Erreur de chargement My Web Search

Rose23 -  
flo-91 Messages postés 5973 Statut Contributeur sécurité -
Bonjour,

Lorsque j'allume mon pc, j'ai un encadré rectangulaire qui m'annonce "erreur de chargement de C:\PROGRA~1\MYWEBS~1/bar\1-bin\M3PLUGIN-DLL "

... Que faire pour m'en débarasser??

J'ai fais une analyse avec "hijackthis", la voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:48, on 08/01/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\mss\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\mss\AppData\Local\pqzblt.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Users\mss\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\mss\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Google Update] "C:\Users\mss\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [pqzblt] "c:\users\mss\appdata\local\pqzblt.exe" pqzblt
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\mss\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15098 bytes

Merci d'avance pour votre réponse!!
Configuration: Windows Vista
Firefox 3.5.7

30 réponses

  • 1
  • 2
  1. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Bonjour, tu es infecté par l'ad-aware My Web Search:

    Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
    sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
    Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    >Ad-Remover<

    >Telecharge Ad-Remover et enregistre-le sur ton bureau :

    https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/

    >Désactive ton antivirus le temps de la manip
    >Déconnecte-toi d'Internet et ferme toutes applications en cours
    >Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
    >Au menu principal, choisis l'option L ( Nettoyage )
    >Poste le rapport généré (C:\Ad-Report-CLEAN.log).
    >N'oublie pas de réactiver ton anti-virus
    0
  2. Rose23
     
    Voici le rapport!

    Par contre, je n'ai pas réussi a désactiver mon antivirus avant le nettoyage =S.

    ======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 05.01.2010 à 18:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 12:21:50, 08/01/2010 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
    Nom du PC: PC-DE-MSS | Utilisateur actuel: mss

    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: MyWebSearchService - ... [b]ERREUR SUPPRESSION !![/b]

    C:\Users\mss\AppData\Roaming\Mozilla\FireFox\Profiles\wn4237sj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    C:\Users\mss\AppData\Roaming\Mozilla\FireFox\Profiles\wn4237sj.default\searchplugins\mywebsearch.xml
    C:\Users\mss\AppData\Roaming\Mozilla\FireFox\Profiles\wn4237sj.default\searchplugins\sweetim.xml
    C:\Users\mss\AppData\Roaming\Mozilla\FireFox\Profiles\wn4237sj.default\SweetIMToolbarData
    C:\Program Files\Mozilla FireFox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com
    C:\Windows\System32\f3PSSavr.scr
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Zango
    C:\Program Files\FunWebProducts
    C:\Program Files\GamesBar
    C:\Program Files\pdfforge Toolbar
    C:\Program Files\ShoppingReport
    C:\Program Files\Zango
    C:\Users\mss\AppData\Roaming\WeatherDPA
    C:\Users\mss\AppData\Roaming\Zango
    C:\Users\mss\AppData\LocalLow\FunWebProducts
    C:\Users\mss\AppData\LocalLow\MyWebSearch
    C:\Users\mss\AppData\LocalLow\pdfforge
    C:\Users\mss\AppData\LocalLow\Search Settings
    C:\Users\mss\AppData\LocalLow\ShoppingReport
    C:\Users\mss\AppData\LocalLow\Zango
    C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    C:\ProgramData\ZangoSA
    C:\Windows\Installer\1ff0ab.msi
    C:\Users\mss\AppData\Local\espgd.bat
    C:\Users\mss\AppData\Local\ljntywai.bat
    C:\Users\mss\AppData\Local\ocaciug.bat
    C:\Users\mss\AppData\Local\pqzblt.dat
    C:\Users\mss\AppData\Local\pqzblt.exe
    C:\Users\mss\AppData\Local\pqzblt_nav.dat
    C:\Users\mss\AppData\Local\pqzblt_navps.dat
    C:\Users\mss\AppData\Local\tbhubq.bat

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\software\appdatalow\software\Fun Web Products
    HKCU\software\appdatalow\software\MyWebSearch
    HKCU\software\appdatalow\software\pdfforge
    HKCU\software\appdatalow\software\ShoppingReport
    HKCU\software\appdatalow\software\Zango
    HKCU\software\fcn
    HKCU\software\FunWebProducts
    HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-3129188988-1346450921-2992892770-1000\Software\Sweetim
    HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    HKCU\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\pqzblt
    HKCU\software\MyWebSearch
    HKCU\software\Search Settings
    HKCU\software\ShoppingReport
    HKCU\software\SweetIM
    HKCU\software\zangosa
    HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
    HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
    HKLM\Software\Classes\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}
    HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
    HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
    HKLM\Software\Classes\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}
    HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
    HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
    HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
    HKLM\Software\Classes\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}
    HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    HKLM\Software\Classes\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}
    HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
    HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
    HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
    HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
    HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    HKLM\Software\Classes\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}
    HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
    HKLM\Software\Classes\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}
    HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
    HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
    HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
    HKLM\Software\Classes\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}
    HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
    HKLM\Software\Classes\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}
    HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
    HKLM\Software\Classes\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}
    HKLM\software\classes\CntntCntr.CntntDic
    HKLM\software\classes\CntntCntr.CntntDic.1
    HKLM\software\classes\CntntCntr.CntntDisp
    HKLM\software\classes\CntntCntr.CntntDisp.1
    HKLM\software\classes\CoreSrv.CoreServices
    HKLM\software\classes\CoreSrv.CoreServices.1
    HKLM\software\classes\CoreSrv.LfgAx
    HKLM\software\classes\CoreSrv.LfgAx.1
    HKLM\software\classes\FunWebProducts.DataControl
    HKLM\software\classes\FunWebProducts.DataControl.1
    HKLM\software\classes\FunWebProducts.HistoryKillerScheduler
    HKLM\software\classes\FunWebProducts.HistoryKillerScheduler.1
    HKLM\software\classes\FunWebProducts.HistorySwatterControlBar
    HKLM\software\classes\FunWebProducts.HistorySwatterControlBar.1
    HKLM\software\classes\FunWebProducts.HTMLMenu
    HKLM\software\classes\FunWebProducts.HTMLMenu.1
    HKLM\software\classes\FunWebProducts.HTMLMenu.2
    HKLM\software\classes\FunWebProducts.IECookiesManager
    HKLM\software\classes\FunWebProducts.IECookiesManager.1
    HKLM\software\classes\FunWebProducts.KillerObjManager
    HKLM\software\classes\FunWebProducts.KillerObjManager.1
    HKLM\software\classes\FunWebProducts.PopSwatterBarButton
    HKLM\software\classes\FunWebProducts.PopSwatterBarButton.1
    HKLM\software\classes\FunWebProducts.PopSwatterSettingsControl
    HKLM\software\classes\FunWebProducts.PopSwatterSettingsControl.1
    HKLM\software\classes\HbCoreSrv.DynamicProp
    HKLM\software\classes\HbCoreSrv.DynamicProp.1
    HKLM\software\classes\HBMain.CommBand
    HKLM\software\classes\HBMain.CommBand.1
    HKLM\software\classes\hbr.HbMain
    HKLM\software\classes\hbr.HbMain.1
    HKLM\software\classes\HostIE.Bho
    HKLM\software\classes\HostIE.Bho.1
    HKLM\software\classes\HostOL.MailAnim
    HKLM\software\classes\HostOL.MailAnim.1
    HKLM\software\classes\HostOL.WebmailSend
    HKLM\software\classes\HostOL.WebmailSend.1
    HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
    HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
    HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    HKLM\Software\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
    HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
    HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    HKLM\Software\Classes\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
    HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
    HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
    HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    HKLM\Software\Classes\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
    HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
    HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    HKLM\Software\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
    HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
    HKLM\Software\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
    HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
    HKLM\Software\Classes\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
    HKLM\Software\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
    HKLM\Software\Classes\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
    HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    HKLM\Software\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
    HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    HKLM\Software\Classes\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
    HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
    HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    HKLM\Software\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
    HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
    HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    HKLM\software\classes\MyWebSearch.ChatSessionPlugin
    HKLM\software\classes\MyWebSearch.ChatSessionPlugin.1
    HKLM\software\classes\MyWebSearch.HTMLPanel
    HKLM\software\classes\MyWebSearch.HTMLPanel.1
    HKLM\software\classes\MyWebSearch.OutlookAddin
    HKLM\software\classes\MyWebSearch.OutlookAddin.1
    HKLM\software\classes\MyWebSearch.PseudoTransparentPlugin
    HKLM\software\classes\MyWebSearch.PseudoTransparentPlugin.1
    HKLM\software\classes\MyWebSearchToolBar.SettingsPlugin
    HKLM\software\classes\MyWebSearchToolBar.SettingsPlugin.1
    HKLM\software\classes\MyWebSearchToolBar.ToolbarPlugin
    HKLM\software\classes\MyWebSearchToolBar.ToolbarPlugin.1
    HKLM\software\classes\ScreenSaverControl.ScreenSaverInstaller
    HKLM\software\classes\ScreenSaverControl.ScreenSaverInstaller.1
    HKLM\software\classes\ShoppingReport.HbAx
    HKLM\software\classes\ShoppingReport.HbAx.1
    HKLM\software\classes\ShoppingReport.HbInfoBand
    HKLM\software\classes\ShoppingReport.HbInfoBand.1
    HKLM\software\classes\ShoppingReport.IEButton
    HKLM\software\classes\ShoppingReport.IEButton.1
    HKLM\software\classes\ShoppingReport.IEButtonA
    HKLM\software\classes\ShoppingReport.IEButtonA.1
    HKLM\software\classes\ShoppingReport.RprtCtrl
    HKLM\software\classes\ShoppingReport.RprtCtrl.1
    HKLM\software\classes\Srv.CoreServices
    HKLM\software\classes\Srv.CoreServices.1
    HKLM\software\classes\Toolbar.HtmlMenuUI
    HKLM\software\classes\Toolbar.HtmlMenuUI.1
    HKLM\software\classes\Toolbar.ToolbarCtl
    HKLM\software\classes\Toolbar.ToolbarCtl.1
    HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
    HKLM\Software\Classes\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}
    HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
    HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
    HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKLM\Software\Classes\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}
    HKLM\Software\Classes\TypeLib\{89085678-632D-4DEB-BDA0-CD912C63203E}
    HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
    HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
    HKLM\Software\Classes\TypeLib\{ABEC1835-3181-4ABD-8DDE-875AEC4DF6D2}
    HKLM\Software\Classes\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}
    HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
    HKLM\Software\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
    HKLM\Software\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
    HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
    HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
    HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
    HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
    HKLM\software\classes\Wallpaper.WallpaperManager
    HKLM\software\classes\Wallpaper.WallpaperManager.1
    HKLM\software\FocusInteractive
    HKLM\software\Fun Web Products
    HKLM\software\GamesBarSetup
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    HKLM\software\microsoft\internet explorer\searchscopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
    HKLM\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
    HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
    HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\8A01D85165E7CD5448C71263ADB6A2E2
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform\\FunWebProducts
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKLM\software\microsoft\windows\currentversion\uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
    HKLM\software\microsoft\windows\currentversion\uninstall\MyWebSearch bar Uninstall
    HKLM\software\microsoft\windows\currentversion\uninstall\pqzblt
    HKLM\software\microsoft\windows\currentversion\uninstall\ShoppingReport
    HKLM\software\MyWebSearch
    HKLM\software\pdfforge
    HKLM\software\Search Settings
    HKLM\software\ShoppingReport
    HKLM\software\SweetIM
    HKLM\software\Zango
    HKU\S-1-5-21-3129188988-1346450921-2992892770-1000\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.7 [fr] *
    .
    Nom du profil: wn4237sj.default (mss)
    .
    (mss, prefs.js) Browser.download.dir, C:\Users\mss\Downloads
    (mss, prefs.js) Browser.download.lastDir, F:
    (mss, prefs.js) Browser.search.defaultenginename, Yahoo
    (mss, prefs.js) Browser.search.defaulturl, hxxp://search.sweetim.com/search.asp?src=2&q=
    (mss, prefs.js) Browser.search.selectedEngine, Google
    (mss, prefs.js) Browser.startup.homepage, hxxp://www.msn.fr
    (mss, prefs.js) Extensions.enabledItems, {53724739-8c9b-4b6d-904d-de60ae2a431c}:1.0.71,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{20a82645-c095-46ed-80e3-08825760534b}:1.1,search@searchsettings.com:1.2.2,{EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8,Zango@Zango.com:10.3.85.0,{B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
    (mss, prefs.js) Keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=knLRkopPNzU9wDOBSzZ_8w&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    (mss, prefs.js) Sweetim.toolbar.previous.browser.search.defaultenginename, Chercher Malin
    (mss, prefs.js) Sweetim.toolbar.previous.browser.search.selectedEngine, Google
    (mss, prefs.js) Sweetim.toolbar.previous.browser.startup.homepage, hxxp://fr.msn.com/
    (mss, prefs.js) Sweetim.toolbar.previous.keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=knLRkopPNzU9wDOBSzZ_8w&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    .
    (mss, prefs.js) EFFACE - Browser.search.defaulturl, hxxp://search.sweetim.com/search.asp?src=2&q=
    (mss, prefs.js) EFFACE - Extensions.mywebsearch.openSearchURL, hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRfox000&ptb=knLRkopPNzU9wDOBSzZ_8w
    (mss, prefs.js) EFFACE - Extensions.mywebsearch.prevKwdEnabled, true
    (mss, prefs.js) EFFACE - Extensions.mywebsearch.prevKwdURL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    (mss, prefs.js) EFFACE - Keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=knLRkopPNzU9wDOBSzZ_8w&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    (mss, prefs.js) EFFACE - Sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0
    (mss, prefs.js) EFFACE - Sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7
    (mss, prefs.js) EFFACE - Sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log
    (mss, prefs.js) EFFACE - Sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000
    (mss, prefs.js) EFFACE - Sweetim.toolbar.logger.FileHandler.MinReportLevel, 7
    (mss, prefs.js) EFFACE - Sweetim.toolbar.mode.debug, false
    (mss, prefs.js) EFFACE - Sweetim.toolbar.previous.browser.search.defaultenginename, Chercher Malin
    (mss, prefs.js) EFFACE - Sweetim.toolbar.previous.browser.search.selectedEngine, Google
    (mss, prefs.js) EFFACE - Sweetim.toolbar.previous.browser.startup.homepage, hxxp://fr.msn.com/
    (mss, prefs.js) EFFACE - Sweetim.toolbar.previous.keyword.URL, hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=knLRkopPNzU9wDOBSzZ_8w&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    (mss, prefs.js) EFFACE - Sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://search.yahoo.com/*\ param=\p=\ /><EXTERNAL_SEARCH engine=\hxxp://search.sweetim.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://*.live.*/*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://*youtube.com/\ param=\search_query=\ /><EXTERNAL_SEARCH engine=\hxxp://*.ebay.*/search/*\ param=\satitle=\ /><EXTERNAL_SEARCH engine=\hxxp://*.amazon.com/s/*\ param=\field-keywords=\ /></TOOLBAR>
    (mss, prefs.js) EFFACE - Sweetim.toolbar.search.history.capacity, 10
    (mss, prefs.js) EFFACE - Sweetim.toolbar.simapp_id, {92F40426-D61B-4475-8726-85C6B51A9611}
    (mss, prefs.js) EFFACE - Sweetim.toolbar.urls.homepage, hxxp://home.sweetim.com
    (mss, prefs.js) EFFACE - Sweetim.toolbar.version, 1.0.0.8
    .
    .
    * Internet Explorer Version 7.0.6000.16945 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Use Custom Search URL: 1 (0x1)
    Do404Search: 01000000
    Local Page: C:\Windows\system32\blank.htm
    Show_ToolBar: yes
    Use Search Asst:
    Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    SearchAssistant:
    Enable Browser Extensions: yes
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    25978 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    0 Fichier(s) - C:\Users\mss\AppData\Local\Temp
    0 Fichier(s) - C:\Windows\Temp
    0 Fichier(s) - C:\Windows\Prefetch
    .
    19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
    545 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 12:28:39 | 08/01/2010 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    0
  3. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Et bien, c'est bien infecté ^^

    La suite :

    Pour ceux qui on vista ou windows 7,desactivez l'UAC :
    Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    >Toolbar S&D<

    >Telecharge Toolbar S&D ici

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

    >Enregistrer le logiciel sur le bureau
    >Double-clique sur l'icone "l'icône ToolBarSD.exe"
    >Accepte l'installation

    >Une fois l'installation terminée, Double-clique sur la nouvelle icone avec écrit Toolbar S&D noir sur ton bureau
    >Appuie sur "F" pour choisir la langue francais
    >Choisi l'option 1 "recherche" le menu Démarrer et les icônes vont disparaitrent, c'est normal.
    >Laisse l'outil faire, ne touche à rien
    >Une fois l'analyse terminé, le rapport de recherche s'ouve sur le Bloc-Note. (Dans le cas où le rapport ne s'ouvre pas, ce dernier se trouve sur C:\TB.txt)

    >Poste le rapport
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Rose23
     
    Voici le nouveau rapport:

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
    BIOS : ZD1 v1.3813 3H11
    USER : mss ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:74 Go)
    D:\ (Local Disk) - NTFS - Total:138 Go (Free:138 Go)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [1] ( 08/01/2010|14:54 )

    [ UAC => 0 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr"
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 08/01/2010|14:54 - Option : [1]

    -----------\\ Fin du rapport a 14:54:25,72

    Merci de m'aider :-)
    0
  6. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Ok, fait ceci :

    >Telecharge RSIT ici et enregistre-le sur ton bureau :

    http://images.malwareremoval.com/random/RSIT.exe

    >Double-clique sur RSIT.exe qui se trouve sur le bureau

    >Le programme se lance, choisi "1month" et clique sur "continue"

    >Laisse faire l'outil et poste le rapport qui s'affiche.

    >Voici un tuto d'aide :

    https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    0
  7. Rose23
     
    Voici le rapport :)
    Merci d'avance!

    Run by mss at 2010-01-08 16:18:01
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 77 GB (52%) free of 148 GB
    Total RAM: 3070 MB (54% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:03, on 08/01/2010
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
    C:\Users\mss\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Acer\Acer VCM\VC.exe
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Users\mss\Downloads\RSIT(2).exe
    C:\Program Files\Trend Micro\HijackThis\mss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [Google Update] "C:\Users\mss\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\mss\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: McAfee Security Scan.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  8. Rose23
     
    et voici le rapport noté "info"
    info.txt logfile of random's system information tool 1.06 2010-01-08 16:08:28

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
    Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
    Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
    Acer Crystal Eye Webcam-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
    Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
    Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE" -uninstall
    Acer eDataSecurity Management-->MsiExec.exe /X{AEEAE013-92F1-4515-B278-139F1A692A36}
    Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
    Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
    Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
    Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
    Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
    Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
    Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
    Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
    Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
    Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
    Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
    Advanced PDF to HTML converter 1.9.9.16-->"C:\Program Files\Advanced PDF to HTML converter\unins000.exe"
    aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    Batch PPTX to PPT Converter 2009-->"C:\Users\mss\AppData\Local\Batchwork\Ppt-2-Ppt\unins000.exe"
    Bejeweled 2 Deluxe-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
    Catalyst Control Center - Branding-->MsiExec.exe /I{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Cisco Systems VPN Client 5.0.05.0290-->MsiExec.exe /X{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}
    Cooking Dash Diner Town Studios-->"C:\Program Files\orange\jeux\Cooking Dash Diner Town Studios\Uninstall.exe" "C:\Program Files\orange\jeux\Cooking Dash Diner Town Studios\install.log"
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
    Free Video Dub version 1.4-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
    Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
    GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Gourmania-->"C:\Program Files\orange\jeux\Gourmania\Uninstall.exe" "C:\Program Files\orange\jeux\Gourmania\install.log"
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
    LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
    NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x40c anything
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
    Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    Sunshine Acres-->"C:\Program Files\orange\jeux\Sunshine Acres\Uninstall.exe" "C:\Program Files\orange\jeux\Sunshine Acres\install.log"
    SuperTux 0.1.3-->"C:\Program Files\SuperTux\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
    Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
    UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"
    VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WIDCOMM Bluetooth Software 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
    Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
    Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe
    Zango-->"C:\Program Files\Zango\bin\10.3.85.0\ZangoUninstaller.exe" Web

    Securitycenter WMI appears to be broken

    ======System event log======

    Computer Name: PC-de-mss
    Event Code: 7000
    Message: Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur :
    Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
    Record Number: 119306
    Source Name: Service Control Manager
    Time Written: 20100108111621.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-mss
    Event Code: 7000
    Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 119317
    Source Name: Service Control Manager
    Time Written: 20100108111621.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-mss
    Event Code: 7000
    Message: Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
    Le chemin d'accès spécifié est introuvable.
    Record Number: 119333
    Source Name: Service Control Manager
    Time Written: 20100108111621.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-mss
    Event Code: 4
    Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.
    Record Number: 119439
    Source Name: Microsoft-Windows-SpoolerWin32SPL
    Time Written: 20100108113625.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-mss
    Event Code: 4
    Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.
    Record Number: 119440
    Source Name: Microsoft-Windows-SpoolerWin32SPL
    Time Written: 20100108113625.000000-000
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Zango\bin\10385~1.0\Toolbar.dll un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32094
    Source Name: Avira AntiVir
    Time Written: 20100108112419.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Zango\bin\10.3.85.0\WeSkin.VIR un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32095
    Source Name: Avira AntiVir
    Time Written: 20100108112424.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Zango\bin\10385~1.0\Wallpaper.dll un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32096
    Source Name: Avira AntiVir
    Time Written: 20100108112424.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Zango\bin\10.3.85.0\ZangoSADF.exe un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32097
    Source Name: Avira AntiVir
    Time Written: 20100108112435.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 3
    Message: Le service Centre de sécurité de Windows n’a pas pu établir de requêtes d’événements avec WMI pour contrôler le programme antivirus, le logiciel anti-espion et le pare-feu tiers.
    Record Number: 32098
    Source Name: SecurityCenter
    Time Written: 20100108112449.000000-000
    Event Type: Erreur
    User:

    =====Security event log=====

    Computer Name: PC-de-mss
    Event Code: 1100
    Message: Le service d’enregistrement des événements a été arrêté.
    Record Number: 24378
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20091103085730.966000-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4616
    Message: L’heure du système a été modifiée.

    Sujet :
    ID de sécurité : S-1-5-19
    Nom du compte : SERVICE LOCAL
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e5

    Informations sur le processus :
    ID du processus : 0x588
    Nom : C:\Windows\System32\svchost.exe

    Heure précédente : 09:57:30 03/11/2009
    Nouvelle heure : 09:57:30 03/11/2009

    Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
    Record Number: 24379
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103085730.690000-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4634
    Message: Fermeture de session d’un compte.

    Sujet :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID du compte : 0x3a689

    Type d’ouverture de session : 3

    Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
    Record Number: 24380
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103085730.977000-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4608
    Message: Windows démarre.

    Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
    Record Number: 24381
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103105808.706910-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-0-0
    Nom du compte : -
    Domaine du compte : -
    ID d’ouverture de session : 0x0

    Type d’ouverture de session : 0

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x4
    Nom du processus :

    Informations sur le réseau :
    Nom de la station de travail : -
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : -
    Package d’authentification : -
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 24382
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103105808.722510-000
    Event Type: Succès de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------
    0
  9. Rose23
     
    et voici le rapport noté "info"
    info.txt logfile of random's system information tool 1.06 2010-01-08 16:08:28

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
    Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
    Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
    Acer Crystal Eye Webcam-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
    Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
    Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE" -uninstall
    Acer eDataSecurity Management-->MsiExec.exe /X{AEEAE013-92F1-4515-B278-139F1A692A36}
    Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
    Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
    Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
    Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
    Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
    Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
    Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
    Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
    Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
    Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
    Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x40c -removeonly
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
    Advanced PDF to HTML converter 1.9.9.16-->"C:\Program Files\Advanced PDF to HTML converter\unins000.exe"
    aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    Batch PPTX to PPT Converter 2009-->"C:\Users\mss\AppData\Local\Batchwork\Ppt-2-Ppt\unins000.exe"
    Bejeweled 2 Deluxe-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
    Catalyst Control Center - Branding-->MsiExec.exe /I{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Cisco Systems VPN Client 5.0.05.0290-->MsiExec.exe /X{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}
    Cooking Dash Diner Town Studios-->"C:\Program Files\orange\jeux\Cooking Dash Diner Town Studios\Uninstall.exe" "C:\Program Files\orange\jeux\Cooking Dash Diner Town Studios\install.log"
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
    Free Video Dub version 1.4-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
    Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
    GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Gourmania-->"C:\Program Files\orange\jeux\Gourmania\Uninstall.exe" "C:\Program Files\orange\jeux\Gourmania\install.log"
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
    LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
    NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x40c anything
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
    Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    Sunshine Acres-->"C:\Program Files\orange\jeux\Sunshine Acres\Uninstall.exe" "C:\Program Files\orange\jeux\Sunshine Acres\install.log"
    SuperTux 0.1.3-->"C:\Program Files\SuperTux\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
    Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
    UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"
    VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WIDCOMM Bluetooth Software 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
    Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
    Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe
    Zango-->"C:\Program Files\Zango\bin\10.3.85.0\ZangoUninstaller.exe" Web

    Securitycenter WMI appears to be broken

    ======System event log======

    Computer Name: PC-de-mss
    Event Code: 7000
    Message: Le service avast! Antivirus n'a pas pu démarrer en raison de l'erreur :
    Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
    Record Number: 119306
    Source Name: Service Control Manager
    Time Written: 20100108111621.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-mss
    Event Code: 7000
    Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 119317
    Source Name: Service Control Manager
    Time Written: 20100108111621.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-mss
    Event Code: 7000
    Message: Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
    Le chemin d'accès spécifié est introuvable.
    Record Number: 119333
    Source Name: Service Control Manager
    Time Written: 20100108111621.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-mss
    Event Code: 4
    Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.
    Record Number: 119439
    Source Name: Microsoft-Windows-SpoolerWin32SPL
    Time Written: 20100108113625.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-mss
    Event Code: 4
    Message: Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.
    Record Number: 119440
    Source Name: Microsoft-Windows-SpoolerWin32SPL
    Time Written: 20100108113625.000000-000
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Zango\bin\10385~1.0\Toolbar.dll un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32094
    Source Name: Avira AntiVir
    Time Written: 20100108112419.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Zango\bin\10.3.85.0\WeSkin.VIR un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32095
    Source Name: Avira AntiVir
    Time Written: 20100108112424.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\Zango\bin\10385~1.0\Wallpaper.dll un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32096
    Source Name: Avira AntiVir
    Time Written: 20100108112424.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier C:\Program Files\Zango\bin\10.3.85.0\ZangoSADF.exe un code suspect avec la désignation 'ADSPY/AdSpy.Gen'!
    Record Number: 32097
    Source Name: Avira AntiVir
    Time Written: 20100108112435.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-mss
    Event Code: 3
    Message: Le service Centre de sécurité de Windows n’a pas pu établir de requêtes d’événements avec WMI pour contrôler le programme antivirus, le logiciel anti-espion et le pare-feu tiers.
    Record Number: 32098
    Source Name: SecurityCenter
    Time Written: 20100108112449.000000-000
    Event Type: Erreur
    User:

    =====Security event log=====

    Computer Name: PC-de-mss
    Event Code: 1100
    Message: Le service d’enregistrement des événements a été arrêté.
    Record Number: 24378
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20091103085730.966000-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4616
    Message: L’heure du système a été modifiée.

    Sujet :
    ID de sécurité : S-1-5-19
    Nom du compte : SERVICE LOCAL
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e5

    Informations sur le processus :
    ID du processus : 0x588
    Nom : C:\Windows\System32\svchost.exe

    Heure précédente : 09:57:30 03/11/2009
    Nouvelle heure : 09:57:30 03/11/2009

    Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
    Record Number: 24379
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103085730.690000-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4634
    Message: Fermeture de session d’un compte.

    Sujet :
    ID de sécurité : S-1-5-7
    Nom du compte : ANONYMOUS LOGON
    Domaine du compte : AUTORITE NT
    ID du compte : 0x3a689

    Type d’ouverture de session : 3

    Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
    Record Number: 24380
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103085730.977000-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4608
    Message: Windows démarre.

    Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
    Record Number: 24381
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103105808.706910-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-mss
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-0-0
    Nom du compte : -
    Domaine du compte : -
    ID d’ouverture de session : 0x0

    Type d’ouverture de session : 0

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x4
    Nom du processus :

    Informations sur le réseau :
    Nom de la station de travail : -
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : -
    Package d’authentification : -
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 24382
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20091103105808.722510-000
    Event Type: Succès de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------
    0
  10. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Fait ceci :

    /!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    Téléchargez Lop S&D.exe sur le Bureau

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
    http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

    * Double-cliquez dessus pour lancer l'installation

    * Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau

    * Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche)

    * Patientez jusqu'à la fin du scan

    * Postez le rapport généré sur un forum(C:\lopR.txt)

    Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956­.htm
    0
  11. Rose23
     
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
    BIOS : ZD1 v1.3813 3H11
    USER : mss ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:74 Go)
    D:\ (Local Disk) - NTFS - Total:138 Go (Free:138 Go)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 08/01/2010|17:24 )

    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [03/07/2009|17:25] C:\Users\mss\AppData\Local\Acer Arcade Deluxe
    [15/05/2009|08:18] C:\Users\mss\AppData\Local\acer eNM
    [05/11/2009|16:18] C:\Users\mss\AppData\Local\Adobe
    [02/07/2009|10:57] C:\Users\mss\AppData\Local\Apple
    [10/08/2009|11:43] C:\Users\mss\AppData\Local\Apple Computer
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Application Data
    [15/05/2009|09:14] C:\Users\mss\AppData\Local\ATI
    [12/11/2009|14:22] C:\Users\mss\AppData\Local\Batchwork
    [15/05/2009|09:00] C:\Users\mss\AppData\Local\d3d9caps.dat
    [07/01/2010|20:54] C:\Users\mss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [08/11/2009|11:37] C:\Users\mss\AppData\Local\GDIPFONTCACHEV1.DAT
    [06/01/2010|17:10] C:\Users\mss\AppData\Local\Google
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Historique
    [08/01/2010|12:20] C:\Users\mss\AppData\Local\IconCache.db
    [13/07/2009|14:48] C:\Users\mss\AppData\Local\Microsoft
    [13/07/2009|15:51] C:\Users\mss\AppData\Local\Microsoft Games
    [10/11/2009|10:10] C:\Users\mss\AppData\Local\Microsoft Help
    [22/06/2009|15:11] C:\Users\mss\AppData\Local\Mozilla
    [15/05/2009|08:40] C:\Users\mss\AppData\Local\PlayMovie
    [03/07/2009|17:25] C:\Users\mss\AppData\Local\PowerCinema
    [08/01/2010|17:23] C:\Users\mss\AppData\Local\Temp
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Temporary Internet Files
    [12/07/2009|15:49] C:\Users\mss\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [08/01/2010 16:50][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000UA.job
    [06/01/2010 09:50][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000Core.job
    [08/01/2010 15:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D5AD2CD1-332D-4327-A51F-265208FD6B1A}.job
    [08/01/2010 12:22][--ah-----] C:\Windows\tasks\SA.DAT
    [08/01/2010 12:20][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [11/05/2007|03:11] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [05/11/2009|16:22] C:\ProgramData\Adobe
    [02/07/2009|10:57] C:\ProgramData\Apple
    [02/07/2009|10:57] C:\ProgramData\Apple Computer
    [02/11/2006|14:02] C:\ProgramData\Application Data
    [15/05/2009|09:14] C:\ProgramData\ATI
    [04/12/2009|19:48] C:\ProgramData\Avira
    [15/05/2009|08:13] C:\ProgramData\Bureau
    [11/07/2009|20:53] C:\ProgramData\CyberLink
    [02/11/2006|14:02] C:\ProgramData\Desktop
    [02/11/2006|14:02] C:\ProgramData\Documents
    [15/05/2009|08:13] C:\ProgramData\Favoris
    [02/11/2006|14:02] C:\ProgramData\Favorites
    [06/08/2009|14:13] C:\ProgramData\Gogii
    [03/01/2010|13:48] C:\ProgramData\Google
    [26/06/2009|17:05] C:\ProgramData\InstallShield
    [02/10/2009|08:12] C:\ProgramData\LUUnInstall.LiveUpdate
    [07/11/2009|16:14] C:\ProgramData\McAfee
    [05/11/2009|16:14] C:\ProgramData\McAfee Security Scan
    [15/05/2009|08:13] C:\ProgramData\Menu D‚marrer
    [10/09/2009|18:33] C:\ProgramData\Microsoft
    [11/12/2009|21:42] C:\ProgramData\Microsoft Help
    [15/05/2009|08:13] C:\ProgramData\ModŠles
    [07/11/2009|16:30] C:\ProgramData\PlayFirst
    [08/01/2010|13:10] C:\ProgramData\PopCap Games
    [02/11/2006|14:02] C:\ProgramData\Start Menu
    [02/10/2009|08:12] C:\ProgramData\Symantec
    [31/12/2009|14:09] C:\ProgramData\TEMP
    [02/11/2006|14:02] C:\ProgramData\Templates
    [25/06/2009|22:41] C:\ProgramData\Yahoo! Companion

    --------------------\\ Listing des dossiers dans C:\Program Files

    [15/05/2009|08:34] C:\Program Files\Acer
    [15/05/2009|08:19] C:\Program Files\Acer Arcade Deluxe
    [15/05/2009|08:04] C:\Program Files\ACER Crystal Eye webcam
    [15/05/2009|08:40] C:\Program Files\Acer Inc
    [11/05/2007|03:11] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [05/11/2009|16:18] C:\Program Files\Adobe
    [08/01/2010|12:28] C:\Program Files\Ad-Remover
    [05/11/2009|22:16] C:\Program Files\Advanced PDF to HTML converter
    [21/09/2009|20:40] C:\Program Files\Alwil Software
    [18/09/2009|15:41] C:\Program Files\aMSN
    [02/07/2009|10:57] C:\Program Files\Apple Software Update
    [15/05/2009|09:10] C:\Program Files\ATI
    [15/05/2009|09:11] C:\Program Files\ATI Technologies
    [25/08/2009|21:11] C:\Program Files\Audacity
    [04/12/2009|19:48] C:\Program Files\Avira
    [02/10/2009|08:02] C:\Program Files\CCleaner
    [21/09/2009|12:47] C:\Program Files\Cisco Systems
    [05/11/2009|16:18] C:\Program Files\Common Files
    [11/05/2007|01:59] C:\Program Files\CONEXANT
    [11/05/2007|02:55] C:\Program Files\CyberLink
    [23/08/2009|18:47] C:\Program Files\DVDVideoSoft
    [15/05/2009|08:13] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [08/09/2009|11:05] C:\Program Files\Gadwin Systems
    [19/11/2009|16:59] C:\Program Files\GIMP-2.0
    [03/01/2010|13:48] C:\Program Files\Google
    [17/10/2009|17:44] C:\Program Files\InstallShield Installation Information
    [15/05/2009|08:15] C:\Program Files\Intel
    [13/12/2009|15:14] C:\Program Files\Internet Explorer
    [16/10/2009|16:36] C:\Program Files\Java
    [16/10/2009|16:37] C:\Program Files\JRE
    [15/05/2009|08:18] C:\Program Files\Launch Manager
    [05/11/2009|16:14] C:\Program Files\McAfee Security Scan
    [16/09/2009|11:25] C:\Program Files\Microsoft
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [11/05/2007|03:11] C:\Program Files\Microsoft Office
    [04/10/2009|13:27] C:\Program Files\Microsoft Silverlight
    [08/11/2009|09:57] C:\Program Files\Microsoft Works
    [11/05/2007|03:09] C:\Program Files\Microsoft.NET
    [02/11/2006|13:42] C:\Program Files\Movie Maker
    [08/01/2010|12:29] C:\Program Files\Mozilla Firefox
    [02/11/2006|13:37] C:\Program Files\MSBuild
    [18/09/2009|14:09] C:\Program Files\MSECACHE
    [02/11/2006|13:37] C:\Program Files\MSN
    [23/06/2009|10:39] C:\Program Files\MSXML 4.0
    [11/05/2007|02:47] C:\Program Files\NewTech Infosystems
    [07/11/2009|16:23] C:\Program Files\Oberon Media
    [16/10/2009|16:37] C:\Program Files\OpenOffice.org 3
    [06/08/2009|14:13] C:\Program Files\orange
    [12/11/2009|14:37] C:\Program Files\PDFCreator
    [06/07/2009|19:15] C:\Program Files\PhotoFiltre
    [08/01/2010|13:10] C:\Program Files\PopCap Games
    [02/07/2009|10:58] C:\Program Files\QuickTime
    [15/05/2009|08:29] C:\Program Files\Realtek
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [22/11/2009|17:30] C:\Program Files\SuperTux
    [15/05/2009|08:04] C:\Program Files\SUYIN
    [02/10/2009|08:12] C:\Program Files\Symantec
    [11/05/2007|02:00] C:\Program Files\Synaptics
    [08/01/2010|11:49] C:\Program Files\Trend Micro
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [24/10/2009|12:11] C:\Program Files\UseNeXT
    [10/08/2009|11:51] C:\Program Files\VideoLAN
    [15/05/2009|08:32] C:\Program Files\WIDCOMM
    [11/05/2007|02:31] C:\Program Files\Winbond Electronics
    [23/06/2009|11:16] C:\Program Files\Windows Calendar
    [02/11/2006|13:42] C:\Program Files\Windows Collaboration
    [23/06/2009|11:16] C:\Program Files\Windows Defender
    [18/09/2009|14:09] C:\Program Files\Windows Installer Clean Up
    [02/11/2006|13:42] C:\Program Files\Windows Journal
    [18/09/2009|14:18] C:\Program Files\Windows Live
    [18/09/2009|14:18] C:\Program Files\Windows Live SkyDrive
    [13/12/2009|15:14] C:\Program Files\Windows Mail
    [31/10/2009|14:05] C:\Program Files\Windows Media Player
    [15/05/2009|08:13] C:\Program Files\Windows NT
    [02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
    [23/06/2009|11:16] C:\Program Files\Windows Sidebar
    [15/05/2009|08:15] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [05/11/2009|16:18] C:\Program Files\Common Files\Adobe
    [11/05/2007|03:09] C:\Program Files\Common Files\DESIGNER
    [21/09/2009|12:47] C:\Program Files\Common Files\Deterministic Networks
    [23/08/2009|18:47] C:\Program Files\Common Files\DVDVideoSoft
    [26/06/2009|17:05] C:\Program Files\Common Files\InstallShield
    [11/05/2007|02:47] C:\Program Files\Common Files\LightScribe
    [08/11/2009|09:58] C:\Program Files\Common Files\microsoft shared
    [11/05/2007|02:47] C:\Program Files\Common Files\muvee Technologies
    [11/05/2007|02:47] C:\Program Files\Common Files\NewTech Infosystems
    [06/08/2009|14:13] C:\Program Files\Common Files\Oberon Media
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [17/10/2009|17:44] C:\Program Files\Common Files\snp2uvc
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [02/10/2009|08:17] C:\Program Files\Common Files\Symantec Shared
    [23/06/2009|11:16] C:\Program Files\Common Files\System
    [22/06/2009|15:09] C:\Program Files\Common Files\Windows Live

    --------------------\\ Process

    ( 76 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-08 17:24:47
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:9][D:64]-> C:\Users\mss\AppData\Local\Temp
    [F:15][D:1]-> C:\Users\mss\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:67][D:26]-> C:\Users\mss\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:6][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 08/01/2010|17:26 - Option : [1]

    --------------------\\ Fin du rapport a 17:26:17
    [ UAC => 1 ]

    Voila.
    0
  12. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Ok, tu as bien désactivé l'UAC comme indiqué ?

    /!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    T
    * Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau

    * Séléctionnez la langue souhaitée, puis choisir l'option 2 (Suppression)

    * Patientez jusqu'à la fin du scan

    * Postez le rapport généré sur un forum(C:\lopR.txt)

    Tutorial (aide) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956­.htm
    0
  13. Rose23
     
    A non, milles excuses =S.

    Voila le rapport en ayant désactivé l'UAC:

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
    BIOS : ZD1 v1.3813 3H11
    USER : mss ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:74 Go)
    D:\ (Local Disk) - NTFS - Total:138 Go (Free:138 Go)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 08/01/2010|17:35 )

    [ UAC => 0 ]

    --------------------\\ Listing des dossiers dans Local

    [03/07/2009|17:25] C:\Users\mss\AppData\Local\Acer Arcade Deluxe
    [15/05/2009|08:18] C:\Users\mss\AppData\Local\acer eNM
    [05/11/2009|16:18] C:\Users\mss\AppData\Local\Adobe
    [02/07/2009|10:57] C:\Users\mss\AppData\Local\Apple
    [10/08/2009|11:43] C:\Users\mss\AppData\Local\Apple Computer
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Application Data
    [15/05/2009|09:14] C:\Users\mss\AppData\Local\ATI
    [12/11/2009|14:22] C:\Users\mss\AppData\Local\Batchwork
    [15/05/2009|09:00] C:\Users\mss\AppData\Local\d3d9caps.dat
    [07/01/2010|20:54] C:\Users\mss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [08/11/2009|11:37] C:\Users\mss\AppData\Local\GDIPFONTCACHEV1.DAT
    [06/01/2010|17:10] C:\Users\mss\AppData\Local\Google
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Historique
    [08/01/2010|17:31] C:\Users\mss\AppData\Local\IconCache.db
    [13/07/2009|14:48] C:\Users\mss\AppData\Local\Microsoft
    [13/07/2009|15:51] C:\Users\mss\AppData\Local\Microsoft Games
    [10/11/2009|10:10] C:\Users\mss\AppData\Local\Microsoft Help
    [22/06/2009|15:11] C:\Users\mss\AppData\Local\Mozilla
    [15/05/2009|08:40] C:\Users\mss\AppData\Local\PlayMovie
    [03/07/2009|17:25] C:\Users\mss\AppData\Local\PowerCinema
    [08/01/2010|17:34] C:\Users\mss\AppData\Local\Temp
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Temporary Internet Files
    [12/07/2009|15:49] C:\Users\mss\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [08/01/2010 16:50][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000UA.job
    [06/01/2010 09:50][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000Core.job
    [08/01/2010 15:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D5AD2CD1-332D-4327-A51F-265208FD6B1A}.job
    [08/01/2010 17:32][--ah-----] C:\Windows\tasks\SA.DAT
    [08/01/2010 17:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [11/05/2007|03:11] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [05/11/2009|16:22] C:\ProgramData\Adobe
    [02/07/2009|10:57] C:\ProgramData\Apple
    [02/07/2009|10:57] C:\ProgramData\Apple Computer
    [02/11/2006|14:02] C:\ProgramData\Application Data
    [15/05/2009|09:14] C:\ProgramData\ATI
    [04/12/2009|19:48] C:\ProgramData\Avira
    [15/05/2009|08:13] C:\ProgramData\Bureau
    [11/07/2009|20:53] C:\ProgramData\CyberLink
    [02/11/2006|14:02] C:\ProgramData\Desktop
    [02/11/2006|14:02] C:\ProgramData\Documents
    [15/05/2009|08:13] C:\ProgramData\Favoris
    [02/11/2006|14:02] C:\ProgramData\Favorites
    [06/08/2009|14:13] C:\ProgramData\Gogii
    [03/01/2010|13:48] C:\ProgramData\Google
    [26/06/2009|17:05] C:\ProgramData\InstallShield
    [02/10/2009|08:12] C:\ProgramData\LUUnInstall.LiveUpdate
    [07/11/2009|16:14] C:\ProgramData\McAfee
    [05/11/2009|16:14] C:\ProgramData\McAfee Security Scan
    [15/05/2009|08:13] C:\ProgramData\Menu D‚marrer
    [10/09/2009|18:33] C:\ProgramData\Microsoft
    [11/12/2009|21:42] C:\ProgramData\Microsoft Help
    [15/05/2009|08:13] C:\ProgramData\ModŠles
    [07/11/2009|16:30] C:\ProgramData\PlayFirst
    [08/01/2010|13:10] C:\ProgramData\PopCap Games
    [02/11/2006|14:02] C:\ProgramData\Start Menu
    [02/10/2009|08:12] C:\ProgramData\Symantec
    [31/12/2009|14:09] C:\ProgramData\TEMP
    [02/11/2006|14:02] C:\ProgramData\Templates
    [25/06/2009|22:41] C:\ProgramData\Yahoo! Companion

    --------------------\\ Listing des dossiers dans C:\Program Files

    [15/05/2009|08:34] C:\Program Files\Acer
    [15/05/2009|08:19] C:\Program Files\Acer Arcade Deluxe
    [15/05/2009|08:04] C:\Program Files\ACER Crystal Eye webcam
    [15/05/2009|08:40] C:\Program Files\Acer Inc
    [11/05/2007|03:11] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [05/11/2009|16:18] C:\Program Files\Adobe
    [08/01/2010|12:28] C:\Program Files\Ad-Remover
    [05/11/2009|22:16] C:\Program Files\Advanced PDF to HTML converter
    [21/09/2009|20:40] C:\Program Files\Alwil Software
    [18/09/2009|15:41] C:\Program Files\aMSN
    [02/07/2009|10:57] C:\Program Files\Apple Software Update
    [15/05/2009|09:10] C:\Program Files\ATI
    [15/05/2009|09:11] C:\Program Files\ATI Technologies
    [25/08/2009|21:11] C:\Program Files\Audacity
    [04/12/2009|19:48] C:\Program Files\Avira
    [02/10/2009|08:02] C:\Program Files\CCleaner
    [21/09/2009|12:47] C:\Program Files\Cisco Systems
    [05/11/2009|16:18] C:\Program Files\Common Files
    [11/05/2007|01:59] C:\Program Files\CONEXANT
    [11/05/2007|02:55] C:\Program Files\CyberLink
    [23/08/2009|18:47] C:\Program Files\DVDVideoSoft
    [15/05/2009|08:13] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [08/09/2009|11:05] C:\Program Files\Gadwin Systems
    [19/11/2009|16:59] C:\Program Files\GIMP-2.0
    [03/01/2010|13:48] C:\Program Files\Google
    [17/10/2009|17:44] C:\Program Files\InstallShield Installation Information
    [15/05/2009|08:15] C:\Program Files\Intel
    [13/12/2009|15:14] C:\Program Files\Internet Explorer
    [16/10/2009|16:36] C:\Program Files\Java
    [16/10/2009|16:37] C:\Program Files\JRE
    [15/05/2009|08:18] C:\Program Files\Launch Manager
    [05/11/2009|16:14] C:\Program Files\McAfee Security Scan
    [16/09/2009|11:25] C:\Program Files\Microsoft
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [11/05/2007|03:11] C:\Program Files\Microsoft Office
    [04/10/2009|13:27] C:\Program Files\Microsoft Silverlight
    [08/11/2009|09:57] C:\Program Files\Microsoft Works
    [11/05/2007|03:09] C:\Program Files\Microsoft.NET
    [02/11/2006|13:42] C:\Program Files\Movie Maker
    [08/01/2010|17:34] C:\Program Files\Mozilla Firefox
    [02/11/2006|13:37] C:\Program Files\MSBuild
    [18/09/2009|14:09] C:\Program Files\MSECACHE
    [02/11/2006|13:37] C:\Program Files\MSN
    [23/06/2009|10:39] C:\Program Files\MSXML 4.0
    [11/05/2007|02:47] C:\Program Files\NewTech Infosystems
    [07/11/2009|16:23] C:\Program Files\Oberon Media
    [16/10/2009|16:37] C:\Program Files\OpenOffice.org 3
    [06/08/2009|14:13] C:\Program Files\orange
    [12/11/2009|14:37] C:\Program Files\PDFCreator
    [06/07/2009|19:15] C:\Program Files\PhotoFiltre
    [08/01/2010|13:10] C:\Program Files\PopCap Games
    [02/07/2009|10:58] C:\Program Files\QuickTime
    [15/05/2009|08:29] C:\Program Files\Realtek
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [22/11/2009|17:30] C:\Program Files\SuperTux
    [15/05/2009|08:04] C:\Program Files\SUYIN
    [02/10/2009|08:12] C:\Program Files\Symantec
    [11/05/2007|02:00] C:\Program Files\Synaptics
    [08/01/2010|11:49] C:\Program Files\Trend Micro
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [24/10/2009|12:11] C:\Program Files\UseNeXT
    [10/08/2009|11:51] C:\Program Files\VideoLAN
    [15/05/2009|08:32] C:\Program Files\WIDCOMM
    [11/05/2007|02:31] C:\Program Files\Winbond Electronics
    [23/06/2009|11:16] C:\Program Files\Windows Calendar
    [02/11/2006|13:42] C:\Program Files\Windows Collaboration
    [23/06/2009|11:16] C:\Program Files\Windows Defender
    [18/09/2009|14:09] C:\Program Files\Windows Installer Clean Up
    [02/11/2006|13:42] C:\Program Files\Windows Journal
    [18/09/2009|14:18] C:\Program Files\Windows Live
    [18/09/2009|14:18] C:\Program Files\Windows Live SkyDrive
    [13/12/2009|15:14] C:\Program Files\Windows Mail
    [31/10/2009|14:05] C:\Program Files\Windows Media Player
    [15/05/2009|08:13] C:\Program Files\Windows NT
    [02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
    [23/06/2009|11:16] C:\Program Files\Windows Sidebar
    [15/05/2009|08:15] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [05/11/2009|16:18] C:\Program Files\Common Files\Adobe
    [11/05/2007|03:09] C:\Program Files\Common Files\DESIGNER
    [21/09/2009|12:47] C:\Program Files\Common Files\Deterministic Networks
    [23/08/2009|18:47] C:\Program Files\Common Files\DVDVideoSoft
    [26/06/2009|17:05] C:\Program Files\Common Files\InstallShield
    [11/05/2007|02:47] C:\Program Files\Common Files\LightScribe
    [08/11/2009|09:58] C:\Program Files\Common Files\microsoft shared
    [11/05/2007|02:47] C:\Program Files\Common Files\muvee Technologies
    [11/05/2007|02:47] C:\Program Files\Common Files\NewTech Infosystems
    [06/08/2009|14:13] C:\Program Files\Common Files\Oberon Media
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [17/10/2009|17:44] C:\Program Files\Common Files\snp2uvc
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [02/10/2009|08:17] C:\Program Files\Common Files\Symantec Shared
    [23/06/2009|11:16] C:\Program Files\Common Files\System
    [22/06/2009|15:09] C:\Program Files\Common Files\Windows Live

    --------------------\\ Process

    ( 92 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-08 17:35:23
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:11][D:65]-> C:\Users\mss\AppData\Local\Temp
    [F:15][D:1]-> C:\Users\mss\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:70][D:26]-> C:\Users\mss\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:6][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 08/01/2010|17:26 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 08/01/2010|17:37 - Option : [1]

    --------------------\\ Fin du rapport a 17:37:07
    [ UAC => 1 ]
    0
  14. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Ok, lances l'option 2 suppression comme indiqué plus haut.
    0
  15. Rose23
     
    Daccord :)

    Voici le nouveau rapport:
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
    BIOS : ZD1 v1.3813 3H11
    USER : mss ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:74 Go)
    D:\ (Local Disk) - NTFS - Total:138 Go (Free:138 Go)
    E:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 08/01/2010|17:42 )

    [ UAC => 1 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans Local

    [03/07/2009|17:25] C:\Users\mss\AppData\Local\Acer Arcade Deluxe
    [15/05/2009|08:18] C:\Users\mss\AppData\Local\acer eNM
    [05/11/2009|16:18] C:\Users\mss\AppData\Local\Adobe
    [02/07/2009|10:57] C:\Users\mss\AppData\Local\Apple
    [10/08/2009|11:43] C:\Users\mss\AppData\Local\Apple Computer
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Application Data
    [15/05/2009|09:14] C:\Users\mss\AppData\Local\ATI
    [12/11/2009|14:22] C:\Users\mss\AppData\Local\Batchwork
    [15/05/2009|09:00] C:\Users\mss\AppData\Local\d3d9caps.dat
    [07/01/2010|20:54] C:\Users\mss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [08/11/2009|11:37] C:\Users\mss\AppData\Local\GDIPFONTCACHEV1.DAT
    [06/01/2010|17:10] C:\Users\mss\AppData\Local\Google
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Historique
    [08/01/2010|17:31] C:\Users\mss\AppData\Local\IconCache.db
    [13/07/2009|14:48] C:\Users\mss\AppData\Local\Microsoft
    [13/07/2009|15:51] C:\Users\mss\AppData\Local\Microsoft Games
    [10/11/2009|10:10] C:\Users\mss\AppData\Local\Microsoft Help
    [22/06/2009|15:11] C:\Users\mss\AppData\Local\Mozilla
    [15/05/2009|08:40] C:\Users\mss\AppData\Local\PlayMovie
    [03/07/2009|17:25] C:\Users\mss\AppData\Local\PowerCinema
    [08/01/2010|17:42] C:\Users\mss\AppData\Local\Temp
    [15/05/2009|08:15] C:\Users\mss\AppData\Local\Temporary Internet Files
    [12/07/2009|15:49] C:\Users\mss\AppData\Local\VirtualStore

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [08/01/2010 16:50][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000UA.job
    [06/01/2010 09:50][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000Core.job
    [08/01/2010 15:36][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D5AD2CD1-332D-4327-A51F-265208FD6B1A}.job
    [08/01/2010 17:32][--ah-----] C:\Windows\tasks\SA.DAT
    [08/01/2010 17:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [11/05/2007|03:11] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [05/11/2009|16:22] C:\ProgramData\Adobe
    [02/07/2009|10:57] C:\ProgramData\Apple
    [02/07/2009|10:57] C:\ProgramData\Apple Computer
    [02/11/2006|14:02] C:\ProgramData\Application Data
    [15/05/2009|09:14] C:\ProgramData\ATI
    [04/12/2009|19:48] C:\ProgramData\Avira
    [15/05/2009|08:13] C:\ProgramData\Bureau
    [11/07/2009|20:53] C:\ProgramData\CyberLink
    [02/11/2006|14:02] C:\ProgramData\Desktop
    [02/11/2006|14:02] C:\ProgramData\Documents
    [15/05/2009|08:13] C:\ProgramData\Favoris
    [02/11/2006|14:02] C:\ProgramData\Favorites
    [06/08/2009|14:13] C:\ProgramData\Gogii
    [03/01/2010|13:48] C:\ProgramData\Google
    [26/06/2009|17:05] C:\ProgramData\InstallShield
    [02/10/2009|08:12] C:\ProgramData\LUUnInstall.LiveUpdate
    [07/11/2009|16:14] C:\ProgramData\McAfee
    [05/11/2009|16:14] C:\ProgramData\McAfee Security Scan
    [15/05/2009|08:13] C:\ProgramData\Menu D‚marrer
    [10/09/2009|18:33] C:\ProgramData\Microsoft
    [11/12/2009|21:42] C:\ProgramData\Microsoft Help
    [15/05/2009|08:13] C:\ProgramData\ModŠles
    [07/11/2009|16:30] C:\ProgramData\PlayFirst
    [08/01/2010|13:10] C:\ProgramData\PopCap Games
    [02/11/2006|14:02] C:\ProgramData\Start Menu
    [02/10/2009|08:12] C:\ProgramData\Symantec
    [31/12/2009|14:09] C:\ProgramData\TEMP
    [02/11/2006|14:02] C:\ProgramData\Templates
    [25/06/2009|22:41] C:\ProgramData\Yahoo! Companion

    --------------------\\ Listing des dossiers dans C:\Program Files

    [15/05/2009|08:34] C:\Program Files\Acer
    [15/05/2009|08:19] C:\Program Files\Acer Arcade Deluxe
    [15/05/2009|08:04] C:\Program Files\ACER Crystal Eye webcam
    [15/05/2009|08:40] C:\Program Files\Acer Inc
    [11/05/2007|03:11] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [05/11/2009|16:18] C:\Program Files\Adobe
    [08/01/2010|12:28] C:\Program Files\Ad-Remover
    [05/11/2009|22:16] C:\Program Files\Advanced PDF to HTML converter
    [21/09/2009|20:40] C:\Program Files\Alwil Software
    [18/09/2009|15:41] C:\Program Files\aMSN
    [02/07/2009|10:57] C:\Program Files\Apple Software Update
    [15/05/2009|09:10] C:\Program Files\ATI
    [15/05/2009|09:11] C:\Program Files\ATI Technologies
    [25/08/2009|21:11] C:\Program Files\Audacity
    [04/12/2009|19:48] C:\Program Files\Avira
    [02/10/2009|08:02] C:\Program Files\CCleaner
    [21/09/2009|12:47] C:\Program Files\Cisco Systems
    [05/11/2009|16:18] C:\Program Files\Common Files
    [11/05/2007|01:59] C:\Program Files\CONEXANT
    [11/05/2007|02:55] C:\Program Files\CyberLink
    [23/08/2009|18:47] C:\Program Files\DVDVideoSoft
    [15/05/2009|08:13] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [08/09/2009|11:05] C:\Program Files\Gadwin Systems
    [19/11/2009|16:59] C:\Program Files\GIMP-2.0
    [03/01/2010|13:48] C:\Program Files\Google
    [17/10/2009|17:44] C:\Program Files\InstallShield Installation Information
    [15/05/2009|08:15] C:\Program Files\Intel
    [13/12/2009|15:14] C:\Program Files\Internet Explorer
    [16/10/2009|16:36] C:\Program Files\Java
    [16/10/2009|16:37] C:\Program Files\JRE
    [15/05/2009|08:18] C:\Program Files\Launch Manager
    [05/11/2009|16:14] C:\Program Files\McAfee Security Scan
    [16/09/2009|11:25] C:\Program Files\Microsoft
    [02/11/2006|13:37] C:\Program Files\Microsoft Games
    [11/05/2007|03:11] C:\Program Files\Microsoft Office
    [04/10/2009|13:27] C:\Program Files\Microsoft Silverlight
    [08/11/2009|09:57] C:\Program Files\Microsoft Works
    [11/05/2007|03:09] C:\Program Files\Microsoft.NET
    [02/11/2006|13:42] C:\Program Files\Movie Maker
    [08/01/2010|17:34] C:\Program Files\Mozilla Firefox
    [02/11/2006|13:37] C:\Program Files\MSBuild
    [18/09/2009|14:09] C:\Program Files\MSECACHE
    [02/11/2006|13:37] C:\Program Files\MSN
    [23/06/2009|10:39] C:\Program Files\MSXML 4.0
    [11/05/2007|02:47] C:\Program Files\NewTech Infosystems
    [07/11/2009|16:23] C:\Program Files\Oberon Media
    [16/10/2009|16:37] C:\Program Files\OpenOffice.org 3
    [06/08/2009|14:13] C:\Program Files\orange
    [12/11/2009|14:37] C:\Program Files\PDFCreator
    [06/07/2009|19:15] C:\Program Files\PhotoFiltre
    [08/01/2010|13:10] C:\Program Files\PopCap Games
    [02/07/2009|10:58] C:\Program Files\QuickTime
    [15/05/2009|08:29] C:\Program Files\Realtek
    [02/11/2006|13:37] C:\Program Files\Reference Assemblies
    [22/11/2009|17:30] C:\Program Files\SuperTux
    [15/05/2009|08:04] C:\Program Files\SUYIN
    [02/10/2009|08:12] C:\Program Files\Symantec
    [11/05/2007|02:00] C:\Program Files\Synaptics
    [08/01/2010|11:49] C:\Program Files\Trend Micro
    [02/11/2006|14:01] C:\Program Files\Uninstall Information
    [24/10/2009|12:11] C:\Program Files\UseNeXT
    [10/08/2009|11:51] C:\Program Files\VideoLAN
    [15/05/2009|08:32] C:\Program Files\WIDCOMM
    [11/05/2007|02:31] C:\Program Files\Winbond Electronics
    [23/06/2009|11:16] C:\Program Files\Windows Calendar
    [02/11/2006|13:42] C:\Program Files\Windows Collaboration
    [23/06/2009|11:16] C:\Program Files\Windows Defender
    [18/09/2009|14:09] C:\Program Files\Windows Installer Clean Up
    [02/11/2006|13:42] C:\Program Files\Windows Journal
    [18/09/2009|14:18] C:\Program Files\Windows Live
    [18/09/2009|14:18] C:\Program Files\Windows Live SkyDrive
    [13/12/2009|15:14] C:\Program Files\Windows Mail
    [31/10/2009|14:05] C:\Program Files\Windows Media Player
    [15/05/2009|08:13] C:\Program Files\Windows NT
    [02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
    [23/06/2009|11:16] C:\Program Files\Windows Sidebar
    [15/05/2009|08:15] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [05/11/2009|16:18] C:\Program Files\Common Files\Adobe
    [11/05/2007|03:09] C:\Program Files\Common Files\DESIGNER
    [21/09/2009|12:47] C:\Program Files\Common Files\Deterministic Networks
    [23/08/2009|18:47] C:\Program Files\Common Files\DVDVideoSoft
    [26/06/2009|17:05] C:\Program Files\Common Files\InstallShield
    [11/05/2007|02:47] C:\Program Files\Common Files\LightScribe
    [08/11/2009|09:58] C:\Program Files\Common Files\microsoft shared
    [11/05/2007|02:47] C:\Program Files\Common Files\muvee Technologies
    [11/05/2007|02:47] C:\Program Files\Common Files\NewTech Infosystems
    [06/08/2009|14:13] C:\Program Files\Common Files\Oberon Media
    [02/11/2006|12:18] C:\Program Files\Common Files\Services
    [17/10/2009|17:44] C:\Program Files\Common Files\snp2uvc
    [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
    [02/10/2009|08:17] C:\Program Files\Common Files\Symantec Shared
    [23/06/2009|11:16] C:\Program Files\Common Files\System
    [22/06/2009|15:09] C:\Program Files\Common Files\Windows Live

    --------------------\\ Process

    ( 94 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-08 17:42:46
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:14][D:65]-> C:\Users\mss\AppData\Local\Temp
    [F:16][D:1]-> C:\Users\mss\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:70][D:26]-> C:\Users\mss\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:6][D:2]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 08/01/2010|17:26 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 08/01/2010|17:37 - Option : [1]
    3 - "C:\Lop SD\LopR_3.txt" - 08/01/2010|17:44 - Option : [2]

    --------------------\\ Fin du rapport a 17:44:24
    0
  16. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    >Telecharge Combofix ici et enregistre le sur ton bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    # Ferme toutes les fenêtres de programme ouvertes, y compris celle-ci.

    # Ferme ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

    #Double clic sur l'icône de ComboFix située sur le Bureau. Note bien que, une fois que tu as lancé ComboFix, tu ne dois pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme. En fait, lorsque ComboFix tourne, ne touche plus du tout à ton pc. L'analyse peut prendre un certain temps, donc soit patient.

    #Une fenêtre présentant les différents sites autorisés de téléchargement de ComboFix s'affiche. Dans cette fenêtre, clique sur le bouton OK.

    #Après la fin de la sauvegarde du Registre Windows, ComboFix va essayer de savoir si la Console de récupération est installée. Si tu ne l'a pas déja fait accepte.

    #Ceci peut durer un certain temps, donc surtout soit patient. Si tu vois ton Bureau Windows disparaître, ne t'inquiete pas. C'est normal, et ComboFix restaurera votre Bureau avant de se terminer. Finalement, tu verras un nouvel affichage déclarant que le programme a presque fini et vous annonçant que le fichier rapport, ou log, se trouvera dans C:\ComboFix.txt.

    #Poste ce rapport.
    0
  17. Rose23
     
    daccord mais... pourquoi tous ces rapports?
    0
  18. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Les outils suppriment les infections, les rapports me permettent de voir ce qui à été fait et de voir comment on avance :)
    0
  19. Rose23
     
    daccord :)

    Voici le rapport:
    ComboFix 10-01-04.01 - mss 08/01/2010 19:54:46.1.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3070.2078 [GMT 1:00]
    Lancé depuis: c:\users\mss\Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-08 au 2010-01-08 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-08 19:03 . 2010-01-08 19:03 -------- d-----w- c:\users\mss\AppData\Local\temp
    2010-01-08 19:03 . 2010-01-08 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-08 18:47 . 2010-01-08 18:47 3015992 ---h--w- c:\programdata\PopCap Games\Bejeweled2\popcapgame1.exe
    2010-01-08 16:24 . 2010-01-08 16:44 -------- d-----w- C:\Lop SD
    2010-01-08 15:08 . 2010-01-08 15:08 -------- d-----w- C:\rsit
    2010-01-08 13:53 . 2010-01-08 13:54 -------- d-----w- C:\ToolBar SD
    2010-01-08 12:10 . 2010-01-08 12:10 -------- d-----w- c:\programdata\PopCap Games
    2010-01-08 12:10 . 2010-01-08 12:10 -------- d-----w- c:\program files\PopCap Games
    2010-01-08 10:49 . 2010-01-08 10:49 -------- d-----w- c:\program files\Trend Micro
    2010-01-08 10:42 . 2010-01-08 11:28 -------- d-----w- c:\program files\Ad-Remover
    2010-01-06 21:13 . 2010-01-06 21:13 1230960 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
    2010-01-06 08:38 . 2010-01-06 08:38 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE3FA.tmp.exe
    2010-01-03 12:48 . 2010-01-03 12:48 -------- d-----w- c:\program files\Google
    2010-01-03 12:48 . 2010-01-03 12:48 -------- d-----w- c:\windows\system32\Adobe
    2009-12-18 10:43 . 2007-10-23 09:56 200704 ----a-w- c:\windows\PLFSetI.exe
    2009-12-13 14:20 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-12-13 14:20 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
    2009-12-13 14:19 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
    2009-12-10 17:16 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
    2009-12-10 17:16 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-08 18:57 . 2006-11-02 15:48 690832 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-08 18:57 . 2006-11-02 15:48 117572 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-07 22:05 . 2009-08-10 10:56 -------- d-----w- c:\users\mss\AppData\Roaming\vlc
    2010-01-07 19:53 . 2009-08-27 20:08 -------- d-----w- c:\users\mss\AppData\Roaming\dvdcss
    2009-12-13 14:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-12-11 20:42 . 2007-05-11 02:07 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-10 17:05 . 2009-12-04 18:48 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-09 10:29 . 2009-11-19 16:34 -------- d-----w- c:\users\mss\AppData\Roaming\gtk-2.0
    2009-12-04 18:48 . 2009-12-04 18:48 -------- d-----w- c:\programdata\Avira
    2009-12-04 18:48 . 2009-12-04 18:48 -------- d-----w- c:\program files\Avira
    2009-11-24 20:58 . 2009-06-23 18:40 1586 ----a-w- c:\users\mss\AppData\Roaming\wklnhst.dat
    2009-11-22 16:30 . 2009-11-22 16:30 -------- d-----w- c:\program files\SuperTux
    2009-11-22 16:26 . 2009-07-29 21:06 1 ----a-w- c:\users\mss\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-11-19 15:59 . 2009-11-19 15:59 -------- d-----w- c:\program files\GIMP-2.0
    2009-11-12 13:37 . 2009-11-12 13:35 -------- d-----w- c:\program files\PDFCreator
    2009-11-08 10:37 . 2009-05-15 07:18 74280 ----a-w- c:\users\mss\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-11-02 19:42 . 2009-10-04 10:23 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:59 . 2009-11-26 10:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-27 15:05 . 2009-12-10 17:19 832512 ----a-w- c:\windows\system32\wininet.dll
    2009-10-27 15:01 . 2009-12-10 17:19 56320 ----a-w- c:\windows\system32\iesetup.dll
    2009-10-27 15:01 . 2009-12-10 17:19 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-10-27 15:01 . 2009-12-10 17:19 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
    2009-10-27 14:59 . 2009-12-10 17:19 72704 ----a-w- c:\windows\system32\admparse.dll
    2009-10-27 12:27 . 2009-12-10 17:19 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-10-27 10:56 . 2009-12-10 17:19 48128 ----a-w- c:\windows\system32\mshtmler.dll
    2009-10-16 15:36 . 2009-07-29 21:03 411368 ----a-w- c:\windows\system32\deploytk.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-06-23 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
    "Google Update"="c:\users\mss\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-23 135664]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-06-23 1006264]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-04 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-04 8429568]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-04 81920]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-04-26 1286144]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-05-04 502544]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 206952]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-16 149280]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

    c:\users\mss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Notification de cadeaux MSN.lnk - c:\users\mss\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-9-19 135680]
    OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-15 1208320]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-11 535336]
    McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
    VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-9-21 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [21/09/2009 20:41 114768]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [15/05/2009 08:19 13560]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 19:48 108289]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [21/09/2009 20:41 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [21/09/2009 20:40 53328]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [11/05/2007 10:48 43008]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [11/05/2007 10:48 179712]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000Core.job
    - c:\users\mss\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 08:45]

    2010-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3129188988-1346450921-2992892770-1000UA.job
    - c:\users\mss\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 08:45]

    2010-01-08 c:\windows\Tasks\User_Feed_Synchronization-{D5AD2CD1-332D-4327-A51F-265208FD6B1A}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\mss\AppData\Roaming\Mozilla\Firefox\Profiles\wn4237sj.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\users\mss\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-Acer Tour Reminder - (no file)
    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
    HKLM-Run-eRecoveryService - (no file)

    **************************************************************************
    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(2944)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\windows\system32\btmmhook.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    c:\windows\system32\eDStoolbar.dll
    c:\windows\system32\ActiveToolBand.dll
    c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\EditMovie\MDTLM1Splter.ax
    c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\EditMovie\MDTLM2Splter.ax
    c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLWMFDemux.ax
    c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\Movie\CLDemuxer.ax
    .
    Heure de fin: 2010-01-08 20:05:40
    ComboFix-quarantined-files.txt 2010-01-08 19:05

    Avant-CF: 80 065 343 488 octets libres
    Après-CF: 80 008 036 352 octets libres

    - - End Of File - - A7F99BC7ECBCE587FBCA53A258568DD2
    0
  • 1
  • 2