INFECTION WIN32/KRYPTIK.CES
Fermé
Babas2Lyon
-
26 févr. 2010 à 12:48
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 - 27 févr. 2010 à 00:24
totobetourne Messages postés 5592 Date d'inscription dimanche 23 mars 2008 Statut Membre Dernière intervention 6 juin 2012 - 27 févr. 2010 à 00:24
8 réponses
juliendangers
Messages postés
226
Date d'inscription
lundi 30 juin 2008
Statut
Membre
Dernière intervention
28 octobre 2011
43
26 févr. 2010 à 13:33
26 févr. 2010 à 13:33
Bonjour,
Il est normal que MBAM ne puisse rien faire :
Je te conseille de suivre la procédure suivante :
* Commencer par créer un "Dossier dédié" sur le Bureau et le nommer "tdsskiller" (par exemple)
* Télécharger TDSSKiller.zip ici(https://support.kaspersky.com/downloads/utils/tdsskiller.zip et l'enregistrer dans le nouveau dossier
* Dézipper TDSSKiller.zip dans le même dossier (clic-droit => "Extraire ici". Glisser TDSSKiller.zip dans la corbeille pour le supprimer.]
* Fermer tout et désactiver antivirus et tout autre programme de protection. Cliquer sur TDSSKiller.exe pour lancer le programme et patienter jusqu'à la fin de l'analyse.
A la fin, le programme peut demander de redémarrer la machine pour finir la désinfection et se désactive lui-même.
Un rapport est sauvegardé, automatiquement, dans la racine de la partition système (généralement C:\). Le nom du rapport est sous la forme C:\TDSSKiller.version_JJ.MM.AAAA_HH.MN.SS_log.txt (exemple C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt)
Une fois le PC redémarré :
Désinstallez Mbam, s'il est installé
Téléchargez MBAM
Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)
Vous devez désactiver vos protections (antivirus, parefeu)
* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.
Enregistrez le sur le bureau .
Fermer toutes les fenêtres et programmes
Suivez les indications (en particulier le choix de la langue et l'autorisation d'acces à Internet)
N'apportez aucune modification aux réglages par défaut et, en fin d'installation,
Vérifiez que les options Update et Launch soient cochées
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.
cliquer sur OK pour fermer la boîte de dialogue..
* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:
Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.
* Une fois la mise à jour terminée, allez dans l'onglet Recherche.
* Sélectionnez "Exécuter un examen complet"
* Cliquez sur "Rechercher"
* .L' analyse prendra un certain temps, soyez patient !
* A la fin , un message affichera :
L'examen s'est terminé normalement.
*Si MBAM n'a rien trouvé, il le dira aussi.
Cliquez sur "Ok" pour poursuivre.
*Fermez les navigateurs.
Cliquez sur Afficher les résultats .
*Sélectionnez tout et cliquez sur Supprimer la sélection ,
MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.
* Copiez-collez ce rapport dans la prochaine réponse.
Vérifier la présence des fichiers et dossiers suivants :
C:\Program Files\Malware Defense\mdefense.exe
C:\Program Files\malware Defense\help.ico
C:\Program Files\malware Defense\md.db
C:\Program Files\malware Defense\mdext.dll
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense Support.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense Support.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense ReadMe.txt
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
Vérifier la présence des clés registres suivantes (démarrer/exécuter --> regedit) :
ATTENTION NE MODIFIER AUCUNES ENTREES, UNE SIMPLE VERIFICATION EST NECESSAIRE! TOUTE MODIFICATION POURRAIT CAUSER DE GRAVES DOMMAGES!
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense
Il est normal que MBAM ne puisse rien faire :
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan tik-ces#
Je te conseille de suivre la procédure suivante :
* Commencer par créer un "Dossier dédié" sur le Bureau et le nommer "tdsskiller" (par exemple)
* Télécharger TDSSKiller.zip ici(https://support.kaspersky.com/downloads/utils/tdsskiller.zip et l'enregistrer dans le nouveau dossier
* Dézipper TDSSKiller.zip dans le même dossier (clic-droit => "Extraire ici". Glisser TDSSKiller.zip dans la corbeille pour le supprimer.]
* Fermer tout et désactiver antivirus et tout autre programme de protection. Cliquer sur TDSSKiller.exe pour lancer le programme et patienter jusqu'à la fin de l'analyse.
A la fin, le programme peut demander de redémarrer la machine pour finir la désinfection et se désactive lui-même.
Un rapport est sauvegardé, automatiquement, dans la racine de la partition système (généralement C:\). Le nom du rapport est sous la forme C:\TDSSKiller.version_JJ.MM.AAAA_HH.MN.SS_log.txt (exemple C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt)
Une fois le PC redémarré :
Désinstallez Mbam, s'il est installé
Téléchargez MBAM
Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)
Vous devez désactiver vos protections (antivirus, parefeu)
* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.
Enregistrez le sur le bureau .
Fermer toutes les fenêtres et programmes
Suivez les indications (en particulier le choix de la langue et l'autorisation d'acces à Internet)
N'apportez aucune modification aux réglages par défaut et, en fin d'installation,
Vérifiez que les options Update et Launch soient cochées
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.
cliquer sur OK pour fermer la boîte de dialogue..
* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:
Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.
* Une fois la mise à jour terminée, allez dans l'onglet Recherche.
* Sélectionnez "Exécuter un examen complet"
* Cliquez sur "Rechercher"
* .L' analyse prendra un certain temps, soyez patient !
* A la fin , un message affichera :
L'examen s'est terminé normalement.
*Si MBAM n'a rien trouvé, il le dira aussi.
Cliquez sur "Ok" pour poursuivre.
*Fermez les navigateurs.
Cliquez sur Afficher les résultats .
*Sélectionnez tout et cliquez sur Supprimer la sélection ,
MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.
* Copiez-collez ce rapport dans la prochaine réponse.
Vérifier la présence des fichiers et dossiers suivants :
C:\Program Files\Malware Defense\mdefense.exe
C:\Program Files\malware Defense\help.ico
C:\Program Files\malware Defense\md.db
C:\Program Files\malware Defense\mdext.dll
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense Support.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense Support.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense ReadMe.txt
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
Vérifier la présence des clés registres suivantes (démarrer/exécuter --> regedit) :
ATTENTION NE MODIFIER AUCUNES ENTREES, UNE SIMPLE VERIFICATION EST NECESSAIRE! TOUTE MODIFICATION POURRAIT CAUSER DE GRAVES DOMMAGES!
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense
juliendangers
Messages postés
226
Date d'inscription
lundi 30 juin 2008
Statut
Membre
Dernière intervention
28 octobre 2011
43
26 févr. 2010 à 14:12
26 févr. 2010 à 14:12
de rien voici la "fin" de la procédure
A effectuer après le nettoyage de mbam
Vérifier la présence des fichiers et dossiers suivants :
C:\Program Files\Malware Defense\mdefense.exe
C:\Program Files\malware Defense\help.ico
C:\Program Files\malware Defense\md.db
C:\Program Files\malware Defense\mdext.dll
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense Support.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense Support.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense ReadMe.txt
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
Vérifier la présence des clés registres suivantes (démarrer/exécuter --> regedit) :
ATTENTION NE MODIFIER AUCUNES ENTREES, UNE SIMPLE VERIFICATION EST NECESSAIRE! TOUTE MODIFICATION POURRAIT CAUSER DE GRAVES DOMMAGES!
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense
A effectuer après le nettoyage de mbam
Vérifier la présence des fichiers et dossiers suivants :
C:\Program Files\Malware Defense\mdefense.exe
C:\Program Files\malware Defense\help.ico
C:\Program Files\malware Defense\md.db
C:\Program Files\malware Defense\mdext.dll
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense Support.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Malware Defense.lnk
C:\Documents and Settings\comp\Start Menu\Programs\malware Defense\Uninstall Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense Support.lnk
C:\Documents and Settings\comp\Desktop\Malware Defense ReadMe.txt
C:\Documents and Settings\comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk
Vérifier la présence des clés registres suivantes (démarrer/exécuter --> regedit) :
ATTENTION NE MODIFIER AUCUNES ENTREES, UNE SIMPLE VERIFICATION EST NECESSAIRE! TOUTE MODIFICATION POURRAIT CAUSER DE GRAVES DOMMAGES!
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defense
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense
juliendangers
Messages postés
226
Date d'inscription
lundi 30 juin 2008
Statut
Membre
Dernière intervention
28 octobre 2011
43
26 févr. 2010 à 14:14
26 févr. 2010 à 14:14
ooopss erreur de ma part... un examen rapide aurait été préférable :s mais peut importe le résultat n'en sera que plus long
Salut julien, Voici le rapport Malewarebytes
____________________________________
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3795
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
26/02/2010 15:05:40
mbam-log-2010-02-26 (15-05-40).txt
Type de recherche: Examen complet (C:\|H:\|I:\|)
Eléments examinés: 372853
Temps écoulé: 1 hour(s), 3 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 23
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\umcnfp_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\umcnfp_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\umcnfp.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\Atdv.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\DA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\H8SRT6e9a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temporary Internet Files\Content.IE5\CJ97YIVL\eH214422c9V0100f060006R3ce176e7102T6a390c55204l000cK7259637d30dP000201080[1] (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINNEW\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNEW\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINNEW\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINNEW\system32\h8srtshsyst.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\H8SRT77d1.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINNEW\Application Data\h8srtkrl32mainweq.dll (Rootkit.Trace) -> Quarantined and deleted successfully.
___________________________________________________
J'ai vérifié l'ensemble des fichiers et des clés registre cités dans ton post, et rien n'apparait.
Tu penses que c'est OK ?
____________________________________
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3795
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
26/02/2010 15:05:40
mbam-log-2010-02-26 (15-05-40).txt
Type de recherche: Examen complet (C:\|H:\|I:\|)
Eléments examinés: 372853
Temps écoulé: 1 hour(s), 3 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 23
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\umcnfp_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\umcnfp_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\umcnfp.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\Atdv.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\DA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\H8SRT6e9a.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temporary Internet Files\Content.IE5\CJ97YIVL\eH214422c9V0100f060006R3ce176e7102T6a390c55204l000cK7259637d30dP000201080[1] (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINNEW\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINNEW\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINNEW\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINNEW\system32\h8srtshsyst.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Seb\Local Settings\Temp\H8SRT77d1.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINNEW\Application Data\h8srtkrl32mainweq.dll (Rootkit.Trace) -> Quarantined and deleted successfully.
___________________________________________________
J'ai vérifié l'ensemble des fichiers et des clés registre cités dans ton post, et rien n'apparait.
Tu penses que c'est OK ?
juliendangers
Messages postés
226
Date d'inscription
lundi 30 juin 2008
Statut
Membre
Dernière intervention
28 octobre 2011
43
26 févr. 2010 à 15:44
26 févr. 2010 à 15:44
même si tout semble aller il arrive souvent qu'il y des petits récalcitrants :p
On va donc réaliser un nouveau log hijackthis en prévention ;)
On va donc réaliser un nouveau log hijackthis en prévention ;)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
OK Chef lol, ci-dessous le log Hi jack this
___________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:31, on 26/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINNEW\Explorer.EXE
C:\WINNEW\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNEW\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINNEW\RTHDCPL.EXE
C:\WINNEW\system32\ctfmon.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNEW\system32\svchost.exe
C:\Documents and Settings\Seb\Mes documents\Téléchargements\AieJac10.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail1db.orange.fr/webmail/fr_FR/trash.html?PAGE=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNEW\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINNEW\TEMP\E_SE874.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.sage.fr/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gt7Hr9 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNEW\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
___________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:31, on 26/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINNEW\Explorer.EXE
C:\WINNEW\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNEW\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINNEW\RTHDCPL.EXE
C:\WINNEW\system32\ctfmon.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNEW\system32\svchost.exe
C:\Documents and Settings\Seb\Mes documents\Téléchargements\AieJac10.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail1db.orange.fr/webmail/fr_FR/trash.html?PAGE=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNEW\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINNEW\TEMP\E_SE874.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.sage.fr/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gt7Hr9 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNEW\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
26 févr. 2010 à 17:05
26 févr. 2010 à 17:05
bonjour
vu le nombre d infections trouvees , il faudrait mieux faire un scan plus complet je suppose ,tu as cette possibilite.
on va analyser ton pc.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
vu le nombre d infections trouvees , il faudrait mieux faire un scan plus complet je suppose ,tu as cette possibilite.
on va analyser ton pc.
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Salut. Merci pour ton aide. 2 verif valent mieux qu'une....
Ci-dessous lecontenu de log.txt
________________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Seb at 2010-02-26 17:37:12
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 95 GB (41%) free of 232 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:14, on 26/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINNEW\Explorer.EXE
C:\WINNEW\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNEW\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINNEW\RTHDCPL.EXE
C:\WINNEW\system32\ctfmon.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\WINNEW\system32\svchost.exe
C:\Documents and Settings\Seb\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Seb.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail1db.orange.fr/webmail/fr_FR/trash.html?PAGE=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNEW\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINNEW\TEMP\E_SE874.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.sage.fr/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gt7Hr9 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNEW\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
Ci-dessous lecontenu de log.txt
________________________________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Seb at 2010-02-26 17:37:12
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 95 GB (41%) free of 232 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:14, on 26/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNEW\System32\smss.exe
C:\WINNEW\system32\winlogon.exe
C:\WINNEW\system32\services.exe
C:\WINNEW\system32\lsass.exe
C:\WINNEW\system32\svchost.exe
C:\WINNEW\System32\svchost.exe
C:\WINNEW\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINNEW\Explorer.EXE
C:\WINNEW\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNEW\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINNEW\RTHDCPL.EXE
C:\WINNEW\system32\ctfmon.exe
C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\WINNEW\system32\svchost.exe
C:\Documents and Settings\Seb\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Seb.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail1db.orange.fr/webmail/fr_FR/trash.html?PAGE=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNEW\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNEW\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINNEW\TEMP\E_SE874.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNEW\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Joindre la page Web au contact ACT! - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Joindre la page Web au contact ACT!... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNEW\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_3_0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.sage.fr/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gt7Hr9 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNEW\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
Et le contenu du 2nd rapport "info.txt"
______________________________________________
info.txt logfile of random's system information tool 1.06 2010-02-26 17:37:17
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNEW\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACT! by Sage 2009 (11.0)-->C:\Program Files\InstallShield Installation Information\{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}\setup.exe -runfromtemp -l0x040c
Adobe Flash Player 10 ActiveX-->C:\WINNEW\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Logiciel imprimante-->C:\WINNEW\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX200 Series Printer Uninstall-->C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE /R /APD /P:"EPSON Stylus SX200 Series"
EPSON Stylus SX200_SX400_TX200_TX400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_SX_TX\FRA\USE_G\DOCUNINS.EXE
ESET Smart Security-->MsiExec.exe /I{29BA7CBE-15A0-44C5-B412-CDB5E29F5904}
Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
FileZilla Client 3.3.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FRANCE PROSPECT Email 400-->MsiExec.exe /I{D9992086-5687-4413-A631-00AFA0BEBE6A}
HijackThis 2.0.2-->"C:\Documents and Settings\Seb\Mes documents\Téléchargements\HijackThis.exe" /uninstall
HomePlayer 1.5.9-->C:\Program Files\HomePlayer\uninst.exe
La Crapette, le Jardin, les Trains-->"C:\Program Files\Crapette Jardin Trains\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINNEW\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNEW\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (ACT7)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNEW\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour pour Windows XP (KB898461)-->"C:\WINNEW\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111-->C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINNEW\system32\nvudisp.exe UninstallGUI
Pilote vidéo Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users.WINNEW\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users.WINNEW\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe"
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNEW\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINNEW\$NtUninstallwmp11$\spuninst\spuninst.exe"
======Security center information======
AV: Malware Defense (outdated)
AV: ESET Smart Security 3.0 (disabled)
FW: Pare-feu personnel d'ESET
======System event log======
Computer Name: G-01
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 998
Source Name: EventLog
Time Written: 20091204131646.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 997
Source Name: EventLog
Time Written: 20091204131602.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 996
Source Name: Service Control Manager
Time Written: 20091204080708.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 995
Source Name: Service Control Manager
Time Written: 20091204080702.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.
Record Number: 994
Source Name: Service Control Manager
Time Written: 20091204080702.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: G-01
Event Code: 16
Message: The SQLBrowser is enabling SQL instance and connectivity discovery support.
Record Number: 1402
Source Name: SQLBrowser
Time Written: 20100110193847.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.
Record Number: 1401
Source Name: SQLBrowser
Time Written: 20100110193847.000000+060
Event Type: Avertissement
User:
Computer Name: G-01
Event Code: 0
Message: Starting ACT.OUTLOOK.SERVICE
Record Number: 1400
Source Name: ACT.OUTLOOK.SERVICE
Time Written: 20100110193845.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 0
Message: Service cannot be started. System.Exception: Unable to start scheduler service. Information de configuration du serveur manquante.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Record Number: 1399
Source Name: ACT! Scheduler
Time Written: 20100110193842.000000+060
Event Type: erreur
User:
Computer Name: G-01
Event Code: 0
Message: Initialisation du service Planificateur ACT!.
Record Number: 1398
Source Name: ACT! Scheduler
Time Written: 20100110193841.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Pinnacle\Shared Files\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0404
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
-----------------EOF-----------------
______________________________________________
info.txt logfile of random's system information tool 1.06 2010-02-26 17:37:17
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNEW\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
ACT! by Sage 2009 (11.0)-->C:\Program Files\InstallShield Installation Information\{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}\setup.exe -runfromtemp -l0x040c
Adobe Flash Player 10 ActiveX-->C:\WINNEW\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Logiciel imprimante-->C:\WINNEW\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX200 Series Printer Uninstall-->C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FINSEFE.EXE /R /APD /P:"EPSON Stylus SX200 Series"
EPSON Stylus SX200_SX400_TX200_TX400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_SX_TX\FRA\USE_G\DOCUNINS.EXE
ESET Smart Security-->MsiExec.exe /I{29BA7CBE-15A0-44C5-B412-CDB5E29F5904}
Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
FileZilla Client 3.3.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FRANCE PROSPECT Email 400-->MsiExec.exe /I{D9992086-5687-4413-A631-00AFA0BEBE6A}
HijackThis 2.0.2-->"C:\Documents and Settings\Seb\Mes documents\Téléchargements\HijackThis.exe" /uninstall
HomePlayer 1.5.9-->C:\Program Files\HomePlayer\uninst.exe
La Crapette, le Jardin, les Trains-->"C:\Program Files\Crapette Jardin Trains\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINNEW\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNEW\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (ACT7)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNEW\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mise à jour pour Windows XP (KB898461)-->"C:\WINNEW\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111-->C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINNEW\system32\nvudisp.exe UninstallGUI
Pilote vidéo Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users.WINNEW\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users.WINNEW\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe"
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNEW\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINNEW\$NtUninstallwmp11$\spuninst\spuninst.exe"
======Security center information======
AV: Malware Defense (outdated)
AV: ESET Smart Security 3.0 (disabled)
FW: Pare-feu personnel d'ESET
======System event log======
Computer Name: G-01
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 998
Source Name: EventLog
Time Written: 20091204131646.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 997
Source Name: EventLog
Time Written: 20091204131602.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 996
Source Name: Service Control Manager
Time Written: 20091204080708.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 995
Source Name: Service Control Manager
Time Written: 20091204080702.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.
Record Number: 994
Source Name: Service Control Manager
Time Written: 20091204080702.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: G-01
Event Code: 16
Message: The SQLBrowser is enabling SQL instance and connectivity discovery support.
Record Number: 1402
Source Name: SQLBrowser
Time Written: 20100110193847.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.
Record Number: 1401
Source Name: SQLBrowser
Time Written: 20100110193847.000000+060
Event Type: Avertissement
User:
Computer Name: G-01
Event Code: 0
Message: Starting ACT.OUTLOOK.SERVICE
Record Number: 1400
Source Name: ACT.OUTLOOK.SERVICE
Time Written: 20100110193845.000000+060
Event Type: Informations
User:
Computer Name: G-01
Event Code: 0
Message: Service cannot be started. System.Exception: Unable to start scheduler service. Information de configuration du serveur manquante.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Record Number: 1399
Source Name: ACT! Scheduler
Time Written: 20100110193842.000000+060
Event Type: erreur
User:
Computer Name: G-01
Event Code: 0
Message: Initialisation du service Planificateur ACT!.
Record Number: 1398
Source Name: ACT! Scheduler
Time Written: 20100110193841.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Pinnacle\Shared Files\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0404
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
-----------------EOF-----------------
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
26 févr. 2010 à 17:58
26 févr. 2010 à 17:58
il manque tout une partie importante du rapport en message 9,
colle moi juste apres les resultats de hijack, ou c est ecrit regystry dump.
colle moi juste apres les resultats de hijack, ou c est ecrit regystry dump.
Désolé voila la suite du rapport log.txt. Pour hi Jack, je ne vois pas de quelle partie du parle "ou c'est écrit registery dump". Peux-tu m'en dire plus ?
_____________________________________________________________
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}]
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - C:\WINNEW\system32\mscoree.dll [2005-09-23 270848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINNEW\system32\NvCpl.dll [2006-06-20 7622656]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Act.Outlook.Service"=C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe [2008-11-26 17408]
"Act! Preloader"=C:\Program Files\ACT\Act for Windows\ActSage.exe [2008-07-31 393216]
"RTHDCPL"=C:\WINNEW\RTHDCPL.EXE [2009-10-06 18750976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNEW\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []
"EPSON Stylus D92 Series"=C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE [2006-09-27 139264]
C:\Documents and Settings\All Users.WINNEW\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Démarrage
OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNEW\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\ACT\Act for Windows\ActSage.exe"="C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage"
"C:\Documents and Settings\Seb\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe"="C:\Documents and Settings\Seb\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99ad3dae-d030-11de-9b31-001e2ae3bde8}]
shell\AutoRun\command - L:\InstallTomTomHOME.exe
======List of files/folders created in the last 2 months======
2010-02-26 17:37:12 ----D---- C:\rsit
2010-02-26 17:37:12 ----D---- C:\Program Files\trend micro
2010-02-26 15:59:20 ----A---- C:\WINNEW\system32\devil.dll
2010-02-26 15:59:20 ----A---- C:\WINNEW\system32\avisynth.dll
2010-02-26 15:59:18 ----A---- C:\WINNEW\system32\yv12vfw.dll
2010-02-26 15:59:18 ----A---- C:\WINNEW\system32\i420vfw.dll
2010-02-26 15:59:18 ----A---- C:\WINNEW\system32\AVSredirect.dll
2010-02-26 15:59:17 ----D---- C:\Program Files\AviSynth 2.5
2010-02-26 15:58:44 ----RSH---- C:\WINNEW\system32\nbDX.dll
2010-02-26 15:58:44 ----RSH---- C:\WINNEW\system32\msfDX.dll
2010-02-26 15:58:43 ----RSH---- C:\WINNEW\system32\flvDX.dll
2010-02-26 15:58:35 ----D---- C:\Program Files\eRightSoft
2010-02-26 13:54:53 ----D---- C:\Documents and Settings\Seb\Application Data\Malwarebytes
2010-02-26 13:54:46 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Malwarebytes
2010-02-26 12:13:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-26 11:46:32 ----SHD---- C:\WINNEW\CSC
2010-02-25 15:50:19 ----D---- C:\Program Files\DVBCut
2010-02-25 15:19:18 ----D---- C:\Program Files\VirtualDubMOD
2010-02-24 08:09:20 ----SHD---- C:\Config.Msi
2010-02-23 20:12:19 ----D---- C:\Program Files\Fichiers communs\Pinnacle
2010-02-23 20:12:10 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Pinnacle Studio Ultimate
2010-02-23 20:07:16 ----D---- C:\Program Files\Pinnacle
2010-02-23 20:07:16 ----D---- C:\Program Files\Fichiers communs\Yahoo!
2010-02-23 20:07:16 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Studio 12
2010-02-23 20:07:16 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Pinnacle Studio Plus
2010-02-23 20:05:30 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Pinnacle
2010-02-11 10:49:57 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\FLEXnet
2010-02-11 10:41:42 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2010-02-11 10:40:46 ----D---- C:\Program Files\FileMaker
2010-02-11 10:38:04 ----D---- C:\Documents and Settings\Seb\Application Data\Leadertech
2010-02-10 10:44:53 ----D---- C:\Documents and Settings\Seb\Application Data\Juniper Networks
2010-02-07 17:38:20 ----A---- C:\WINNEW\ntbtlog.txt
2010-01-30 09:03:14 ----A---- C:\Documents and Settings\All Users.WINNEW\Application Data\h8srtmainqt.dll
2010-01-29 08:33:17 ----A---- C:\WINNEW\system32\E_FLBBZE.DLL
2010-01-29 08:33:17 ----A---- C:\WINNEW\system32\E_FD4BBZE.DLL
2009-12-29 16:36:48 ----A---- C:\WINNEW\CARTES.INI
2009-12-29 16:36:47 ----D---- C:\Program Files\Crapette Jardin Trains
======List of files/folders modified in the last 2 months======
2010-02-26 17:37:12 ----RHD---- C:\Program Files
2010-02-26 17:27:58 ----D---- C:\Documents and Settings\Seb\Application Data\vlc
2010-02-26 17:20:41 ----D---- C:\Documents and Settings\Seb\Application Data\dvdcss
2010-02-26 16:21:54 ----HD---- C:\WINNEW\inf
2010-02-26 16:21:54 ----D---- C:\WINNEW\system32\CatRoot2
2010-02-26 16:00:36 ----D---- C:\WINNEW
2010-02-26 15:59:20 ----D---- C:\WINNEW\system32
2010-02-26 15:59:16 ----RSD---- C:\WINNEW\Fonts
2010-02-26 15:42:27 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 15:12:20 ----A---- C:\WINNEW\system32\PerfStringBackup.INI
2010-02-26 15:09:36 ----D---- C:\WINNEW\Temp
2010-02-26 15:07:45 ----D---- C:\WINNEW\system32\drivers
2010-02-26 15:07:45 ----D---- C:\WINNEW\PeerNet
2010-02-26 15:07:19 ----A---- C:\WINNEW\SchedLgU.Txt
2010-02-26 13:21:10 ----D---- C:\WINNEW\system32\Restore
2010-02-26 10:51:37 ----D---- C:\WINNEW\Prefetch
2010-02-26 01:20:24 ----D---- C:\Documents and Settings\Seb\Application Data\FileZilla
2010-02-25 18:04:15 ----A---- C:\WINNEW\IE4 Error Log.txt
2010-02-25 10:44:16 ----D---- C:\Program Files\Everest Poker
2010-02-24 08:10:53 ----SHD---- C:\WINNEW\Installer
2010-02-24 08:10:15 ----D---- C:\WINNEW\WinSxS
2010-02-24 08:10:10 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Adobe
2010-02-24 08:09:58 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-02-24 08:09:58 ----D---- C:\Program Files\Adobe
2010-02-23 20:12:25 ----DC---- C:\WINNEW\system32\DRVSTORE
2010-02-23 20:12:19 ----D---- C:\Program Files\Fichiers communs
2010-02-23 12:06:44 ----D---- C:\Program Files\FileZilla FTP Client
2010-02-23 12:02:10 ----D---- C:\Program Files\HomePlayer
2010-02-18 13:09:21 ----SHD---- C:\System Volume Information
2010-02-11 10:40:43 ----D---- C:\Program Files\Fichiers communs\ODBC
2010-02-10 10:44:52 ----SD---- C:\WINNEW\Downloaded Program Files
2010-02-09 01:30:20 ----D---- C:\Program Files\eMule
2010-02-07 17:55:09 ----SHD---- C:\RECYCLER
2010-02-07 17:39:11 ----D---- C:\Documents and Settings
2010-02-04 15:14:42 ----SD---- C:\Documents and Settings\All Users.WINNEW\Application Data\Microsoft
2010-01-29 08:34:51 ----D---- C:\WINNEW\system32\CatRoot
2010-01-29 08:33:23 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\EPSON
2010-01-21 20:10:56 ----A---- C:\WINNEW\win.ini
2010-01-21 20:05:26 ----D---- C:\Program Files\PokerStars.NET
2010-01-21 19:35:39 ----D---- C:\Program Files\INFORAD
2010-01-10 17:33:32 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINNEW\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdi;epfwtdi; C:\WINNEW\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 intelppm;Pilote de processeur Intel; C:\WINNEW\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINNEW\system32\DRIVERS\AegisP.sys [2009-10-02 21275]
R2 eamon;EAMON; C:\WINNEW\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\WINNEW\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R3 Arp1394;Protocole client ARP 1394; C:\WINNEW\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 Epfwndis;Eset Personal Firewall; C:\WINNEW\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINNEW\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINNEW\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINNEW\system32\drivers\RtkHDAud.sys [2009-10-06 5922816]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINNEW\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Pilote HID de souris; C:\WINNEW\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINNEW\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINNEW\system32\DRIVERS\nv4_mini.sys [2006-06-20 3927136]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINNEW\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINNEW\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINNEW\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Concentrateur USB2; C:\WINNEW\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINNEW\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Pilote de stockage de masse USB; C:\WINNEW\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WpdUsb;WpdUsb; C:\WINNEW\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINNEW\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNEW\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINNEW\system32\DNINDIS5.SYS []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINNEW\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINNEW\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINNEW\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINNEW\system32\DRIVERS\sr.sys [2008-04-14 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$ACT7;SQL Server (ACT7); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNEW\system32\nvsvc32.exe [2006-06-20 155715]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [2008-02-08 185632]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNEW\system32\svchost.exe [2008-04-14 14336]
S2 ACT! Scheduler;ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [2008-07-31 81920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-05 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINNEW\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNEW\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-11 658432]
S3 gt7Hr9;gt7Hr9; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Liceusermq;Liceusermq; C:\WINNEW\system32\locator.exe [2008-04-14 75264]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
-----------------EOF-----------------
_____________________________________________________________
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}]
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - C:\WINNEW\system32\mscoree.dll [2005-09-23 270848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINNEW\system32\NvCpl.dll [2006-06-20 7622656]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Act.Outlook.Service"=C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe [2008-11-26 17408]
"Act! Preloader"=C:\Program Files\ACT\Act for Windows\ActSage.exe [2008-07-31 393216]
"RTHDCPL"=C:\WINNEW\RTHDCPL.EXE [2009-10-06 18750976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNEW\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []
"EPSON Stylus D92 Series"=C:\WINNEW\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE [2006-09-27 139264]
C:\Documents and Settings\All Users.WINNEW\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\Seb\Menu Démarrer\Programmes\Démarrage
OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNEW\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\ACT\Act for Windows\ActSage.exe"="C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage"
"C:\Documents and Settings\Seb\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe"="C:\Documents and Settings\Seb\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99ad3dae-d030-11de-9b31-001e2ae3bde8}]
shell\AutoRun\command - L:\InstallTomTomHOME.exe
======List of files/folders created in the last 2 months======
2010-02-26 17:37:12 ----D---- C:\rsit
2010-02-26 17:37:12 ----D---- C:\Program Files\trend micro
2010-02-26 15:59:20 ----A---- C:\WINNEW\system32\devil.dll
2010-02-26 15:59:20 ----A---- C:\WINNEW\system32\avisynth.dll
2010-02-26 15:59:18 ----A---- C:\WINNEW\system32\yv12vfw.dll
2010-02-26 15:59:18 ----A---- C:\WINNEW\system32\i420vfw.dll
2010-02-26 15:59:18 ----A---- C:\WINNEW\system32\AVSredirect.dll
2010-02-26 15:59:17 ----D---- C:\Program Files\AviSynth 2.5
2010-02-26 15:58:44 ----RSH---- C:\WINNEW\system32\nbDX.dll
2010-02-26 15:58:44 ----RSH---- C:\WINNEW\system32\msfDX.dll
2010-02-26 15:58:43 ----RSH---- C:\WINNEW\system32\flvDX.dll
2010-02-26 15:58:35 ----D---- C:\Program Files\eRightSoft
2010-02-26 13:54:53 ----D---- C:\Documents and Settings\Seb\Application Data\Malwarebytes
2010-02-26 13:54:46 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Malwarebytes
2010-02-26 12:13:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-26 11:46:32 ----SHD---- C:\WINNEW\CSC
2010-02-25 15:50:19 ----D---- C:\Program Files\DVBCut
2010-02-25 15:19:18 ----D---- C:\Program Files\VirtualDubMOD
2010-02-24 08:09:20 ----SHD---- C:\Config.Msi
2010-02-23 20:12:19 ----D---- C:\Program Files\Fichiers communs\Pinnacle
2010-02-23 20:12:10 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Pinnacle Studio Ultimate
2010-02-23 20:07:16 ----D---- C:\Program Files\Pinnacle
2010-02-23 20:07:16 ----D---- C:\Program Files\Fichiers communs\Yahoo!
2010-02-23 20:07:16 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Studio 12
2010-02-23 20:07:16 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Pinnacle Studio Plus
2010-02-23 20:05:30 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Pinnacle
2010-02-11 10:49:57 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\FLEXnet
2010-02-11 10:41:42 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2010-02-11 10:40:46 ----D---- C:\Program Files\FileMaker
2010-02-11 10:38:04 ----D---- C:\Documents and Settings\Seb\Application Data\Leadertech
2010-02-10 10:44:53 ----D---- C:\Documents and Settings\Seb\Application Data\Juniper Networks
2010-02-07 17:38:20 ----A---- C:\WINNEW\ntbtlog.txt
2010-01-30 09:03:14 ----A---- C:\Documents and Settings\All Users.WINNEW\Application Data\h8srtmainqt.dll
2010-01-29 08:33:17 ----A---- C:\WINNEW\system32\E_FLBBZE.DLL
2010-01-29 08:33:17 ----A---- C:\WINNEW\system32\E_FD4BBZE.DLL
2009-12-29 16:36:48 ----A---- C:\WINNEW\CARTES.INI
2009-12-29 16:36:47 ----D---- C:\Program Files\Crapette Jardin Trains
======List of files/folders modified in the last 2 months======
2010-02-26 17:37:12 ----RHD---- C:\Program Files
2010-02-26 17:27:58 ----D---- C:\Documents and Settings\Seb\Application Data\vlc
2010-02-26 17:20:41 ----D---- C:\Documents and Settings\Seb\Application Data\dvdcss
2010-02-26 16:21:54 ----HD---- C:\WINNEW\inf
2010-02-26 16:21:54 ----D---- C:\WINNEW\system32\CatRoot2
2010-02-26 16:00:36 ----D---- C:\WINNEW
2010-02-26 15:59:20 ----D---- C:\WINNEW\system32
2010-02-26 15:59:16 ----RSD---- C:\WINNEW\Fonts
2010-02-26 15:42:27 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 15:12:20 ----A---- C:\WINNEW\system32\PerfStringBackup.INI
2010-02-26 15:09:36 ----D---- C:\WINNEW\Temp
2010-02-26 15:07:45 ----D---- C:\WINNEW\system32\drivers
2010-02-26 15:07:45 ----D---- C:\WINNEW\PeerNet
2010-02-26 15:07:19 ----A---- C:\WINNEW\SchedLgU.Txt
2010-02-26 13:21:10 ----D---- C:\WINNEW\system32\Restore
2010-02-26 10:51:37 ----D---- C:\WINNEW\Prefetch
2010-02-26 01:20:24 ----D---- C:\Documents and Settings\Seb\Application Data\FileZilla
2010-02-25 18:04:15 ----A---- C:\WINNEW\IE4 Error Log.txt
2010-02-25 10:44:16 ----D---- C:\Program Files\Everest Poker
2010-02-24 08:10:53 ----SHD---- C:\WINNEW\Installer
2010-02-24 08:10:15 ----D---- C:\WINNEW\WinSxS
2010-02-24 08:10:10 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Adobe
2010-02-24 08:09:58 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-02-24 08:09:58 ----D---- C:\Program Files\Adobe
2010-02-23 20:12:25 ----DC---- C:\WINNEW\system32\DRVSTORE
2010-02-23 20:12:19 ----D---- C:\Program Files\Fichiers communs
2010-02-23 12:06:44 ----D---- C:\Program Files\FileZilla FTP Client
2010-02-23 12:02:10 ----D---- C:\Program Files\HomePlayer
2010-02-18 13:09:21 ----SHD---- C:\System Volume Information
2010-02-11 10:40:43 ----D---- C:\Program Files\Fichiers communs\ODBC
2010-02-10 10:44:52 ----SD---- C:\WINNEW\Downloaded Program Files
2010-02-09 01:30:20 ----D---- C:\Program Files\eMule
2010-02-07 17:55:09 ----SHD---- C:\RECYCLER
2010-02-07 17:39:11 ----D---- C:\Documents and Settings
2010-02-04 15:14:42 ----SD---- C:\Documents and Settings\All Users.WINNEW\Application Data\Microsoft
2010-01-29 08:34:51 ----D---- C:\WINNEW\system32\CatRoot
2010-01-29 08:33:23 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\EPSON
2010-01-21 20:10:56 ----A---- C:\WINNEW\win.ini
2010-01-21 20:05:26 ----D---- C:\Program Files\PokerStars.NET
2010-01-21 19:35:39 ----D---- C:\Program Files\INFORAD
2010-01-10 17:33:32 ----D---- C:\Documents and Settings\All Users.WINNEW\Application Data\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINNEW\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdi;epfwtdi; C:\WINNEW\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 intelppm;Pilote de processeur Intel; C:\WINNEW\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINNEW\system32\DRIVERS\AegisP.sys [2009-10-02 21275]
R2 eamon;EAMON; C:\WINNEW\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\WINNEW\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R3 Arp1394;Protocole client ARP 1394; C:\WINNEW\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 Epfwndis;Eset Personal Firewall; C:\WINNEW\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINNEW\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINNEW\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINNEW\system32\drivers\RtkHDAud.sys [2009-10-06 5922816]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINNEW\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Pilote HID de souris; C:\WINNEW\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINNEW\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINNEW\system32\DRIVERS\nv4_mini.sys [2006-06-20 3927136]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINNEW\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINNEW\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINNEW\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Concentrateur USB2; C:\WINNEW\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINNEW\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Pilote de stockage de masse USB; C:\WINNEW\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WpdUsb;WpdUsb; C:\WINNEW\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINNEW\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNEW\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINNEW\system32\DNINDIS5.SYS []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINNEW\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINNEW\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINNEW\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINNEW\system32\DRIVERS\sr.sys [2008-04-14 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$ACT7;SQL Server (ACT7); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNEW\system32\nvsvc32.exe [2006-06-20 155715]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [2008-02-08 185632]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNEW\system32\svchost.exe [2008-04-14 14336]
S2 ACT! Scheduler;ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [2008-07-31 81920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-10-05 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINNEW\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNEW\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-11 658432]
S3 gt7Hr9;gt7Hr9; C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe -s []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Liceusermq;Liceusermq; C:\WINNEW\system32\locator.exe [2008-04-14 75264]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
-----------------EOF-----------------
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
27 févr. 2010 à 00:24
27 févr. 2010 à 00:24
ton message 9 finit comme cela:merci.
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gt7Hr9 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNEW\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
End of file - 6913 bytes
======Registry dump======
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gt7Hr9 - Unknown owner - C:\Program Files\CPUID\PC Wizard 2009\Data\pcwizntl.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNEW\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
End of file - 6913 bytes
======Registry dump======
26 févr. 2010 à 14:06
Tout d'abord merci pour ta réponse rapide.
J'ai lancé tout la procédure. Malwarebytes s'est bien installé et j'ai lancé l'examen complet. Ne t'inquiètes pas je te réponds de mon portable.... tout est bien fermé sur mon ordi.
J'attends avec impatience le résultat. En attentant j'ai voulu lire la fin de la procédure mais ton message s'est coupé, trop long a mon avis. Peux-tu me mettre la fin de la procédure dans une autre réponse ?
Merci !