Ordi infecté par virus alert
pcswtl
Messages postés
28
Statut
Membre
-
8454124 -
8454124 -
Bonjour,
Après un téléchargement mon ordi marque dans la barre de tache à droite "virus alert". je n'ai
plus de menu dans la barre demarrer, je ne peux plus acceder au panneau de configuration,
et depuis peu je n'ai plus de connexion internet, je passe par mon portale. j'ai xp pro,
antivirus kaspersky à jour et adaware.
je viens d'utliser Deckard's System Scanner et voila mes fichiers main et extra
et voila
main.txt
Deckard's System Scanner v20071014.68
Run by Christophe on 2008-07-17 12:52:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-07-17 10:52:08 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-07-16 15:00:32 UTC - RP3 - Installé Ad-Aware
2: 2008-07-16 14:59:37 UTC - RP2 - Supprimé Ad-Aware 2007
1: 2008-07-16 14:16:29 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-17 12:54:09
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Programmes\Acrobat reader\Reader\reader_sl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Programmes\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Diagonal\Commun\Integrateur\Intégrateur Diagonal.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
D:\Programmes\Webshots\Webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christophe\Bureau\dss.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Programmes\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - D:\Programmes\Webshots\WSToolbar4IE.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "D:\Programmes\E carte bleue\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmes\Acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [lphcg6jj0ea3g] C:\WINDOWS\system32\lphcg6jj0ea3g.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = D:\Programmes\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Intégrateur Diagonal 32 bits.lnk = C:\Program Files\Diagonal\Commun\Integrateur\Intégrateur Diagonal.exe
O4 - Global Startup: NCProTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] p=ZKfox000
O8 - Extra context menu item: &Webshots Photo Search - res://D:\Programmes\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///CProgram%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com [...] 0_4_13.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///CProgram%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/p [...] wflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: evgratsm - {14192694-7B4A-400B-AF24-DB5947B9DB5E} - C:\WINDOWS\evgratsm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programmes\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11139 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*/COLOR
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*/COLOR
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NCPro - c:\windows\system32\drivers\mtictwl.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 W8335XP (TENDA TWL541C(P) Wireless Net Card) - c:\windows\system32\drivers\mrv8335xp.sys <Not Verified; Tenda, Inc; Device driver for Tenda TWL541C(P)NIC>
S3 catchme - c:\docume~1\christ~1\locals~1\temp\catchme.sys (file missing)
S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys
S3 usb_rndisx (USB RNDIS Adapter) - c:\windows\system32\drivers\usb8023x.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - d:\programmes\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&1
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&1
Service: a7jrfbe5
-- Files created between 2008-06-17 and 2008-07-17 -----------------------------
2008-07-17 09:07:53 0 d-------- C:\Program Files\Navilog1
2008-07-17 08:46:12 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-17 08:45:37 0 d-------- C:\WINDOWS\Internet Logs
2008-07-16 21:09:21 3232 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-16 17:00:33 0 d-------- C:\Program Files\Lavasoft
2008-07-16 15:59:48 0 d-------- C:\Documents and Settings\Christophe\Application Data\TmpRecentIcons
2008-07-16 15:59:25 253952 --a------ C:\WINDOWS\evgratsm.dll
2008-07-16 15:59:25 163840 --a------ C:\WINDOWS\eprt.exe
2008-07-16 15:59:25 102400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-16 15:59:12 60928 --a------ C:\WINDOWS\system32\blphcg6jj0ea3g.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-29 09:23:06 148480 --a------ C:\WINDOWS\system32\TLBINF32.dll <Not Verified; Microsoft Corporation; Object Navigator, Visual Basic>
2008-06-29 09:23:06 311296 --a------ C:\WINDOWS\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport>
2008-06-29 09:23:06 32768 --a------ C:\WINDOWS\system32\CmDlgFR.dll <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-29 09:23:03 0 d-------- C:\Program Files\Easycuisine
2008-06-27 21:14:47 15397 --a------ C:\Program Files\settings.dat
2008-06-27 21:14:46 253116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9656.exe <Not Verified; pdfforge.org; PDFCreator>
2008-06-27 21:14:45 0 d-------- C:\Program Files\PDFCreator Toolbar
2008-06-27 21:14:26 196608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll <Not Verified; internet-support foehr.com; RedMon EE>
2008-06-27 21:14:25 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-27 21:14:25 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-27 21:14:25 59904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-27 21:14:24 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-06-25 16:22:26 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-06-25 16:22:24 0 d-------- C:\Program Files\MyWebSearch
-- Find3M Report ---------------------------------------------------------------
2008-07-17 12:53:36 477072 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-17 12:53:36 77916 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-17 12:52:51 0 d-------- C:\Documents and Settings\Christophe\Application Data\Skype
2008-07-17 12:14:21 0 d-------- C:\Documents and Settings\Christophe\Application Data\skypePM
2008-07-16 21:08:34 2564 --a------ C:\Documents and Settings\Christophe\Application Data\QuickZip45.ini
2008-07-16 16:59:44 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-16 13:58:13 0 d-------- C:\Program Files\Java
2008-07-09 08:34:07 0 d-------- C:\Program Files\IncrediMail
2008-07-02 13:13:43 0 d-------- C:\Documents and Settings\Christophe\Application Data\uTorrent
2008-06-12 11:59:10 0 d-------- C:\Documents and Settings\Christophe\Application Data\Adobe
2008-06-12 11:58:10 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-12 11:58:07 0 d-------- C:\Program Files\Fichiers communs
2008-06-12 11:58:07 0 d-------- C:\Program Files\Fichiers communs\Vbox
2008-06-12 11:57:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 11:01:27 0 d-------- C:\Program Files\e-Carte Bleue LCL
2008-06-11 21:53:47 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-11 21:22:18 0 d-------- C:\Program Files\Sierra On-Line
2008-06-11 21:06:33 0 d-------- C:\Program Files\Yahoo!
2008-06-11 12:38:33 0 d-------- C:\Program Files\Messenger
2008-06-11 12:38:09 0 d-------- C:\Program Files\Movie Maker
2008-06-11 12:35:11 0 d-------- C:\Program Files\Windows NT
2008-06-11 11:37:57 0 d-------- C:\Program Files\PowerQuest
2008-05-23 21:00:09 0 d-------- C:\Program Files\SEC
2008-05-22 16:54:00 0 d-------- C:\Documents and Settings\Christophe\Application Data\Webshots
2008-05-20 18:07:07 0 d-------- C:\Program Files\Virtools
2008-05-20 18:07:06 1799 --a------ C:\WINDOWS\mozver.dat
2008-05-18 14:18:06 0 d-------- C:\Documents and Settings\Christophe\Application Data\Sun
2008-05-18 14:17:53 0 d-------- C:\Program Files\Sun
2008-05-18 14:14:46 0 d-------- C:\Program Files\Fichiers communs\Java
2008-05-17 20:49:21 0 d-------- C:\Documents and Settings\Christophe\Application Data\U3
2008-05-13 18:10:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-22 16:15:52 4608 --a------ C:\WINDOWS\system32\9VVK_349.DLL
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [28/03/2006 16:48: VIRUS ALERT!]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [26/01/2005 19:02: VIRUS ALERT!]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [10/04/2006 15:58: VIRUS ALERT!]
"eCarteBleue-CLEO"="D:\Programmes\E carte bleue\ECB-CLEO.exe" []
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12: VIRUS ALERT!]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 15:34: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="D:\Programmes\Acrobat reader\Reader\Reader_sl.exe" [11/01/2008 22:16: VIRUS ALERT!]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" []
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"lphcg6jj0ea3g"="C:\WINDOWS\system32\lphcg6jj0ea3g.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [18/12/2007 01:43: VIRUS ALERT!]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [13/04/2008 19:34: VIRUS ALERT!]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [06/07/2008 18:43: VIRUS ALERT!]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 15:07: VIRUS ALERT!]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/02/2008 20:24: VIRUS ALERT!]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45: VIRUS ALERT!]
C:\Documents and Settings\Christophe\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - D:\Programmes\Webshots\Launcher.exe [16/07/2008 15:06:16]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [19/03/2008 02:31:20]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [25/02/2008 19:57:38]
Int‚grateur Diagonal 32 bits.lnk - C:\Program Files\Diagonal\Commun\Integrateur\Int‚grateur Diagonal.exe [21/12/2007 10:08:50]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [23/05/2008 21:00:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"evgratsm"= {14192694-7B4A-400B-AF24-DB5947B9DB5E} - C:\WINDOWS\evgratsm.dll [16/07/2008 14:29: VIRUS ALERT! 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\Programmes\Acrobat reader\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Programmes\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoDesk3d]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
"D:\Programmes\EoRezo\EoDesk3d\ItsTV.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d131be23-2440-11dd-a1bd-001e8c255e8a}]
AutoRun\command- N:\LaunchU3.exe -a
-- Hosts -----------------------------------------------------------------------
127.255.255.255 serial.alcohol-soft.com
-- End of Deckard's System Scanner: finished at 2008-07-17 12:59:34 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professionnel (build 2600) SP 3.0
Architecture: X86; Language: French
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 6400+
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.42 MiB / 1608.01 MiB
Pagefile Memory (total/avail): 3938.35 MiB / 3673.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.63 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.69 GiB total, 51.11 GiB free.
D: is Fixed (NTFS) - 298.09 GiB total, 292.28 GiB free.
E: is Fixed (NTFS) - 232.88 GiB total, 78.42 GiB free.
F: is Removable (FAT)
G: is CDROM (No Media)
H: is CDROM (No Media)
L: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - HDS722580VLSA80 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 76.69 GiB - C:
\\.\PHYSICALDRIVE2 - MAXTOR STM3250820AS - 232.89 GiB - 1 partition
\PARTITION0 - Système de fichiers installable - 232.88 GiB - E:
\\.\PHYSICALDRIVE0 - SAMSUNG HD320KJ - 298.09 GiB - 1 partition
\PARTITION0 - Système de fichiers installable - 298.09 GiB - D:
\\.\PHYSICALDRIVE3 - ChipsBnk Flash Disk USB Device - 470.65 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 471.14 MiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Christophe\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=PARTICUL-ZR3NQB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christophe
LOGONSERVER=\\PARTICUL-ZR3NQB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
USERDOMAIN=PARTICUL-ZR3NQB
USERNAME=Christophe
USERPROFILE=C:\Documents and Settings\Christophe
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Christophe [I](admin)/I
L2MFIX [I](new local, admin)/I
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
"Installation de Easycuisine" --> C:\PROGRA~1\EASYCU~1\UNWISE.EXE C:\PROGRA~1\EASYCU~1\INSTALL.LOG
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe GoLive 6.0 (FRA) --> "C:\Program Files\InstallShield Installation Information\{013C6546-E90F-48C6-8682-12158A3B795E}\setup.exe"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN040C.EXE -f"D:\Programmes\Adobe Photoshop\Uninst.isu" -c"D:\Programmes\Adobe Photoshop\Uninst.dll"
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe SVG Viewer 3.0 --> C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
ATI - Utilitaire de désinstallation du logiciel --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "D:\Programmes\Audacity\unins000.exe"
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x40c Brunin03.dll -removeonly
CloneDVD2 --> "D:\Programmes\CloneDVD2\CloneDVD2-uninst.exe" /D="D:\Programmes\CloneDVD2"
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Counter-Strike: Source --> D:\Jeux\Css\Uninstall.exe
DicoMalin --> MsiExec.exe /I{6AED1D2D-493C-48FB-9A49-83FA7563065F}
e-Carte Bleue LCL --> "C:\Program Files\InstallShield Installation Information\{3D6B54EF-65E4-4624-8709-03A3BBE2C240}\setup.exe" -runfromtemp -l0x040c -removeonly
e-Carte Bleue VISA Cléo --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ECBCLEO.INF, DefaultUninstall.ntx86
EasyRecovery Professional --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1036
eMule --> "D:\Programmes\eMule\Uninstall.exe"
Extension Système de Microsoft Money --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Football Manager 2008 --> "D:\Jeux\FM2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Frontlines: Fuel of War --> "C:\Program Files\InstallShield Installation Information\{C711E88C-9DC2-4254-A989-D6E017844DDF}\setup.exe" -runfromtemp -l0x040c -removeonly
FTP Expert 3 --> C:\WINDOWS\iun6002.exe "D:\Programmes\FTP expert\irunin.ini"
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
ItsTV 3.0 --> "D:\Programmes\EoRezo\EoDesk3d\unins001.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.8.0 Full --> "D:\Programmes\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kyodai Mahjongg 2006 v1.42 --> "D:\Programmes\Kyodai Mahjongg 2006\unins000.exe"
Ma-Config.com plugin --> MsiExec.exe /I{6F06A42D-525C-49ED-8622-E16790956CD8}
Mahjong Escape - Ancient China --> C:\Program Files\Mahjong Escape - Ancient China\uninstall.exe
Mahjong Escape Ancient Japan (remove only) --> D:\Programmes\Mahjong Escape Ancient Japan\Uninstall.exe
Mahjong Garden To Go --> "C:\Program Files\Mahjong Garden To Go\ReflexiveArcade\unins000.exe"
Mahjong World --> "C:\Program Files\Mahjong World\ReflexiveArcade\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money --> MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Natural Color Pro --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Navilog1 3.6.0 --> "C:\Program Files\Navilog1\unins000.exe"
Nero 8 --> MsiExec.exe /X{88589E19-665C-4575-A4A0-CE9C43C51036}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PDFCreator --> D:\Programmes\PDFCreator\unins000.exe
PDFCreator Toolbar --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9656.exe" _?=C:\Program Files\PDFCreator Toolbar
PowerQuest PartitionMagic 8.0 Demo --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Programme de gestion Camera de Logitech® --> "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Quick Zip 4.60.019 --> "D:\Programmes\QuickZip4\unins000.exe"
RT2500 Wireless LAN Card --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SierraHome Print Artist 8 --> C:\WINDOWS\IsUn040c.exe -f"d:\programmes\print artist\Uninst.isu" -c"d:\programmes\print artist\Uninstpa.DLL"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Sweet Home 3D version 1.2.1 --> "D:\Programmes\Sweet Home 3D\unins000.exe"
THE SETTLERS - Bâtisseurs d'Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x040c -removeonly
Theme Hospital --> C:\WINDOWS\unin040c.exe -f"d:\jeux\THEME HOSPITAL\DeIsL1.isu"
Turbo Lister 2 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
TWL541C(P) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FD6904D-AF75-407B-BE42-39970517EA9D}\setup.exe" -l0x9 -removeonly
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
WebShot --> "D:\Programmes\WebShot\unins000.exe"
Webshots Desktop --> "D:\Programmes\Webshots\unins000.exe"
Webshots Toolbar --> D:\Programmes\Webshots\ToolbarUninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type5545 / Error
Event Submitted/Written: 07/17/2008 00:57:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Event Record #/Type5544 / Error
Event Submitted/Written: 07/17/2008 00:56:44 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas.
Event Record #/Type5543 / Error
Event Submitted/Written: 07/17/2008 00:55:59 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Event Record #/Type5542 / Error
Event Submitted/Written: 07/17/2008 00:55:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Event Record #/Type5541 / Error
Event Submitted/Written: 07/17/2008 00:54:55 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type13572 / Error
Event Submitted/Written: 07/17/2008 00:49:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13554 / Error
Event Submitted/Written: 07/17/2008 00:34:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13528 / Error
Event Submitted/Written: 07/17/2008 00:24:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13503 / Error
Event Submitted/Written: 07/17/2008 00:12:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13480 / Error
Event Submitted/Written: 07/17/2008 10:51:23 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
-- End of Deckard's System Scanner: finished at 2008-07-17 12:59:34 ------------
merci beaucoup de votre aide !!!
Après un téléchargement mon ordi marque dans la barre de tache à droite "virus alert". je n'ai
plus de menu dans la barre demarrer, je ne peux plus acceder au panneau de configuration,
et depuis peu je n'ai plus de connexion internet, je passe par mon portale. j'ai xp pro,
antivirus kaspersky à jour et adaware.
je viens d'utliser Deckard's System Scanner et voila mes fichiers main et extra
et voila
main.txt
Deckard's System Scanner v20071014.68
Run by Christophe on 2008-07-17 12:52:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-07-17 10:52:08 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-07-16 15:00:32 UTC - RP3 - Installé Ad-Aware
2: 2008-07-16 14:59:37 UTC - RP2 - Supprimé Ad-Aware 2007
1: 2008-07-16 14:16:29 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-17 12:54:09
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Programmes\Acrobat reader\Reader\reader_sl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Programmes\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Diagonal\Commun\Integrateur\Intégrateur Diagonal.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
D:\Programmes\Webshots\Webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christophe\Bureau\dss.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Programmes\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - D:\Programmes\Webshots\WSToolbar4IE.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "D:\Programmes\E carte bleue\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmes\Acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [lphcg6jj0ea3g] C:\WINDOWS\system32\lphcg6jj0ea3g.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = D:\Programmes\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Intégrateur Diagonal 32 bits.lnk = C:\Program Files\Diagonal\Commun\Integrateur\Intégrateur Diagonal.exe
O4 - Global Startup: NCProTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] p=ZKfox000
O8 - Extra context menu item: &Webshots Photo Search - res://D:\Programmes\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///CProgram%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com [...] 0_4_13.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///CProgram%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/p [...] wflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: evgratsm - {14192694-7B4A-400B-AF24-DB5947B9DB5E} - C:\WINDOWS\evgratsm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programmes\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11139 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*/COLOR
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*/COLOR
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NCPro - c:\windows\system32\drivers\mtictwl.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 W8335XP (TENDA TWL541C(P) Wireless Net Card) - c:\windows\system32\drivers\mrv8335xp.sys <Not Verified; Tenda, Inc; Device driver for Tenda TWL541C(P)NIC>
S3 catchme - c:\docume~1\christ~1\locals~1\temp\catchme.sys (file missing)
S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys
S3 usb_rndisx (USB RNDIS Adapter) - c:\windows\system32\drivers\usb8023x.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - d:\programmes\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&1
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&1
Service: a7jrfbe5
-- Files created between 2008-06-17 and 2008-07-17 -----------------------------
2008-07-17 09:07:53 0 d-------- C:\Program Files\Navilog1
2008-07-17 08:46:12 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-17 08:45:37 0 d-------- C:\WINDOWS\Internet Logs
2008-07-16 21:09:21 3232 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-16 17:00:33 0 d-------- C:\Program Files\Lavasoft
2008-07-16 15:59:48 0 d-------- C:\Documents and Settings\Christophe\Application Data\TmpRecentIcons
2008-07-16 15:59:25 253952 --a------ C:\WINDOWS\evgratsm.dll
2008-07-16 15:59:25 163840 --a------ C:\WINDOWS\eprt.exe
2008-07-16 15:59:25 102400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-16 15:59:12 60928 --a------ C:\WINDOWS\system32\blphcg6jj0ea3g.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-29 09:23:06 148480 --a------ C:\WINDOWS\system32\TLBINF32.dll <Not Verified; Microsoft Corporation; Object Navigator, Visual Basic>
2008-06-29 09:23:06 311296 --a------ C:\WINDOWS\system32\MSDBRPT.DLL <Not Verified; Microsoft Corporation; MSDataReport>
2008-06-29 09:23:06 32768 --a------ C:\WINDOWS\system32\CmDlgFR.dll <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-29 09:23:03 0 d-------- C:\Program Files\Easycuisine
2008-06-27 21:14:47 15397 --a------ C:\Program Files\settings.dat
2008-06-27 21:14:46 253116 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9656.exe <Not Verified; pdfforge.org; PDFCreator>
2008-06-27 21:14:45 0 d-------- C:\Program Files\PDFCreator Toolbar
2008-06-27 21:14:26 196608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll <Not Verified; internet-support foehr.com; RedMon EE>
2008-06-27 21:14:25 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-27 21:14:25 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-27 21:14:25 59904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-06-27 21:14:24 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-06-25 16:22:26 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-06-25 16:22:24 0 d-------- C:\Program Files\MyWebSearch
-- Find3M Report ---------------------------------------------------------------
2008-07-17 12:53:36 477072 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-17 12:53:36 77916 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-17 12:52:51 0 d-------- C:\Documents and Settings\Christophe\Application Data\Skype
2008-07-17 12:14:21 0 d-------- C:\Documents and Settings\Christophe\Application Data\skypePM
2008-07-16 21:08:34 2564 --a------ C:\Documents and Settings\Christophe\Application Data\QuickZip45.ini
2008-07-16 16:59:44 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-16 13:58:13 0 d-------- C:\Program Files\Java
2008-07-09 08:34:07 0 d-------- C:\Program Files\IncrediMail
2008-07-02 13:13:43 0 d-------- C:\Documents and Settings\Christophe\Application Data\uTorrent
2008-06-12 11:59:10 0 d-------- C:\Documents and Settings\Christophe\Application Data\Adobe
2008-06-12 11:58:10 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-12 11:58:07 0 d-------- C:\Program Files\Fichiers communs
2008-06-12 11:58:07 0 d-------- C:\Program Files\Fichiers communs\Vbox
2008-06-12 11:57:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 11:01:27 0 d-------- C:\Program Files\e-Carte Bleue LCL
2008-06-11 21:53:47 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-11 21:22:18 0 d-------- C:\Program Files\Sierra On-Line
2008-06-11 21:06:33 0 d-------- C:\Program Files\Yahoo!
2008-06-11 12:38:33 0 d-------- C:\Program Files\Messenger
2008-06-11 12:38:09 0 d-------- C:\Program Files\Movie Maker
2008-06-11 12:35:11 0 d-------- C:\Program Files\Windows NT
2008-06-11 11:37:57 0 d-------- C:\Program Files\PowerQuest
2008-05-23 21:00:09 0 d-------- C:\Program Files\SEC
2008-05-22 16:54:00 0 d-------- C:\Documents and Settings\Christophe\Application Data\Webshots
2008-05-20 18:07:07 0 d-------- C:\Program Files\Virtools
2008-05-20 18:07:06 1799 --a------ C:\WINDOWS\mozver.dat
2008-05-18 14:18:06 0 d-------- C:\Documents and Settings\Christophe\Application Data\Sun
2008-05-18 14:17:53 0 d-------- C:\Program Files\Sun
2008-05-18 14:14:46 0 d-------- C:\Program Files\Fichiers communs\Java
2008-05-17 20:49:21 0 d-------- C:\Documents and Settings\Christophe\Application Data\U3
2008-05-13 18:10:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-04-22 16:15:52 4608 --a------ C:\WINDOWS\system32\9VVK_349.DLL
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [28/03/2006 16:48: VIRUS ALERT!]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [26/01/2005 19:02: VIRUS ALERT!]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [10/04/2006 15:58: VIRUS ALERT!]
"eCarteBleue-CLEO"="D:\Programmes\E carte bleue\ECB-CLEO.exe" []
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12: VIRUS ALERT!]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 15:34: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="D:\Programmes\Acrobat reader\Reader\Reader_sl.exe" [11/01/2008 22:16: VIRUS ALERT!]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" []
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"lphcg6jj0ea3g"="C:\WINDOWS\system32\lphcg6jj0ea3g.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [18/12/2007 01:43: VIRUS ALERT!]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [13/04/2008 19:34: VIRUS ALERT!]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [06/07/2008 18:43: VIRUS ALERT!]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 15:07: VIRUS ALERT!]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [17/02/2008 20:24: VIRUS ALERT!]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23/04/2008 17:45: VIRUS ALERT!]
C:\Documents and Settings\Christophe\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - D:\Programmes\Webshots\Launcher.exe [16/07/2008 15:06:16]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [19/03/2008 02:31:20]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [25/02/2008 19:57:38]
Int‚grateur Diagonal 32 bits.lnk - C:\Program Files\Diagonal\Commun\Integrateur\Int‚grateur Diagonal.exe [21/12/2007 10:08:50]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [23/05/2008 21:00:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"evgratsm"= {14192694-7B4A-400B-AF24-DB5947B9DB5E} - C:\WINDOWS\evgratsm.dll [16/07/2008 14:29: VIRUS ALERT! 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\Programmes\Acrobat reader\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Programmes\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoDesk3d]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
"D:\Programmes\EoRezo\EoDesk3d\ItsTV.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d131be23-2440-11dd-a1bd-001e8c255e8a}]
AutoRun\command- N:\LaunchU3.exe -a
-- Hosts -----------------------------------------------------------------------
127.255.255.255 serial.alcohol-soft.com
-- End of Deckard's System Scanner: finished at 2008-07-17 12:59:34 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professionnel (build 2600) SP 3.0
Architecture: X86; Language: French
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 6400+
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.42 MiB / 1608.01 MiB
Pagefile Memory (total/avail): 3938.35 MiB / 3673.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.63 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.69 GiB total, 51.11 GiB free.
D: is Fixed (NTFS) - 298.09 GiB total, 292.28 GiB free.
E: is Fixed (NTFS) - 232.88 GiB total, 78.42 GiB free.
F: is Removable (FAT)
G: is CDROM (No Media)
H: is CDROM (No Media)
L: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - HDS722580VLSA80 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 76.69 GiB - C:
\\.\PHYSICALDRIVE2 - MAXTOR STM3250820AS - 232.89 GiB - 1 partition
\PARTITION0 - Système de fichiers installable - 232.88 GiB - E:
\\.\PHYSICALDRIVE0 - SAMSUNG HD320KJ - 298.09 GiB - 1 partition
\PARTITION0 - Système de fichiers installable - 298.09 GiB - D:
\\.\PHYSICALDRIVE3 - ChipsBnk Flash Disk USB Device - 470.65 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 471.14 MiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Christophe\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=PARTICUL-ZR3NQB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christophe
LOGONSERVER=\\PARTICUL-ZR3NQB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
USERDOMAIN=PARTICUL-ZR3NQB
USERNAME=Christophe
USERPROFILE=C:\Documents and Settings\Christophe
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Christophe [I](admin)/I
L2MFIX [I](new local, admin)/I
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
"Installation de Easycuisine" --> C:\PROGRA~1\EASYCU~1\UNWISE.EXE C:\PROGRA~1\EASYCU~1\INSTALL.LOG
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe GoLive 6.0 (FRA) --> "C:\Program Files\InstallShield Installation Information\{013C6546-E90F-48C6-8682-12158A3B795E}\setup.exe"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN040C.EXE -f"D:\Programmes\Adobe Photoshop\Uninst.isu" -c"D:\Programmes\Adobe Photoshop\Uninst.dll"
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe SVG Viewer 3.0 --> C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
ATI - Utilitaire de désinstallation du logiciel --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "D:\Programmes\Audacity\unins000.exe"
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x40c Brunin03.dll -removeonly
CloneDVD2 --> "D:\Programmes\CloneDVD2\CloneDVD2-uninst.exe" /D="D:\Programmes\CloneDVD2"
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Counter-Strike: Source --> D:\Jeux\Css\Uninstall.exe
DicoMalin --> MsiExec.exe /I{6AED1D2D-493C-48FB-9A49-83FA7563065F}
e-Carte Bleue LCL --> "C:\Program Files\InstallShield Installation Information\{3D6B54EF-65E4-4624-8709-03A3BBE2C240}\setup.exe" -runfromtemp -l0x040c -removeonly
e-Carte Bleue VISA Cléo --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ECBCLEO.INF, DefaultUninstall.ntx86
EasyRecovery Professional --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1036
eMule --> "D:\Programmes\eMule\Uninstall.exe"
Extension Système de Microsoft Money --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Football Manager 2008 --> "D:\Jeux\FM2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Frontlines: Fuel of War --> "C:\Program Files\InstallShield Installation Information\{C711E88C-9DC2-4254-A989-D6E017844DDF}\setup.exe" -runfromtemp -l0x040c -removeonly
FTP Expert 3 --> C:\WINDOWS\iun6002.exe "D:\Programmes\FTP expert\irunin.ini"
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
ItsTV 3.0 --> "D:\Programmes\EoRezo\EoDesk3d\unins001.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.8.0 Full --> "D:\Programmes\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kyodai Mahjongg 2006 v1.42 --> "D:\Programmes\Kyodai Mahjongg 2006\unins000.exe"
Ma-Config.com plugin --> MsiExec.exe /I{6F06A42D-525C-49ED-8622-E16790956CD8}
Mahjong Escape - Ancient China --> C:\Program Files\Mahjong Escape - Ancient China\uninstall.exe
Mahjong Escape Ancient Japan (remove only) --> D:\Programmes\Mahjong Escape Ancient Japan\Uninstall.exe
Mahjong Garden To Go --> "C:\Program Files\Mahjong Garden To Go\ReflexiveArcade\unins000.exe"
Mahjong World --> "C:\Program Files\Mahjong World\ReflexiveArcade\unins000.exe"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money --> MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Natural Color Pro --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Navilog1 3.6.0 --> "C:\Program Files\Navilog1\unins000.exe"
Nero 8 --> MsiExec.exe /X{88589E19-665C-4575-A4A0-CE9C43C51036}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c
PDFCreator --> D:\Programmes\PDFCreator\unins000.exe
PDFCreator Toolbar --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9656.exe" _?=C:\Program Files\PDFCreator Toolbar
PowerQuest PartitionMagic 8.0 Demo --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Programme de gestion Camera de Logitech® --> "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Quick Zip 4.60.019 --> "D:\Programmes\QuickZip4\unins000.exe"
RT2500 Wireless LAN Card --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SierraHome Print Artist 8 --> C:\WINDOWS\IsUn040c.exe -f"d:\programmes\print artist\Uninst.isu" -c"d:\programmes\print artist\Uninstpa.DLL"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Sweet Home 3D version 1.2.1 --> "D:\Programmes\Sweet Home 3D\unins000.exe"
THE SETTLERS - Bâtisseurs d'Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x040c -removeonly
Theme Hospital --> C:\WINDOWS\unin040c.exe -f"d:\jeux\THEME HOSPITAL\DeIsL1.isu"
Turbo Lister 2 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
TWL541C(P) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FD6904D-AF75-407B-BE42-39970517EA9D}\setup.exe" -l0x9 -removeonly
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
WebShot --> "D:\Programmes\WebShot\unins000.exe"
Webshots Desktop --> "D:\Programmes\Webshots\unins000.exe"
Webshots Toolbar --> D:\Programmes\Webshots\ToolbarUninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type5545 / Error
Event Submitted/Written: 07/17/2008 00:57:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Event Record #/Type5544 / Error
Event Submitted/Written: 07/17/2008 00:56:44 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas.
Event Record #/Type5543 / Error
Event Submitted/Written: 07/17/2008 00:55:59 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Event Record #/Type5542 / Error
Event Submitted/Written: 07/17/2008 00:55:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Event Record #/Type5541 / Error
Event Submitted/Written: 07/17/2008 00:54:55 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type13572 / Error
Event Submitted/Written: 07/17/2008 00:49:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13554 / Error
Event Submitted/Written: 07/17/2008 00:34:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13528 / Error
Event Submitted/Written: 07/17/2008 00:24:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13503 / Error
Event Submitted/Written: 07/17/2008 00:12:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
Event Record #/Type13480 / Error
Event Submitted/Written: 07/17/2008 10:51:23 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service My Web Search Service n'a pas pu démarrer en raison de l'erreur :
%%3
-- End of Deckard's System Scanner: finished at 2008-07-17 12:59:34 ------------
merci beaucoup de votre aide !!!
A voir également:
- Ordi infecté par virus alert
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Virus mcafee - Accueil - Piratage
- Ordi scrabble - Télécharger - Jeux vidéo
- Ecran ordi a l'envers - Guide
8 réponses
j'ai kaspersky en antivirus et il m'en a déjà mis pas mal en quarantaine mais apparemment ce qu'il reste est bien plus coriace que prévu
Bonjour
" Vas sur eMule (par exemple) et télécharge: Malwarebytes Anti-Malware v1.20 Multilanguage+ Keygen................. "
Pour attraper une infection de plus ?
Tu en as déjà plusieurs...
Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Déconnecte-toi, ferme toute tes applications et désactive tes défenses ( anti-virus, anti-spyware,...) le temps de la manip !!
Installe le soft à la racine de C:\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) .
Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Utilisation ---> option 1 / Recherche :
Double clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite .
(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
" Vas sur eMule (par exemple) et télécharge: Malwarebytes Anti-Malware v1.20 Multilanguage+ Keygen................. "
Pour attraper une infection de plus ?
Tu en as déjà plusieurs...
Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Déconnecte-toi, ferme toute tes applications et désactive tes défenses ( anti-virus, anti-spyware,...) le temps de la manip !!
Installe le soft à la racine de C:\ ( et pas ailleurs! --->"C\:SmitfraudFix.exe" ) .
Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Utilisation ---> option 1 / Recherche :
Double clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite .
(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
Salut,
Déjà pour commencer tu vois bien que l'antivirus que tu utilise ne t'as servi à rien...
Commence déjà par en prendre un qui est plus rapide comme avast 4.8 Celui ci fait aussi bien que des "norton" et compagnie mais présente l'avantage de ne pas ralentir excessivement ta machine... En plus, il se met à jour tout le temps...
Pour ce qui est de ton problème, je pense avoir la solution... Vas sur eMule (par exemple) et télécharge: Malwarebytes Anti-Malware v1.20 Multilanguage+ Keygen.................
Si tu veux, je le possède et je peux te l'envoyer par mail aussi... Le fichier est très léger (2,09 Mo)
Tu fais ensuite un scan complet en "minutieux" et tu attend le résultat...
Un dernier conseil: arrête de tout mettre en quarantaine!!!! Si un antivirus trouve un virus, c'est poubelle direct!!!
Ca ne sert a rien de garder des souvenirs d'infections.....
Déjà pour commencer tu vois bien que l'antivirus que tu utilise ne t'as servi à rien...
Commence déjà par en prendre un qui est plus rapide comme avast 4.8 Celui ci fait aussi bien que des "norton" et compagnie mais présente l'avantage de ne pas ralentir excessivement ta machine... En plus, il se met à jour tout le temps...
Pour ce qui est de ton problème, je pense avoir la solution... Vas sur eMule (par exemple) et télécharge: Malwarebytes Anti-Malware v1.20 Multilanguage+ Keygen.................
Si tu veux, je le possède et je peux te l'envoyer par mail aussi... Le fichier est très léger (2,09 Mo)
Tu fais ensuite un scan complet en "minutieux" et tu attend le résultat...
Un dernier conseil: arrête de tout mettre en quarantaine!!!! Si un antivirus trouve un virus, c'est poubelle direct!!!
Ca ne sert a rien de garder des souvenirs d'infections.....
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
