Pc lent suite security tool

kywaka -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je me suis retrouvé, comme nombre d'entre nous visiblement, piégé par security tool. J'ai d'abord redémarré mon pc en mode sans échec , désactivé la ligne avec les nombres, et passer MAM qui m'a apparemment supprimé ce virus.Par contre mon pc est très long a démarrer maintenant (ce n'était pas le cas avant), entre 10 et 15 mn avant de pouvoir l'utiliser Avez vous une solution pour me sortir de cette galère (j'ai passé Ccleaner et fait une défragmentation aussi)
Merci d'avance a tous pour votre aide
Configuration: Windows XP / Firefox 3.6 /AMD Athlon64 3000+ 2Ghz 1,5 Go Ram

10 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. kywaka
       
      merci deja de me repondre aussi rapidement voici les 2 fichiers
      info.txt logfile of random's system information tool 1.06 2010-03-04 21:49:16

      ======Uninstall list======

      -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7194117E-39CD-48B9-AE1E-612B273CE0F0}
      -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
      ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
      Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
      Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
      Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
      Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
      Adobe Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
      Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe
      Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
      Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
      Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
      Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
      Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
      avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
      Bit Che-->"C:\Program Files\Bit Che\unins000.exe"
      Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
      CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
      Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
      Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
      Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F}
      Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
      DR220A-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\uxtobirza\DR220\DeIsL1.isu" -c"C:\Program Files\uxtobirza\DR220\_ISREG32.DLL"
      eMule-->"C:\Program Files\eMule\Uninstall.exe"
      FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
      FpTest 3.0-->C:\Program Files\FpTest\uninst.exe
      Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
      Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
      Gestionnaire de Connexion SFR 2009.03-->"C:\Program Files\SFR\Gestionnaire de Connexion SFR\unins000.exe"
      GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
      Glary Utilities 2.17.0.776-->"C:\Program Files\Glary Utilities\unins000.exe"
      HashTab 2.0.8-->C:\Program Files\HashTab Shell Extension\uninst.exe
      HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
      HP My Display-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x40c -removeonly
      Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
      Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
      iPhoto Plus 4-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL1.isu"
      iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
      Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
      Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
      Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c UNINSTALL
      Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x40c UNINSTALL
      Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x040c -removeonly
      Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
      MeuhMeuhTV (désinstallation uniquement)-->C:\Program Files\MeuhMeuhTV\UninstMMTV.exe
      Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
      Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
      Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
      Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
      Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
      Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
      Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
      Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
      Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
      Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
      Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
      Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
      Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
      Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
      Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
      Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
      Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
      Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
      Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      Mozilla Thunderbird (2.0.0.9)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
      Mp3tag v2.45a-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
      MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
      MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
      MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
      MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
      MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
      MusicBrainz Tagger 0.10.2-->C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
      My Web Tattoo for Firefox (Fast Browser Search)-->C:\Program Files\FBSearch Toolbar\FbsUninstall.exe
      Nero 8 Lite 8.2.8.0-->"C:\Program Files\Nero\unins000.exe"
      NewsLeecher v3.9 Beta 11-->"C:\Program Files\NewsLeecher\unins000.exe"
      Nokia Connectivity Cable Driver-->MsiExec.exe /I{C50EF365-2898-489A-B6C7-30DAA466E9A2}
      Nokia Download!-->MsiExec.exe /X{D353C323-5E95-4873-9825-9FEC1C8A3794}
      Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
      Nokia Maps Updater 1.0.12-->"C:\Program Files\Nokia\Nokia Maps Updater\Uninstall Information\unins000.exe"
      Nokia Ovi Player-->MsiExec.exe /I{A528306A-C5EC-481C-A619-6106334E6800}
      Nokia Ovi Suite Software Updater-->MsiExec.exe /X{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}
      Nokia Ovi Suite-->C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
      Nokia Ovi Suite-->MsiExec.exe /X{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}
      Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe
      Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
      Nokia Photos-->MsiExec.exe /I{0EABFEF6-6D10-4C12-8667-3029C481D355}
      Nokia Software Updater-->MsiExec.exe /X{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}
      Nokia_Multimedia_Common_Components_2_5-->MsiExec.exe /I{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}
      Notepad++-->C:\Program Files\Notepad++\uninstall.exe
      NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
      OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
      Orb-->"C:\Program Files\Orb Networks\Orb\uninstall.exe"
      Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
      Ovi Desktop Sync Engine-->MsiExec.exe /X{F1C3541D-5B93-4131-B440-692FBA3DD250}
      OviMPlatform-->MsiExec.exe /I{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}
      Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
      Package de pilotes Windows - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
      Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
      PC Connectivity Solution-->MsiExec.exe /I{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}
      PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x040c -z"Uninstall" -removeonly
      PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x00040c /z-uninstall
      Quartz Studio Free-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\DigitalSoundPlanet\Quartz Studio Free 370F\DeIsL1.isu" -c"C:\Program Files\DigitalSoundPlanet\Quartz Studio Free 370F\_ISREG32.DLL"
      QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
      QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe"
      QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
      Real Alternative 1.7.5 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
      Realtek AC'97 Audio-->Alcrmv.exe -r -m
      Remote Control USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
      Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
      Savvy TV-->MsiExec.exe /I{99C2BB71-62FC-47C1-8571-7C1AE7328520}
      SDK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
      Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
      Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
      SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
      TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
      TVUPlayer 2.4.9.1-->C:\Program Files\TVUPlayer\uninst.exe
      UDPixel_fr.exe-->"C:\Program Files\UDPixel\uninstall.exe"
      Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
      VirginMega.Fr Premium-->MsiExec.exe /I{C179292C-735A-47EC-AD6D-AC6C6BE20017}
      Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
      Visual C++ CRT 9.0-->MsiExec.exe /I{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}
      WinAVI Video Capture 2.0-->"C:\Program Files\WinAVI Video Capture\unins000.exe"
      WinAVI Video Converter 8.0-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
      Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
      Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
      Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
      Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
      Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
      Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
      Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
      Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
      Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
      Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
      Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
      ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

      ======Hosts File======

      127.0.0.1 www.newsleecher.com
      127.0.0.1 newsleecher.com
      127.0.0.1 www.007guard.com
      127.0.0.1 007guard.com
      127.0.0.1 008i.com
      127.0.0.1 www.008k.com
      127.0.0.1 008k.com
      127.0.0.1 www.00hq.com
      127.0.0.1 00hq.com
      127.0.0.1 010402.com

      ======Security center information======

      AV: avast! Antivirus
      FW: ZoneAlarm Firewall

      ======System event log======

      Computer Name: SWEET-4688648EF
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

      Record Number: 65701
      Source Name: Service Control Manager
      Time Written: 20100218220518.000000+060
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: SWEET-4688648EF
      Event Code: 10005
      Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments ""
      pour démarrer le serveur :
      {1BE1F766-5536-11D1-B726-00C04FB926AF}

      Record Number: 65700
      Source Name: DCOM
      Time Written: 20100218213420.000000+060
      Event Type: erreur
      User: AUTORITE NT\SYSTEM

      Computer Name: SWEET-4688648EF
      Event Code: 7036
      Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

      Record Number: 65699
      Source Name: Service Control Manager
      Time Written: 20100218213415.000000+060
      Event Type: Informations
      User:

      Computer Name: SWEET-4688648EF
      Event Code: 7035
      Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

      Record Number: 65698
      Source Name: Service Control Manager
      Time Written: 20100218213415.000000+060
      Event Type: Informations
      User: AUTORITE NT\SYSTEM

      Computer Name: SWEET-4688648EF
      Event Code: 7036
      Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

      Record Number: 65697
      Source Name: Service Control Manager
      Time Written: 20100218213400.000000+060
      Event Type: Informations
      User:

      =====Application event log=====

      Computer Name: SWEET-4688648EF
      Event Code: 1904
      Message:
      Record Number: 12700
      Source Name: HHCTRL
      Time Written: 20100114215529.000000+060
      Event Type: Informations
      User:

      Computer Name: SWEET-4688648EF
      Event Code: 1904
      Message:
      Record Number: 12699
      Source Name: HHCTRL
      Time Written: 20100114215529.000000+060
      Event Type: Informations
      User:

      Computer Name: SWEET-4688648EF
      Event Code: 1904
      Message:
      Record Number: 12698
      Source Name: HHCTRL
      Time Written: 20100114215529.000000+060
      Event Type: Informations
      User:

      Computer Name: SWEET-4688648EF
      Event Code: 1904
      Message:
      Record Number: 12697
      Source Name: HHCTRL
      Time Written: 20100114215529.000000+060
      Event Type: Informations
      User:

      Computer Name: SWEET-4688648EF
      Event Code: 1904
      Message:
      Record Number: 12696
      Source Name: HHCTRL
      Time Written: 20100114215529.000000+060
      Event Type: Informations
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\
      "windir"=%SystemRoot%
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "PROCESSOR_ARCHITECTURE"=x86
      "PROCESSOR_LEVEL"=15
      "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
      "PROCESSOR_REVISION"=0c00
      "NUMBER_OF_PROCESSORS"=1
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "tvdumpflags"=8
      "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

      -----------------EOF-----------------
      et la suite
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Francois at 2010-03-04 21:48:34
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 12 GB (27%) free of 45 GB
      Total RAM: 1535 MB (59% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:49:07, on 04/03/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Outlook Express\msimn.exe
      C:\Documents and Settings\Francois\Bureau\RSIT.exe
      C:\Program Files\trend micro\Francois.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\77078938
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\77078938]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. kywaka
       
      est-ce que je copie
      File::
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\77078938
      Registry::
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\77078938]

      ou je supprime File:: et registry::
      je prefere demander plutot que de me planter
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu copie ceci



    File::
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\77078938
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\77078938]

    0
    1. kywaka
       
      tu va me prendre pour un nul :) ,quelle extension je dois mettre a mon fichier cfscript ?
      0
    2. kywaka
       
      le rapport de combo fix

      ComboFix 10-03-04.02 - Francois 04/03/2010 23:06:37.1.1 - x86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.1142 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Francois\Bureau\ComboFix.exe
      Commutateurs utilisés :: c:\documents and settings\Francois\Bureau\CFscript.txt
      AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
      FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

      AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

      FILE ::
      "c:\docume~1\ALLUSE~1\APPLIC~1\77078938"
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\1213-210024-Johnny Hallyday
      C:\1213-210024-Johnny Hallyday
      C:\1213-211623-Johnny Hallyday
      C:\1213-211623-Johnny Hallyday
      C:\1213-230247-Johnny Hallyday
      C:\1213-230247-Johnny Hallyday
      c:\documents and settings\Evelyne\Application Data\avdrn.dat
      c:\windows\system32\driVERs\Flpydisk.sys
      c:\windows\system32\robocopy.exe
      D:\install.exe

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 ))))))))))))))))))))))))))))))))))))
      .

      2010-03-04 20:48 . 2010-03-04 20:49 -------- d-----w- C:\rsit
      2010-03-04 20:48 . 2010-03-04 20:49 -------- d-----w- c:\program files\trend micro
      2010-03-02 21:48 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2010-03-02 21:48 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2010-03-02 21:48 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2010-03-02 21:48 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2010-03-02 21:48 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2010-03-02 21:48 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2010-03-02 21:48 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2010-03-02 21:48 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
      2010-03-02 21:48 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
      2010-03-02 21:48 . 2010-03-02 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
      2010-03-01 08:41 . 2010-03-01 08:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
      2010-02-26 21:04 . 2010-02-26 21:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
      2010-02-23 20:19 . 2010-02-23 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
      2010-02-12 20:50 . 2010-02-12 20:50 -------- d-----w- c:\documents and settings\Francois\Tracing
      2010-02-12 20:50 . 2010-02-12 20:50 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-02-12 20:49 . 2010-02-12 20:49 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
      2010-02-12 20:49 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
      2010-02-12 20:48 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
      2010-02-12 20:48 . 2010-02-12 20:48 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2010-02-12 20:47 . 2010-02-12 20:50 -------- d-----w- c:\program files\Microsoft
      2010-02-12 20:46 . 2010-02-12 20:46 -------- d-----w- c:\program files\Windows Live SkyDrive
      2010-02-12 20:39 . 2010-02-12 20:39 -------- d-----w- c:\program files\Fichiers communs\Windows Live

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-03-04 22:14 . 2008-10-30 21:55 113358880 --sha-w- c:\windows\system32\drivers\fidbox.dat
      2010-03-04 22:11 . 2008-10-30 21:55 1332344 --sha-w- c:\windows\system32\drivers\fidbox.idx
      2010-03-04 17:14 . 2010-03-04 19:48 24576 ----a-w- c:\windows\Internet Logs\xDBD.tmp
      2010-03-04 15:30 . 2010-03-04 16:27 24576 ----a-w- c:\windows\Internet Logs\xDBC.tmp
      2010-03-04 13:00 . 2010-03-04 14:13 23552 ----a-w- c:\windows\Internet Logs\xDBB.tmp
      2010-03-04 11:09 . 2010-03-04 12:30 60928 ----a-w- c:\windows\Internet Logs\xDBA.tmp
      2010-03-03 22:55 . 2008-10-30 19:05 -------- d-----w- c:\program files\Java
      2010-03-03 18:39 . 2009-01-15 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-03-03 16:39 . 2010-03-03 18:15 35328 ----a-w- c:\windows\Internet Logs\xDB9.tmp
      2010-03-02 23:31 . 2010-03-03 07:44 294400 ----a-w- c:\windows\Internet Logs\xDB7.tmp
      2010-03-02 23:31 . 2010-03-03 07:44 3341312 ----a-w- c:\windows\Internet Logs\xDB8.tmp
      2010-03-02 21:48 . 2008-10-30 21:37 -------- d-----w- c:\program files\Alwil Software
      2010-03-02 12:45 . 2010-03-02 14:14 24576 ----a-w- c:\windows\Internet Logs\xDB6.tmp
      2010-03-02 09:58 . 2010-03-02 10:56 30208 ----a-w- c:\windows\Internet Logs\xDB5.tmp
      2010-03-02 08:43 . 2010-03-02 08:44 45056 ----a-w- c:\windows\Internet Logs\xDB4.tmp
      2010-03-01 22:30 . 2010-03-01 22:31 2781184 ----a-w- c:\windows\Internet Logs\xDB3.tmp
      2010-03-01 21:03 . 2009-01-22 20:16 -------- d-----w- c:\program files\CCleaner
      2010-03-01 11:12 . 2010-03-01 11:14 3307008 ----a-w- c:\windows\Internet Logs\xDB2.tmp
      2010-03-01 08:40 . 2010-03-01 08:40 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat
      2010-02-25 22:05 . 2010-02-25 22:05 1955624 ----a-w- c:\documents and settings\Francois\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
      2010-02-23 23:20 . 2008-11-04 18:10 -------- d-----w- c:\documents and settings\Francois\Application Data\uTorrent
      2010-02-23 20:29 . 2009-02-01 20:10 -------- d-----w- c:\program files\TVAnts
      2010-02-23 20:19 . 2009-02-08 20:41 -------- d-----w- c:\program files\TVUPlayer
      2010-02-22 17:38 . 2009-01-17 17:45 22063639 ----a-w- c:\windows\Internet Logs\tvDebug.zip
      2010-02-15 14:13 . 2009-12-17 15:16 64099864 ----a-w- c:\documents and settings\Francois\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
      2010-02-12 21:46 . 2002-09-07 00:00 84538 ----a-w- c:\windows\system32\perfc00C.dat
      2010-02-12 21:46 . 2002-09-07 00:00 509552 ----a-w- c:\windows\system32\perfh00C.dat
      2010-02-12 20:49 . 2008-10-30 19:07 -------- d-----w- c:\program files\Windows Live
      2010-01-24 16:55 . 2010-01-24 16:55 -------- d-----w- c:\program files\VirginMega
      2010-01-24 16:54 . 2009-04-10 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
      2010-01-23 17:52 . 2010-01-23 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
      2010-01-17 22:25 . 2009-01-22 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-01-17 22:25 . 2009-01-22 20:49 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
      2010-01-15 21:59 . 2010-01-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Remote Control Software Common
      2010-01-15 21:58 . 2008-10-30 22:08 -------- d-----w- c:\program files\Logitech
      2010-01-15 21:58 . 2008-10-30 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
      2010-01-15 21:58 . 2010-01-15 21:58 -------- d-----w- c:\program files\Fichiers communs\Remote Control USB Driver
      2010-01-15 21:58 . 2010-01-15 21:58 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
      2010-01-14 22:18 . 2009-04-15 12:15 -------- d-----w- c:\program files\WinAVI Video Capture
      2010-01-14 22:18 . 2008-10-30 18:34 -------- d-----w- c:\program files\Windows Media Connect 2
      2010-01-14 22:18 . 2008-10-30 19:09 -------- d-----w- c:\program files\Real Alternative
      2010-01-14 22:18 . 2008-10-30 19:09 -------- d-----w- c:\program files\QuickTime Alternative
      2010-01-14 22:18 . 2008-10-30 19:03 -------- d-----w- c:\program files\QuickPar
      2010-01-14 22:17 . 2009-04-30 21:54 -------- d-----w- c:\program files\MusicBrainz Tagger
      2010-01-14 22:17 . 2008-10-30 19:09 -------- d-----w- c:\program files\Media Player Classic
      2010-01-14 22:17 . 2009-12-10 22:05 -------- d-----w- c:\program files\Freeplayer
      2010-01-14 22:17 . 2008-10-30 19:09 -------- d-----w- c:\program files\Combined Community Codec Pack
      2010-01-14 21:14 . 2010-01-14 21:18 24443520 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_fr.exe
      2010-01-13 22:25 . 2009-11-17 22:34 -------- d-----w- c:\documents and settings\Francois\Application Data\Nokia
      2010-01-13 21:45 . 2009-11-17 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
      2010-01-13 21:45 . 2009-11-17 22:19 -------- d-----w- c:\program files\Nokia
      2010-01-10 20:36 . 2009-07-25 21:33 66656 ---ha-w- c:\windows\system32\mlfcache.dat
      2010-01-10 17:38 . 2010-01-10 17:40 3076608 ----a-w- c:\windows\Internet Logs\xDB1.tmp
      2010-01-07 23:06 . 2010-01-07 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Smart PC Solutions
      2010-01-07 22:02 . 2010-01-07 22:02 -------- d-----w- c:\documents and settings\Kylian\Application Data\PC Suite
      2010-01-07 15:07 . 2009-01-22 20:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-01-07 15:07 . 2009-01-22 20:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-01-06 11:08 . 2010-01-07 21:24 4726272 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
      2010-01-06 11:08 . 2010-01-07 21:24 103424 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
      2010-01-06 11:08 . 2010-01-07 21:24 545280 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
      2010-01-06 11:08 . 2010-01-07 21:24 4725760 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
      2010-01-06 11:08 . 2010-01-07 21:24 57856 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
      2010-01-06 11:08 . 2010-01-07 21:24 344064 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
      2010-01-06 11:08 . 2010-01-07 21:24 153600 ----a-w- c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
      2010-01-05 23:29 . 2010-01-05 23:29 -------- d-----w- c:\program files\FpTest
      2010-01-04 21:23 . 2010-01-04 21:22 -------- d-----w- c:\program files\eMule
      2009-12-24 17:19 . 2009-12-24 17:19 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
      2009-12-24 17:19 . 2009-12-24 17:19 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
      2009-12-24 17:19 . 2009-12-24 17:19 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
      2009-12-24 17:19 . 2009-12-24 17:19 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
      2009-12-24 17:19 . 2009-12-24 17:19 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
      2009-12-24 17:19 . 2009-12-24 17:19 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
      2009-12-24 17:18 . 2009-12-24 17:18 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
      2006-05-03 10:06 . 2009-06-30 21:32 163328 --sh--r- c:\windows\system32\flvDX.dll
      2007-02-21 11:47 . 2009-06-30 21:32 31232 --sh--r- c:\windows\system32\msfDX.dll
      2008-03-16 13:30 . 2009-06-30 21:32 216064 --sh--r- c:\windows\system32\nbDX.dll
      .

      ------- Sigcheck -------

      [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\tcpip.sys
      [-] 2008-01-16 . 9EDCA6CC591147475D1F09E95020D956 . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys

      [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\winlogon.exe
      [-] 2008-01-21 . DF3ED75D36BB55FEDF9F02EC863BDF3F . 555520 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

      [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\comctl32.dll
      [-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\asms\60\msft\windows\common\controls\comctl32.dll
      [-] 2008-01-21 . CE8615ABC9DCF79517CA7D9975C6A6CA . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll

      [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\user32.dll
      [-] 2008-01-21 . D631FBC2A8B9AF181A8612276FC56154 . 579072 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

      [-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\explorer.exe
      [-] 2008-01-21 . BAA0E1B7DA39D7BFCB2E0306B3E98EC1 . 1573376 . . [6.00.2900.3156] . . c:\windows\explorer.exe

      [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SDold\Download\7a1946fba2b8886ae6be37be6d51ae57\ctfmon.exe
      [-] 2008-01-21 . D91EE13BFFBBDC87E59FCC101247D1F5 . 40960 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
      "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "ShowDeskFix"="shell32" [X]

      c:\documents and settings\Evelyne\Menu D‚marrer\Programmes\D‚marrage\
      winesm32.exe [2004-8-4 61440]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMBalloonTip"= 0 (0x0)
      "NoSMConfigurePrograms"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMBalloonTip"= 0 (0x0)
      "NoSMConfigurePrograms"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
      path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
      backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PHOTOfunSTUDIO -viewer-.lnk]
      backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
      c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer [X]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
      2008-07-11 15:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2009-07-13 12:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
      2009-11-06 15:00 2090272 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
      2009-12-10 14:05 401728 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
      2009-03-17 17:40 510416 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
      2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Savvy DTV Service]
      2006-05-29 21:35 49152 ----a-w- c:\program files\Savvy TV\DTV Service.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
      2004-03-18 08:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "vsmon"=2 (0x2)
      "ServiceSFRABCD"=2 (0x2)
      "ServiceLayer"=3 (0x3)
      "ose"=3 (0x3)
      "odserv"=3 (0x3)
      "Microsoft Office Groove Audit Service"=3 (0x3)
      "maconfservice"=3 (0x3)
      "JavaQuickStarterService"=2 (0x2)
      "iPod Service"=3 (0x3)
      "Bonjour Service"=2 (0x2)
      "Apple Mobile Device"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
      "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
      "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
      "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
      "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
      "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
      "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/10/2008 19:41 716272]
      R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/03/2010 22:48 162512]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/03/2010 22:48 19024]
      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/02/2010 21:49 54752]
      R3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [12/11/2008 21:09 8576]
      R3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [12/11/2008 21:09 384128]
      S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
      S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/12/2009 18:20 136704]
      S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [29/07/2009 22:00 110080]
      S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [29/07/2009 22:00 104960]
      S4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
      S4 ServiceSFRABCD;Service SFR Gestionnaire Connexion;c:\program files\SFR\Gestionnaire de Connexion SFR\SFRABCdService.exe [29/07/2009 21:59 621184]

      --- Autres Services/Pilotes en mémoire ---

      *NewlyCreated* - HELPSVC

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      getPlusHelper REG_MULTI_SZ getPlusHelper
      .
      Contenu du dossier 'Tâches planifiées'

      2009-11-30 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files\Glary Utilities\initialize.exe [2009-11-30 09:21]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = search.net-studio.org
      uInternet Settings,ProxyOverride = *.local
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      FF - ProfilePath - c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
      FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
      FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
      FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={B8B3C4EF-A4AC-74D8-CEDA-E165506519AA}&q=
      FF - prefs.js: network.proxy.type - 5
      FF - component: c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
      FF - plugin: c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
      FF - plugin: c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
      FF - plugin: c:\documents and settings\Francois\Application Data\Mozilla\Firefox\Profiles\93636928.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
      FF - plugin: c:\documents and settings\Francois\Application Data\Mozilla\plugins\npcoolirisplugin.dll
      FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
      FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
      FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

      ---- PARAMETRES FIREFOX ----
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
      MSConfigStartUp-UnlockerAssistant - f:\program files\Unlocker\UnlockerAssistant.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-03-04 23:14
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A32C1F8]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
      \Driver\ACPI -> ACPI.sys @ 0xba669cb8
      \Driver\atapi -> 0x8a32c1f8
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578c34
      ParseProcedure -> ntkrnlpa.exe @ 0x80577896
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578c34
      ParseProcedure -> ntkrnlpa.exe @ 0x80577896
      Warning: possible MBR rootkit infection !
      user & kernel MBR OK

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
      "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(780)
      c:\windows\system32\SETUPAPI.dll
      c:\windows\system32\COMRes.dll
      c:\windows\system32\cscui.dll

      - - - - - - - > 'lsass.exe'(860)
      c:\windows\system32\SETUPAPI.dll

      - - - - - - - > 'Explorer.EXE'(1812)
      c:\windows\system32\COMRes.dll
      c:\windows\System32\cscui.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\SETUPAPI.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\NETSHELL.dll
      c:\windows\system32\credui.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\ZoneLabs\vsmon.exe
      c:\program files\Alwil Software\Avast5\AvastSvc.exe
      c:\windows\SOUNDMAN.EXE
      c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
      c:\windows\system32\nvsvc32.exe
      c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
      c:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Heure de fin: 2010-03-04 23:18:29 - La machine a redémarré
      ComboFix-quarantined-files.txt 2010-03-04 22:18

      Avant-CF: 12 824 477 696 octets libres
      Après-CF: 12 792 807 424 octets libres

      - - End Of File - - 67D4483AFC9B12516437F1284FC57134
      le fichier log
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Francois at 2010-03-04 23:36:48
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 12 GB (27%) free of 45 GB
      Total RAM: 1535 MB (68% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:37:04, on 04/03/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Francois\Bureau\RSIT.exe
      C:\Program Files\trend micro\Francois.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  4. kywaka
     
    la fin de log :
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
    S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
    S4 ServiceSFRABCD;Service SFR Gestionnaire Connexion; C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [2009-03-20 621184]

    -----------------EOF-----------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kywaka
     
    et le fichier info

    info.txt logfile of random's system information tool 1.06 2010-03-04 21:49:16

    ======Uninstall list======

    -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7194117E-39CD-48B9-AE1E-612B273CE0F0}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    Adobe Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
    Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe
    Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
    Bit Che-->"C:\Program Files\Bit Che\unins000.exe"
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
    Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F}
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    DR220A-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\uxtobirza\DR220\DeIsL1.isu" -c"C:\Program Files\uxtobirza\DR220\_ISREG32.DLL"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
    FpTest 3.0-->C:\Program Files\FpTest\uninst.exe
    Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
    Gestionnaire de Connexion SFR 2009.03-->"C:\Program Files\SFR\Gestionnaire de Connexion SFR\unins000.exe"
    GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Glary Utilities 2.17.0.776-->"C:\Program Files\Glary Utilities\unins000.exe"
    HashTab 2.0.8-->C:\Program Files\HashTab Shell Extension\uninst.exe
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP My Display-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x40c -removeonly
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    iPhoto Plus 4-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\iPhoto Plus 4\DeIsL1.isu"
    iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
    Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c UNINSTALL
    Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x40c UNINSTALL
    Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x040c -removeonly
    Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
    MeuhMeuhTV (désinstallation uniquement)-->C:\Program Files\MeuhMeuhTV\UninstMMTV.exe
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.9)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    Mp3tag v2.45a-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
    MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    MusicBrainz Tagger 0.10.2-->C:\PROGRA~1\MUSICB~1\UNWISE.EXE C:\PROGRA~1\MUSICB~1\INSTALL.LOG
    My Web Tattoo for Firefox (Fast Browser Search)-->C:\Program Files\FBSearch Toolbar\FbsUninstall.exe
    Nero 8 Lite 8.2.8.0-->"C:\Program Files\Nero\unins000.exe"
    NewsLeecher v3.9 Beta 11-->"C:\Program Files\NewsLeecher\unins000.exe"
    Nokia Connectivity Cable Driver-->MsiExec.exe /I{C50EF365-2898-489A-B6C7-30DAA466E9A2}
    Nokia Download!-->MsiExec.exe /X{D353C323-5E95-4873-9825-9FEC1C8A3794}
    Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
    Nokia Maps Updater 1.0.12-->"C:\Program Files\Nokia\Nokia Maps Updater\Uninstall Information\unins000.exe"
    Nokia Ovi Player-->MsiExec.exe /I{A528306A-C5EC-481C-A619-6106334E6800}
    Nokia Ovi Suite Software Updater-->MsiExec.exe /X{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}
    Nokia Ovi Suite-->C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
    Nokia Ovi Suite-->MsiExec.exe /X{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}
    Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe
    Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
    Nokia Photos-->MsiExec.exe /I{0EABFEF6-6D10-4C12-8667-3029C481D355}
    Nokia Software Updater-->MsiExec.exe /X{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}
    Nokia_Multimedia_Common_Components_2_5-->MsiExec.exe /I{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Orb-->"C:\Program Files\Orb Networks\Orb\uninstall.exe"
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Ovi Desktop Sync Engine-->MsiExec.exe /X{F1C3541D-5B93-4131-B440-692FBA3DD250}
    OviMPlatform-->MsiExec.exe /I{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}
    Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
    Package de pilotes Windows - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
    PC Connectivity Solution-->MsiExec.exe /I{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}
    PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x040c -z"Uninstall" -removeonly
    PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x00040c /z-uninstall
    Quartz Studio Free-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\DigitalSoundPlanet\Quartz Studio Free 370F\DeIsL1.isu" -c"C:\Program Files\DigitalSoundPlanet\Quartz Studio Free 370F\_ISREG32.DLL"
    QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
    QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe"
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    Real Alternative 1.7.5 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
    Realtek AC'97 Audio-->Alcrmv.exe -r -m
    Remote Control USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
    Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
    Savvy TV-->MsiExec.exe /I{99C2BB71-62FC-47C1-8571-7C1AE7328520}
    SDK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    TVUPlayer 2.4.9.1-->C:\Program Files\TVUPlayer\uninst.exe
    UDPixel_fr.exe-->"C:\Program Files\UDPixel\uninstall.exe"
    Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
    VirginMega.Fr Premium-->MsiExec.exe /I{C179292C-735A-47EC-AD6D-AC6C6BE20017}
    Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
    Visual C++ CRT 9.0-->MsiExec.exe /I{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}
    WinAVI Video Capture 2.0-->"C:\Program Files\WinAVI Video Capture\unins000.exe"
    WinAVI Video Converter 8.0-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
    Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
    Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
    Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Hosts File======

    127.0.0.1 www.newsleecher.com
    127.0.0.1 newsleecher.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com

    ======Security center information======

    AV: avast! Antivirus
    FW: ZoneAlarm Firewall

    ======System event log======

    Computer Name: SWEET-4688648EF
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service de l’iPod.

    Record Number: 65701
    Source Name: Service Control Manager
    Time Written: 20100218220518.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: SWEET-4688648EF
    Event Code: 10005
    Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem avec les arguments ""
    pour démarrer le serveur :
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Record Number: 65700
    Source Name: DCOM
    Time Written: 20100218213420.000000+060
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: SWEET-4688648EF
    Event Code: 7036
    Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

    Record Number: 65699
    Source Name: Service Control Manager
    Time Written: 20100218213415.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-4688648EF
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

    Record Number: 65698
    Source Name: Service Control Manager
    Time Written: 20100218213415.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: SWEET-4688648EF
    Event Code: 7036
    Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

    Record Number: 65697
    Source Name: Service Control Manager
    Time Written: 20100218213400.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: SWEET-4688648EF
    Event Code: 1904
    Message:
    Record Number: 12700
    Source Name: HHCTRL
    Time Written: 20100114215529.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-4688648EF
    Event Code: 1904
    Message:
    Record Number: 12699
    Source Name: HHCTRL
    Time Written: 20100114215529.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-4688648EF
    Event Code: 1904
    Message:
    Record Number: 12698
    Source Name: HHCTRL
    Time Written: 20100114215529.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-4688648EF
    Event Code: 1904
    Message:
    Record Number: 12697
    Source Name: HHCTRL
    Time Written: 20100114215529.000000+060
    Event Type: Informations
    User:

    Computer Name: SWEET-4688648EF
    Event Code: 1904
    Message:
    Record Number: 12696
    Source Name: HHCTRL
    Time Written: 20100114215529.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0c00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "tvdumpflags"=8
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    0
  7. kywaka
     
    pour jlpjlp :
    je suis absent jusqu'à lundi , je ne laisse pas tomber mais je n'aurais pas accès a mon pc avant

    Merci de ton aide
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok pour vérifier

    * Téléchargez mbr.exe de Gmer sur le Bureau : mbr.exe http://www2.gmer.net/mbr/mbr.exe
    * Désactivez vos protections et coupez la connexion.
    * Sous Windows XP : double-cliquez sur mbr.exe / Sous Windows Vista ou Seven, faites un clic-droit sur mbr.exe et choisissez "Exécuter en temps qu'administrateur"
    * Un rapport sera généré : mbr.log
    * En cas d'infection, le message MBR rootkit code detected va apparaître dans le rapport. Si c'est le cas, cliquez sur le Menu démarrer --> Exécuter, et tapez la commande suivante :
    o Sous XP : "%userprofile%\Bureau\mbr" -f
    o Sous Vista/Seven : "%userprofile%\Desktop\mbr" -f
    * Dans le mbr.log cette ligne apparaîtra : original MBR restored successfully !
    * Postez le rapport si cela vous a été demandé par un helpeur dans le Forum Virus / Sécurité.
    0
    1. kywaka
       
      bonsoir jlpjlp,

      je viens de faire tourner mbr et je n'ai pas l'impression d'avoir ce message, par contre le pc est tojours aussi lent
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remets un rapport malwarebyte 's antimalware après mise à jour de celui ci

    puis

    colle le rapport d'un antivirus en ligne <-- comme bitdefender ou panda ou nod32
    0
    1. kywaka
       
      copie de mam

      Malwarebytes' Anti-Malware 1.44
      Version de la base de données: 3838
      Windows 5.1.2600 Service Pack 2
      Internet Explorer 8.0.6001.18702

      08/03/2010 23:01:53
      mbam-log-2010-03-08 (23-01-37).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|)
      Eléments examinés: 268649
      Temps écoulé: 57 minute(s), 37 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)

      et une copie de bitdefender
      Info d'analyse

      Fichiers scanns 142124

      Infects Fichiers 6

      Virus Dtects
      Trojan.Dialer.BJ 1
      Application.Prockill.BD 1
      DeepScan:Generic.Malware.P!.3418D449 2
      Adware.Superbar.D 1
      Trojan.Packed.54845 1

      par contre le pc a l'air de retourner normalement , je n'ai plus de blocage de 10 mn avant de pouvoir l'utiliser , alors je ne sais pas si les problemes detectes par mam et bitdefender sont graves ?
      0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui a été trouvé par malwarebyte

    pour l'antivirus en ligne, il me faut le rapport donnant le nom des fichiers infectés et l'action effectuée de l'antivirus

    a plus
    0
    1. kywaka
       
      Pour jlpjlp,

      voila tout est rentré dans l'ordre visiblement plus de virus et le pc remarche correctement, même mieux il se ferme plus vite qu'avant
      un grand MERCI pour votre aide , internet à aussi ses bon cotés grave à des gens comme vous

      MERCI
      0
      1. kywaka > kywaka
         
        Je voulais dire graCe et pas grave :-)
        0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    si tu peux coller le rapport d'un scan en ligne pour bien vérifier
    0