers\acxoo0dw.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-02-20 95760]
S3 AvFlt;Antivirus Filter Driver; C:\Windows\system32\drivers\AvFlt.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-18 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 GMSIPCI;GMSIPCI; C:\Windows\system32\drivers\GMSIPCI.sys []
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NTACCESS;NTACCESS; C:\Windows\system32\drivers\NTACCESS.sys []
S3 PavSRK.sys;PavSRK.sys; C:\Windows\system32\drivers\PavSRK.sys.sys []
S3 PavTPK.sys;PavTPK.sys; C:\Windows\system32\drivers\PavTPK.sys.sys []
S3 RT61;D-Link Wireless Driver; C:\Windows\system32\DRIVERS\RT61.sys [2007-05-12 286208]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-11-22 1333016]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\Windows\system32\svchost -k Panda []
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 NGRegClnSrv;NETGATE Registry Cleaner Service; C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [2009-09-02 440912]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe [2008-07-04 290048]
R2 PSHost;Panda Host Service; c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE [2008-06-12 226608]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe [2008-06-25 28928]
R2 SCM_Service;SCM_Service; C:\Windows\System32\WinService.exe [2007-07-17 180224]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe [2008-07-17 157440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-10 651720]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-18 121360]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-11-03 435016]

-----------------EOF-----------------

RAPPORT 2 :

info.txt logfile of random's system information tool 1.06 2009-12-27 17:10:31

======Uninstall list======

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Allods Online 1.0.04.22-->C:\gPotato.eu\Allods Online\uninst.exe
Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
AutoCAD 2010 - Français-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-040C-0002-0060B0CE6BBA} /M ACAD /language fr-FR
AutoCAD 2010 - Français-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-040C-0002-0060B0CE6BBA} /M ACAD /language fr-FR
Autodesk Design Review 2010-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Diskeeper 2009 Pro Premier-->MsiExec.exe /X{593D4F8A-5F11-4901-A74A-6E7971E45790}
EAX(tm) Unified (SHELL)-->C:\Windows\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ffdshow [rev 3040] [2009-07-25]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Glary Utilities 2.18.0.786-->"C:\Program Files\Glary Utilities\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KGB Archiver 1.2.0.23 fixed-->"C:\Program Files\KGB Archiver\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 4.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech SetPoint 5.20-->MsiExec.exe /I{D3120436-1358-4253-9EB2-257FFE8CE1D9}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly
Logitech Webcam Software-->MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Native Client-->MsiExec.exe /I{1F24E48F-7692-4E89-8784-68DD4D2712A0}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{A30179B7-997A-4D47-AA43-57AE59A9C78B}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
NETGATE Registry Cleaner-->"C:\Program Files\NETGATE\Registry Cleaner\unins000.exe"
NFO viewer v 2.1-->"C:\Program Files\NFO viewer\unins000.exe"
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RESIDENT EVIL 5-->MsiExec.exe /X{AC08BBA0-96B9-431A-A7D0-D8598E493775}
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SereneScreen Marine Aquarium 3-->"C:\Program Files\SereneScreen\Marine Aquarium 3\unins000.exe"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SlimDX Redistributable (March 2009)-->MsiExec.exe /X{D5395E5F-4D45-4665-8F00-234FA33678AF}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Torchlight-->C:\Program Files\Runic Games\Torchlight\uninstall.exe
Transmod Rev.4b - Traduction Française pour Torchlight (v1.12)-->"C:\Users\Granstek\AppData\Roaming\runic games\torchlight\unins000.exe"
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-Granstek
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système.
Record Number: 180727
Source Name: Microsoft-Windows-Servicing
Time Written: 20090826150515.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB970653(Update) n’est pas applicable à ce système.
Record Number: 180724
Source Name: Microsoft-Windows-Servicing
Time Written: 20090826150515.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB972036(Update) n’est pas applicable à ce système.
Record Number: 180550
Source Name: Microsoft-Windows-Servicing
Time Written: 20090826150449.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB972036(Update) n’est pas applicable à ce système.
Record Number: 180549
Source Name: Microsoft-Windows-Servicing
Time Written: 20090826150449.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 8032
Message: Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{9210C4C8-9BDD-4602-9DE1-12259E935E7B}. L'explorateur secondaire s'arrête.
Record Number: 180508
Source Name: BROWSER
Time Written: 20090826124032.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-Granstek
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2732807789-3409713009-2805001186-1003_Classes:
Process 1108 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003_CLASSES

Record Number: 75585
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090815183331.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
17 user registry handles leaked from \Registry\User\S-1-5-21-2732807789-3409713009-2805001186-1003:
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 1108 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\trust
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\Root
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Policies\Microsoft\SystemCertificates
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Policies\Microsoft\SystemCertificates
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Policies\Microsoft\SystemCertificates
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Policies\Microsoft\SystemCertificates
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\My
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\CA
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2084 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\TrustedPeople

Record Number: 75584
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090815183330.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 75565
Source Name: Microsoft-Windows-WMI
Time Written: 20090815132942.000000-000
Event Type: Erreur
User:

Computer Name: PC-Granstek
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2732807789-3409713009-2805001186-1003_Classes:
Process 1124 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003_CLASSES

Record Number: 75546
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090815131746.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-Granstek
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
11 user registry handles leaked from \Registry\User\S-1-5-21-2732807789-3409713009-2805001186-1003:
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 1124 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\trust
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\Root
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Policies\Microsoft\SystemCertificates
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Policies\Microsoft\SystemCertificates
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\My
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\CA
Process 2116 (\Device\HarddiskVolume1\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe) has opened key \REGISTRY\USER\S-1-5-21-2732807789-3409713009-2805001186-1003\Software\Microsoft\SystemCertificates\SmartCardRoot

Record Number: 75545
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090815131746.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-Granstek
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 75826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090815132930.255765-000
Event Type: Succès de l'audit
User:

Computer Name: PC-Granstek
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID du compte : 0x3a57d

Type d’ouverture de session : 3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number

Afficher la suite

A voir également:

IE pub sans raison
Compte facebook désactivé sans raison - Guide
Mon pc freeze sans raison - Guide
Supprimer pub youtube - Accueil - Streaming
Compte instagram desactivé sans raison - Guide
Ie tab - Télécharger - Outils pour navigateurs

4 réponses

Réponse 1 / 4

Utilisateur anonyme

• Bonjour

• Télécharge et installe : Malwarebyte’s Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici.(poste le rapport, même si rien n'est détecté.)
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Granstek

Voila, désolè se fut un peux long alors =>

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3439
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

27/12/2009 18:52:53
mbam-log-2009-12-27 (18-52-53).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 314454
Temps écoulé: 54 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\PS2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Granstek > Granstek

Voici une des intervention de panda suite au redémarrage aprés Malwarebytes

https://www.pandasecurity.com/en/security-info/?idVirus=71657

Réponse 2 / 4

Utilisateur anonyme

* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

:processes
explorer.exe

:services
SCM_Service

:files
c:\windows\system32\winservice.exe

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCM_Service]

:commands
[emptytemp]
[purity]
[start explorer]
[reboot]

-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

Granstek

Voila

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service SCM_Service stopped successfully!
Service SCM_Service deleted successfully!
========== FILES ==========
c:\windows\system32\WinService.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCM_Service\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Granstek
->Temp folder emptied: 146770 bytes
->Temporary Internet Files folder emptied: 2321886 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 158712 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 107568 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13426544 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_193056

Files moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Réponse 3 / 4

Utilisateur anonyme

Même chose avec.
Relances OtmoveIT (de Old_Timer):Post le rapport OTM qu'il va Générer.

:processes
explorer.exe

:services
aa1y55yz
acxoo0dw

:files
C:\gPotato.eu
C:\Windows\lz_tcm.ini
C:\Windows\system32\drivers\aa1y55yz.sys []
C:\Windows\system32\drivers\acxoo0dw.sys

:commands
[emptytemp]
[purity]
[start explorer]
[reboot]

Granstek

Voila...

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named aa1y55yz was found to stop!
Unable to stop service aa1y55yz!
Error: No service named acxoo0dw was found to stop!
Unable to stop service acxoo0dw!
========== FILES ==========
C:\gPotato.eu\Allods Online\data\Packs folder moved successfully.
C:\gPotato.eu\Allods Online\data folder moved successfully.
C:\gPotato.eu\Allods Online\bin folder moved successfully.
C:\gPotato.eu\Allods Online folder moved successfully.
C:\gPotato.eu folder moved successfully.
C:\Windows\lz_tcm.ini moved successfully.
File/Folder C:\Windows\system32\drivers\aa1y55yz.sys [] not found.
File/Folder C:\Windows\system32\drivers\acxoo0dw.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Granstek
->Temp folder emptied: 1795171 bytes
->Temporary Internet Files folder emptied: 1060435 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 158712 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33614 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_195246

Files moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Granstek

Voila

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Error: No service named aa1y55yz was found to stop!
Unable to stop service aa1y55yz!
Error: No service named acxoo0dw was found to stop!
Unable to stop service acxoo0dw!
========== FILES ==========
C:\gPotato.eu\Allods Online\data\Packs folder moved successfully.
C:\gPotato.eu\Allods Online\data folder moved successfully.
C:\gPotato.eu\Allods Online\bin folder moved successfully.
C:\gPotato.eu\Allods Online folder moved successfully.
C:\gPotato.eu folder moved successfully.
C:\Windows\lz_tcm.ini moved successfully.
File/Folder C:\Windows\system32\drivers\aa1y55yz.sys [] not found.
File/Folder C:\Windows\system32\drivers\acxoo0dw.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Granstek
->Temp folder emptied: 1795171 bytes
->Temporary Internet Files folder emptied: 1060435 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 158712 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33614 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_195246

Files moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Granstek > Granstek

Désolè pour la double réponse

Réponse 4 / 4

Utilisateur anonyme

Post un nouveau rapport rsit.a+

Discussions similaires

Ouvrir un fichier .pub sans Publisher

Ouvrir document Publisher sans Publisher

Lire, afficher, exécuter un fichier *.pub sans Publisher

mon téléphone sonne tout seul

Discussions similaires

Newsletters