Sujet Précédent Sujet Suivant

Infection

Résolu
tristan.h Messages postés 37 Statut Membre -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,

Depuis hier, suite à une mauvaise manip j'ai attrapé des trojans et virus apparemment.
Au démarrage j'ai des applications inconnues qui tentent de se lancer nommées Microsoft Windows kuyg#... que je bloque avec mon antivirus (application qui tentent d'écrire sur la base de registre). J'ai également des pages IE qui s'ouvrent spontanément pour des casinos...

J'ai fait un scan antivirus qui m'a supprimé qq trojans (également en ligne avec inoculer), des analyses avec spybot et ad aware qui m'ont supprimé qq truc mais j'ai toujours des pages IE qui s'ouvrent spontanément et quand j'essaye de supprimer les processus suspects du démarrage, ils se remettent automatiquement. De plus par moment il y a de forts ralentissements et FF plante.

Config :
Windows Vista SP1
Bitdefender Total Security
IE7 et FF3

Rapport hijackthis après demarrage : 

Logfile of HijackThis v1.99.1
Scan saved at 08:12:01, on 02/08/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\tristan.hervouet\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {0e684fcc-d8ec-449a-bfb4-d2295f1362ac} - {ca2631f5-922d-4bfb-a944-ce8dccf486e0} - C:\Windows\system32\yepazv.dll
O2 - BHO: (no name) - {DF938515-44E7-4966-807A-F0EBAD469B37} - C:\Windows\system32\hgGywUnN.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfEWPFw.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhpd32.rom,CKhRun
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Merci d'avance de votre aide...j'ai pas envie de formater...

28 réponses

  • 1
  • 2
Réponse 1 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

ne t'inquiète pas on va faire en sorte de nettoyer tout ça

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Avant de lancer le téléchargement
Clique droit sur le lien et tu choisis "enregistrer la cible du lien sous"
et tu le renomme par outil

=> /!\déconnecte toi d'internet et ferme toutes tes applications./!\

=>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

=> Double-clic sur outil,

=> /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

=> Attends que combofix ait terminé, un rapport sera créé.

=> réactive ton parefeu, ton antivirus, la garde de ton antispyware

=> copie/colle le rapport C:\ComboFix.txt

=> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

@+
1
Réponse 2 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir tristan,

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier

ensuite fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

Pense aussi à faire tes mises à jours régulièrement

Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
Java : ==> ici => https://www.java.com/fr/download/

Ces mises à jours sont très importantes pour la sécurité de ton PC.

N'installe qu'un seul parefeu !!
et bien sur qu'un antivirus

N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

* Tu peux aussi utiliser ces logiciels de sécurité

Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66

* Ensuite quelques conseils
L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67

* le navigateur

Essaye le navigateur Firefox plus sur/securisé qu IE
Firefox n'utilise pas le dangereux protocole ActiveX
* Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
* Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

Important
Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur


* Pour que ton pc retrouve un peu de jeunesse
* Pense a lancer une petite défragmentation.
* Utilise CCleaner régulièrement.
* Gère tes services grâce a ces 2 liens
==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
* Utilise Zeb Utility
une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html

Et pour finir

Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)

Indique aussi le nom du Forum qui t'a aidé

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+
1
Réponse 3 / 28
tristan.h Messages postés 37 Statut Membre
 
OK merci de ta réponse, je fais dès que je rentre 18H00. Je suis au boulot ce WE :-(

@ tt
0
Réponse 4 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
ok
@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
R0R0_84 Messages postés 82 Statut Membre 1
 
chapeaux ep44 cela n'aurais pas pus etre mieux expliquer !
Ah la securiter de la connaisance xD !
0
Réponse 6 / 28
tristan.h Messages postés 37 Statut Membre
 
OK j'ai bien essayé à plusieurs reprises mais ça plante desuite dès que le scan commence :
"interpreteur de commandes windows a cessé de fonctionner"

Je suis dépité
0
Réponse 7 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
as tu bien suivis les instructions

sinon supprime combofix cone ceci et ré-installe

click sur demarrer > executer > dans la boite de dialogue taper > combofix /u
( en respectant l´espace ) et valider par ok.

0
Réponse 8 / 28
tristan.h Messages postés 37 Statut Membre
 
OK je l'ai désinstallé et réinstallé, c'est pareil dès le début du scan.
Entre temps j'ai :
- coupé ma connexion, désinstallé bitdefender
- installer avast pro
- fait un scan au demarrage (rien trouvé)

Voici le détail de l'erreur du plantage de combofix

Signature du problème :
Nom d’événement de problème: APPCRASH
Nom de l’application: CF24211.exe
Version de l’application: 6.0.6001.18000
Horodatage de l'application: 47918bde
Nom du module par défaut: ntdll.dll
Version du module par défaut: 6.0.6001.18000
Horodateur du module par défaut: 4791a7a6
Code de l’exception: c00000fd
Décalage de l’exception: 0005a192
Version du système: 6.0.6001.2.1.0.256.1
Identificateur de paramètres régionaux: 1036
Information supplémentaire n° 1: 4369
Information supplémentaire n° 2: bf961dd615d71978b7c82cad3e68488b
Information supplémentaire n° 3: 4f6e
Information supplémentaire n° 4: a5a8b44cba91e29a91dce6d136f94775

Merci
0
Réponse 9 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour essaye sans le renommer

Si ca ne marche pas

suit ces instructions et prend cette version de HijackThis

1/ Télécharge sur le Bureau HijackThis

http://download.hijackthis.eu/HJTInstall.exe

* Double-clique sur dessus pour l'installer

* Laisse le s'installer par défaut
C:\Program Files\Trend Micro\HijackThis

* accepte la licence

* Ferme Hijackthis en cliquant sur la croix-rouge.

2/ Télécharge sur ton Bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

http://deckard.geekstogo.com/dss.exe

* Ferme toutes les applications en cours.

* Double-clic sur comboscan.exe pour lancer l'outil.

* Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

* A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.

@+
0
Réponse 10 / 28
tristan.h Messages postés 37 Statut Membre
 
Bonjour,

J'ai déjà testé sans le renommer c'est idem.
NB : après tout ça ya déjà moins de ralentissement mais : FF plante après quelques secondes, Spybot me trouve virtumonde, le suprime mais il se réinstalle à cq démarrage.

La manip : dès que je rentre du taf je m'y attaque.

@tt
0
Réponse 11 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
ok

@+
0
tristan.h Messages postés 37 Statut Membre
 
Voici le log suite à ta manip : 
Deckard's System Scanner v20071014.68
Run by tristan.hervouet on 2008-08-03 20:15:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-08-03 17:35:16 UTC - RP351 - Installed SUPERAntiSpyware Free Edition
8: 2008-08-03 17:31:43 UTC - RP350 - Spyware Terminator - restore point
7: 2008-08-03 06:05:26 UTC - RP348 - Supprimé Quake 4(TM)
6: 2008-08-03 05:58:32 UTC - RP346 - Removed Lost Planet Extreme Condition
5: 2008-08-02 21:34:15 UTC - RP345 - Windows Update


-- First Restore Point -- 
1: 2008-07-31 22:02:53 UTC - RP341 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as tristan.hervouet.exe) ------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-03 20:19:16
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Users\tristan.hervouet\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Users\tristan.hervouet\Desktop\hijackthis\tristan.hervouet.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F08F0AEB-40FE-4248-BCF6-7CE1CDDEA58E} - C:\Windows\system32\hgGywUnN.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMc7d276e0] Rundll32.exe "C:\Windows\system32\tnrbxyct.dll",s
O4 - HKLM\..\Run: [c4e1457c] rundll32.exe "C:\Windows\system32\ymukflqg.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhpd32.rom,CKhRun
O4 - HKCU\..\Run: [c4e1457c] rundll32.exe "C:\Windows\system32\ymukflqg.dll",b
O4 - HKCU\..\Run: [BMc7d276e0] Rundll32.exe "C:\Windows\system32\tnrbxyct.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\TRISTA~1.HER\AppData\Local\Temp\khfGxWoM.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll


O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: pwloaz.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\System32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wampapache - Apache Software Foundation - C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe


--
End of file - 11262 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7/COLOR
[COLOR=red].js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"/COLOR


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe <Not Verified; VoyagerSoft, LLC; Solid Converter PDF>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 wampapache - "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-02 23:44:14       440 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{30B5208F-E842-4190-A105-0E9761244DBA}.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 19:35:43         0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-03 19:35:31         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-03 19:10:35    141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-08-03 19:10:34         0 d-------- C:\Users\All Users\Spyware Terminator
2008-08-03 19:10:32         0 d-------- C:\Program Files\Spyware Terminator
2008-08-03 19:09:44         0 d-------- C:\Program Files\RogueRemover FREE
2008-08-02 22:53:34         0 d-------- C:\327882R2FWJFW
2008-08-02 21:58:28         0 d-------- C:\outil
2008-08-02 20:30:09         0 d-------- C:\Program Files\Alwil Software
2008-08-01 22:23:14         0 d-------- C:\Users\All Users\Secure Solutions
2008-08-01 19:49:02         0 d-------- C:\Users\All Users\Lavasoft
2008-08-01 19:49:02         0 d-------- C:\Program Files\Lavasoft
2008-08-01 19:24:29         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 19:13:28         0 d-------- C:\Windows\BDOSCAN8
2008-08-01 09:46:17       345 --ahs---- C:\Windows\system32\QXbHknnn.ini2
2008-08-01 01:15:33         0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-01 00:00:22    410363 --ahs---- C:\Windows\system32\NnUwyGgh.ini2
2008-07-31 22:53:47         0 d--hs---- C:\Windows\ftpcache
2008-07-31 22:25:43         0 d-------- C:\Program Files\id Software
2008-07-03 16:58:58     81984 --a------ C:\Windows\system32\bdod.bin


-- Find3M Report ---------------------------------------------------------------

2008-08-03 20:19:14    672084 --a------ C:\Windows\system32\perfh00C.dat
2008-08-03 20:19:13    124228 --a------ C:\Windows\system32\perfc00C.dat
2008-08-03 20:11:31        12 --a------ C:\Windows\bthservsdp.dat
2008-08-03 19:35:31         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\SUPERAntiSpyware.com
2008-08-03 19:11:00         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Spyware Terminator
2008-08-03 08:09:53         0 d--h----- C:\Program Files\InstallShield Installation Information

2008-08-02 23:37:57         0 d-------- C:\Program Files\Windows Mail
2008-08-02 20:27:37         0 d-------- C:\Program Files\BitDefender
2008-08-02 20:24:57         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Azureus
2008-08-01 19:24:29         0 d-------- C:\Program Files\Common Files
2008-07-31 20:47:17         0 d-------- C:\Program Files\Azureus
2008-07-25 19:54:14         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\SolidDocuments
2008-07-19 16:32:10         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Apple Computer
2008-07-02 14:59:46     49152 --a------ C:\Windows\Pyrenees-Orientales.scr
2008-07-02 14:59:46    875238 --a------ C:\Windows\Pyrenees-Orientales.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2008-07-01 15:05:56         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\gtk-2.0
2008-07-01 12:13:40         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\FileZilla
2008-06-30 18:41:40         0 d-------- C:\Program Files\FileZilla FTP Client
2008-06-30 18:28:31         0 d-------- C:\Program Files\Common Files\BitDefender
2008-06-27 09:33:41         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Sony
2008-06-26 22:50:08         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Sites
2008-06-26 22:50:08     15360 --a------ C:\Users\tristan.hervouet\AppData\Roaming\Settings.cfg
2008-06-26 22:50:08         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Classes de site
2008-06-25 22:30:32         0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-25 22:30:24         0 d-------- C:\Program Files\Sony
2008-06-25 22:30:24         0 d-------- C:\Program Files\Sony Ericsson
2008-06-25 22:26:21         0 d-------- C:\Program Files\Sony Setup
2008-06-23 22:06:16         0 d-------- C:\Program Files\GameHouse
2008-06-20 21:51:27         0 d-------- C:\Program Files\CapCom
2008-06-20 17:41:01         0 d-------- C:\Program Files\Nokia
2008-06-20 17:40:46         0 d-------- C:\Program Files\Common Files\Nokia
2008-06-20 17:37:09         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Nokia
2008-06-20 17:36:36         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\PC Suite
2008-06-14 07:23:53         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\U3
2008-06-13 10:10:35         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Gaijin Ent
2008-06-12 17:58:28         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Nokia Multimedia Player
2008-06-12 07:26:11         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Mozilla
2008-06-05 21:59:03         0 d-------- C:\Program Files\VSO
2008-06-05 21:58:30         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Vso
2008-06-05 21:50:40         0 d-------- C:\Program Files\JalbumWin
2008-06-05 06:56:27         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\JAlbum
2008-06-05 06:40:41         0 d-------- C:\Program Files\City Interactive
2008-06-03 23:36:03         0 d-------- C:\Program Files\Common Files\PCSuite
2008-06-03 23:35:06         0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-23 09:06:38     31007 --a------ C:\Users\tristan.hervouet\AppData\Roaming\UserTile.png


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25	57344	--a------	C:\Program Files\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-02-01 10:20	57224	--a------	C:\Program Files\eREAD6.0\WebHook.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08F0AEB-40FE-4248-BCF6-7CE1CDDEA58E}]
			C:\Windows\system32\hgGywUnN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 04:21]
"@"="" []
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-10-24 15:45]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 05:34]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38]
"BMc7d276e0"="C:\Windows\system32\tnrbxyct.dll" []
"c4e1457c"="C:\Windows\system32\ymukflqg.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:23]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:23]
"MSSMSGS"="winhpd32.rom,CKhRun" []
"c4e1457c"="C:\Windows\system32\ymukflqg.dll,b" []
"BMc7d276e0"="C:\Windows\system32\tnrbxyct.dll,s" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33]
"MSServer"="C:\Users\TRISTA~1.HER\AppData\Local\Temp\khfGxWoM.dll,#1" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 17:17:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=pwloaz.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\hgGywUnN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\rqRKCspQ.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
"C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup	GPSvc
WindowsMobile	wcescomm rapimgr
LocalServiceRestricted	WcesComm RapiMgr
bthsvcs	BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.bitdefender.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com

8941 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-03 20:20:34 ------------


ET le complément :
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Intégrale  (build 6001) SP 1.0
Architecture: X86; Language: French

CPU 0: Intel(R) Core(TM)2 CPU          6600  @ 2.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 3006.43 MiB / 2029.84 MiB
Pagefile Memory (total/avail): 6237.91 MiB / 5154.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1885.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.74 GiB total, 390.93 GiB free. 
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (CDFS)
H: is CDROM (No Media)
J: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 ATA Device - 465.76 GiB - 1 partition
  \PARTITION0 (bootable) - Système de fichiers installable - 465.74 GiB - C:

\\.\PHYSICALDRIVE1 - Intuix U3 USB Device - 957 MiB - 1 partition
  \PARTITION0 (bootable) - Unknown - 958.2 MiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1229 [VPS 080803-0] v4.8.1229 (ALWIL Software)
AS: Spybot - Search and Destroy v1.0.0.6 (Safer Networking Ltd.) [COLOR=RED]Disabled/COLOR
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 15, 0, 1000 (SUPERAntiSpyware.com)
AS: avast! antivirus 4.8.1229 [VPS 080803-0] v4.8.1229 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\tristan.hervouet\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-TRISTAN
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\tristan.hervouet
LOCALAPPDATA=C:\Users\tristan.hervouet\AppData\Local
LOGONSERVER=\\PC-DE-TRISTAN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\TRISTA~1.HER\AppData\Local\Temp
TMP=C:\Users\TRISTA~1.HER\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=PC-de-tristan
USERNAME=tristan.hervouet
USERPROFILE=C:\Users\tristan.hervouet
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

tristan.hervouet
Administrateur [I](new local, admin, net ready)/I


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
ACDSee 10 Gestionnaire de photos --> MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\ad19d2ae8332572b119cf35fd0a30d8\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\b2b4b1546e74314f8131ded43e4bd9d\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Setup --> MsiExec.exe /I{82503EA7-7E08-4AA8-90E9-BE4D0A6D453F}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D2E18162-47FB-4216-8AB3-F420C1AF75A4}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x40c 
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c 
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon CanoScan Toolbox 5.0 --> "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
CanoScan LiDE 70 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x000c
Coffret de pilotes Logitech QuickCam --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta) --> MsiExec.exe /X{30120000-00B2-040C-0000-0000000FF1CE}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Ext2 IFS 1.11 for Windows Vista --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT6.inf
FileZilla Client 3.0.11 --> C:\Program Files\FileZilla FTP Client\uninstall.exe
FTP Expert 3 --> "C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe"
Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
Gimp Pack Mode 2.4.2 --> "C:\Program Files\Gimp Pack Mode\unins000.exe"
HijackThis 1.99.1 --> C:\Users\tristan.hervouet\Desktop\hijackthis\HijackThis.exe /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
Modèles de sons Windows --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 8 --> MsiExec.exe /X{5E6EC4DD-7B1F-4E10-82B9-EA1B90791036}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Multimedia Factory --> "C:\ProgramData\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Updater --> MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Notification Live Search --> C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Package de pilotes Windows - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c 
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Programme de gestion Camera de Logitech® --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ScanSoft OmniPage 16 --> MsiExec.exe /X{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}
ScanSoft PDF Create! 4 --> MsiExec.exe /X{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SolidConverterPDF --> MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}
Sony Ericsson Media Manager 1.2 --> MsiExec.exe /X{5F1ECBFB-048E-406E-A7AB-A81F9E359961}
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WampServer 2.0 --> "c:\wamp\unins000.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type11059 / Error
Event Submitted/Written: 08/03/2008 08:13:33 PM
Event ID/Source: 10 / WinMgmt
Event Description:
//./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Event Record #/Type11058 / Success
Event Submitted/Written: 08/03/2008 08:13:33 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type11056 / Success
Event Submitted/Written: 08/03/2008 08:13:32 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type11053 / Success
Event Submitted/Written: 08/03/2008 08:13:21 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Le service de gestion des licences du logiciel a démarré.

Event Record #/Type11030 / Error
Event Submitted/Written: 08/03/2008 07:31:39 PM
Event ID/Source: 8194 / VSS
Event Description:
Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {547c638e-4f87-4aa4-897b-4e7a29e3e985}



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42787 / Error
Event Submitted/Written: 08/03/2008 08:13:19 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type42656 / Error
Event Submitted/Written: 08/03/2008 07:04:15 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type42527 / Error
Event Submitted/Written: 08/03/2008 07:54:51 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type42359 / Error
Event Submitted/Written: 08/02/2008 11:40:23 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type42334 / Warning
Event Submitted/Written: 08/02/2008 11:37:43 PM
Event ID/Source: 4376 / Microsoft-Windows-Servicing
Event Description:
Servicing a requis un redémarrage pour terminer la définition du package KB952709(Update) à l’état Installation demandée(Install Requested)



-- End of Deckard's System Scanner: finished at 2008-08-03 20:20:34 ------------


Note : je viens de tester superantispyware et suite au redemarrage ça à l'air de mieux fonctionner (plus de plantage de FF pour l'instant, moins de ralentissements.
C'est vrai qu'il y a des truc bizzare dans le log mais je ne voudrais pas supprimer n'importe quoi...

Merci.
0
Réponse 12 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68

=> Installe le
=> Ensuite va en mode sans echec

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

ensuite refais un rapport DSS stp
@+
0
Réponse 13 / 28
tristan.h Messages postés 37 Statut Membre
 
Voici, il a trouvé 20 éléments : 

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1020
Windows 6.0.6001 Service Pack 1

22:30:00 2008-08-03
mbam-log-8-3-2008 (22-29-54).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 201153
Temps écoulé: 24 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\Secure Solutions (Rogue.Multiple) -> No action taken.
C:\ProgramData\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> No action taken.

Fichier(s) infecté(s):
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B1J6EZF\ico[1] (Trojan.Vundo) -> No action taken.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B1J6EZF\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B1J6EZF\kb671231[2] (Trojan.Vundo) -> No action taken.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A77MVTW9\ico[1] (Trojan.Vundo) -> No action taken.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A77MVTW9\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3990UW1\kb671231[1] (Trojan.Vundo) -> No action taken.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSHHGPU4\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Windows\System32\lphc5u3j0e3e3.exe (Trojan.FakeAlert) -> No action taken.


<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Après désinfection : 
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1020
Windows 6.0.6001 Service Pack 1

22:30:13 2008-08-03
mbam-log-8-3-2008 (22-30-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 201153
Temps écoulé: 24 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B1J6EZF\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B1J6EZF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B1J6EZF\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A77MVTW9\ico[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A77MVTW9\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3990UW1\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\tristan.hervouet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSHHGPU4\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\lphc5u3j0e3e3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Tu penses que c'est bon ??
Merci.
0
Réponse 14 / 28
tristan.h Messages postés 37 Statut Membre
 
Voici le log DSS : 

Deckard's System Scanner v20071014.68
Run by tristan.hervouet on 2008-08-04 17:43:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as tristan.hervouet.exe) ------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-04 17:43:56
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Azureus\Azureus.exe
C:\Users\tristan.hervouet\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F08F0AEB-40FE-4248-BCF6-7CE1CDDEA58E} - C:\Windows\system32\hgGywUnN.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BMc7d276e0] Rundll32.exe "C:\Windows\system32\tnrbxyct.dll",s
O4 - HKLM\..\Run: [c4e1457c] rundll32.exe "C:\Windows\system32\ymukflqg.dll",b
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhpd32.rom,CKhRun
O4 - HKCU\..\Run: [c4e1457c] rundll32.exe "C:\Windows\system32\ymukflqg.dll",b
O4 - HKCU\..\Run: [BMc7d276e0] Rundll32.exe "C:\Windows\system32\tnrbxyct.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: pwloaz.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\System32\nvvsvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--
End of file - 10741 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 17:01:39         0 d-------- C:\Users\All Users\BitDefender
2008-08-03 21:31:24         0 d-------- C:\Users\All Users\Malwarebytes
2008-08-03 21:31:24         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 19:35:43         0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-03 19:35:31         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-02 22:53:34         0 d-------- C:\327882R2FWJFW
2008-08-02 21:58:28         0 d-------- C:\outil
2008-08-02 20:30:09         0 d-------- C:\Program Files\Alwil Software
2008-08-01 19:49:02         0 d-------- C:\Users\All Users\Lavasoft
2008-08-01 19:13:28         0 d-------- C:\Windows\BDOSCAN8
2008-08-01 09:46:17       345 --ahs---- C:\Windows\system32\QXbHknnn.ini2
2008-08-01 01:15:33         0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-01 00:00:22    410363 --ahs---- C:\Windows\system32\NnUwyGgh.ini2
2008-07-31 22:53:47         0 d--hs---- C:\Windows\ftpcache
2008-07-31 22:25:43         0 d-------- C:\Program Files\id Software


-- Find3M Report ---------------------------------------------------------------

2008-08-04 17:43:38     81984 --a------ C:\Windows\system32\bdod.bin
2008-08-04 17:43:36         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Azureus
2008-08-04 17:15:32    672084 --a------ C:\Windows\system32\perfh00C.dat
2008-08-04 17:15:31    124228 --a------ C:\Windows\system32\perfc00C.dat
2008-08-04 17:13:35         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\SUPERAntiSpyware.com
2008-08-04 17:13:32         0 d-------- C:\Program Files\Common Files
2008-08-04 17:03:20        12 --a------ C:\Windows\bthservsdp.dat
2008-08-04 17:02:58         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\BitDefender
2008-08-04 17:01:46         0 d-------- C:\Program Files\BitDefender
2008-08-04 17:00:37         0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-04 08:38:57         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\SolidDocuments
2008-08-03 21:31:27         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Malwarebytes
2008-08-03 08:09:53         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-02 23:37:57         0 d-------- C:\Program Files\Windows Mail
2008-07-31 20:47:17         0 d-------- C:\Program Files\Azureus
2008-07-19 16:32:10         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Apple Computer
2008-07-02 14:59:46     49152 --a------ C:\Windows\Pyrenees-Orientales.scr
2008-07-02 14:59:46    875238 --a------ C:\Windows\Pyrenees-Orientales.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2008-07-01 15:05:56         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\gtk-2.0
2008-07-01 12:13:40         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\FileZilla
2008-06-30 18:41:40         0 d-------- C:\Program Files\FileZilla FTP Client
2008-06-27 09:33:41         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Sony
2008-06-26 22:50:08         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Sites
2008-06-26 22:50:08     15360 --a------ C:\Users\tristan.hervouet\AppData\Roaming\Settings.cfg
2008-06-26 22:50:08         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Classes de site
2008-06-25 22:30:32         0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-25 22:30:24         0 d-------- C:\Program Files\Sony
2008-06-25 22:30:24         0 d-------- C:\Program Files\Sony Ericsson
2008-06-25 22:26:21         0 d-------- C:\Program Files\Sony Setup
2008-06-23 22:06:16         0 d-------- C:\Program Files\GameHouse
2008-06-20 21:51:27         0 d-------- C:\Program Files\CapCom
2008-06-20 17:41:01         0 d-------- C:\Program Files\Nokia
2008-06-20 17:40:46         0 d-------- C:\Program Files\Common Files\Nokia
2008-06-20 17:37:09         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Nokia
2008-06-20 17:36:36         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\PC Suite
2008-06-14 07:23:53         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\U3
2008-06-13 10:10:35         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Gaijin Ent
2008-06-12 17:58:28         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Nokia Multimedia Player
2008-06-12 07:26:11         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Mozilla
2008-06-05 21:59:03         0 d-------- C:\Program Files\VSO
2008-06-05 21:58:30         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Vso
2008-06-05 21:50:40         0 d-------- C:\Program Files\JalbumWin
2008-06-05 06:56:27         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\JAlbum
2008-06-05 06:40:41         0 d-------- C:\Program Files\City Interactive
2008-05-23 09:06:38     31007 --a------ C:\Users\tristan.hervouet\AppData\Roaming\UserTile.png


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25	57344	--a------	C:\Program Files\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-02-01 10:20	57224	--a------	C:\Program Files\eREAD6.0\WebHook.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08F0AEB-40FE-4248-BCF6-7CE1CDDEA58E}]
			C:\Windows\system32\hgGywUnN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 04:21]
"@"="" []
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-10-24 15:45]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 05:34]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46]
"BMc7d276e0"="C:\Windows\system32\tnrbxyct.dll" []
"c4e1457c"="C:\Windows\system32\ymukflqg.dll" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:23]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:23]
"MSSMSGS"="winhpd32.rom,CKhRun" []
"c4e1457c"="C:\Windows\system32\ymukflqg.dll,b" []
"BMc7d276e0"="C:\Windows\system32\tnrbxyct.dll,s" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 17:17:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=pwloaz.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\hgGywUnN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\rqRKCspQ.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
"C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup	GPSvc
WindowsMobile	wcescomm rapimgr
LocalServiceRestricted	WcesComm RapiMgr
bthsvcs	BthServ
bdx	scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-08-04 17:44:30 ------------
0
Réponse 15 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

Non ce n'est pas encore bon

peut tu réssayer de lancer combofix si tu ne peux pas on va essayer via d'autres outils mais surement plus difficile

J'attends ta réponse et en attendant je prépare la reste ;)

@+

0
Réponse 16 / 28
tristan.h Messages postés 37 Statut Membre
 
OK pas de soucis on peu continue là tout marche pas sauf ff qui plante rrrrrrrr...
Je retente un combofix déjà.
@ tt
0
Réponse 17 / 28
tristan.h Messages postés 37 Statut Membre
 
Bon déjà combofix marche maintenant, je l'ai exécuter et refait un log DSS que voici. Ah oui j'ai fait un scan hijackthis et posté sur le site hijackthis >> rien de suspect apparemment.
Un grand merci toi déjà, en + j'ai appris plein de truc.
Le log : 

Deckard's System Scanner v20071014.68
Run by tristan.hervouet on 2008-08-04 23:37:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as tristan.hervouet.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37, on 2008-08-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\conime.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Users\tristan.hervouet\Desktop\Sécurité\dss.exe
C:\Users\TRISTA~1.HER\Desktop\TRISTA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winhpd32.rom,CKhRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: pwloaz.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10172 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 21:56:51    161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 21:20:55     68096 --a------ C:\Windows\zip.exe
2008-08-04 21:20:54     49152 --a------ C:\Windows\VFind.exe
2008-08-04 21:20:54    136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 21:20:54     98816 --a------ C:\Windows\sed.exe
2008-08-04 21:20:54     80412 --a------ C:\Windows\grep.exe
2008-08-04 21:20:54     89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-04 21:20:37    212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 18:18:12         0 d-------- C:\Program Files\iPod
2008-08-04 18:18:10         0 d-------- C:\Program Files\iTunes
2008-08-04 18:13:12     90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-08-04 18:10:07         0 d-------- C:\Program Files\The Logo Creator v5
2008-08-04 17:01:39         0 d-------- C:\Users\All Users\BitDefender
2008-08-03 21:31:24         0 d-------- C:\Users\All Users\Malwarebytes
2008-08-03 21:31:24         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 19:35:43         0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-03 19:35:31         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-02 21:58:28         0 d-------- C:\outil
2008-08-02 20:30:09         0 d-------- C:\Program Files\Alwil Software
2008-08-01 19:49:02         0 d-------- C:\Users\All Users\Lavasoft
2008-08-01 19:13:28         0 d-------- C:\Windows\BDOSCAN8
2008-08-01 01:15:33         0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-31 22:53:47         0 d--hs---- C:\Windows\ftpcache
2008-07-31 22:25:43         0 d-------- C:\Program Files\id Software


-- Find3M Report ---------------------------------------------------------------

2008-08-04 23:37:54     81984 --a------ C:\Windows\system32\bdod.bin
2008-08-04 22:46:03    672084 --a------ C:\Windows\system32\perfh00C.dat
2008-08-04 22:46:03    124228 --a------ C:\Windows\system32\perfc00C.dat
2008-08-04 22:38:58        12 --a------ C:\Windows\bthservsdp.dat
2008-08-04 21:58:46         0 d-------- C:\Program Files\Common Files
2008-08-04 21:22:35         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Azureus
2008-08-04 18:16:53         0 d-------- C:\Program Files\QuickTime
2008-08-04 17:13:35         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\SUPERAntiSpyware.com
2008-08-04 17:02:58         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\BitDefender
2008-08-04 17:01:46         0 d-------- C:\Program Files\BitDefender
2008-08-04 17:00:37         0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-04 08:38:57         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\SolidDocuments
2008-08-03 21:31:27         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Malwarebytes
2008-08-03 08:09:53         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-02 23:37:57         0 d-------- C:\Program Files\Windows Mail
2008-07-31 20:47:17         0 d-------- C:\Program Files\Azureus
2008-07-19 16:32:10         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Apple Computer
2008-07-02 14:59:46     49152 --a------ C:\Windows\Pyrenees-Orientales.scr
2008-07-02 14:59:46    875238 --a------ C:\Windows\Pyrenees-Orientales.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2008-07-01 15:05:56         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\gtk-2.0
2008-07-01 12:13:40         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\FileZilla
2008-06-30 18:41:40         0 d-------- C:\Program Files\FileZilla FTP Client
2008-06-27 09:33:41         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Sony
2008-06-26 22:50:08         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Sites
2008-06-26 22:50:08     15360 --a------ C:\Users\tristan.hervouet\AppData\Roaming\Settings.cfg
2008-06-26 22:50:08         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Classes de site
2008-06-25 22:30:32         0 d-------- C:\Program Files\Common Files\Sony Shared
2008-06-25 22:30:24         0 d-------- C:\Program Files\Sony
2008-06-25 22:30:24         0 d-------- C:\Program Files\Sony Ericsson
2008-06-25 22:26:21         0 d-------- C:\Program Files\Sony Setup
2008-06-23 22:06:16         0 d-------- C:\Program Files\GameHouse
2008-06-20 21:51:27         0 d-------- C:\Program Files\CapCom
2008-06-20 17:41:01         0 d-------- C:\Program Files\Nokia
2008-06-20 17:40:46         0 d-------- C:\Program Files\Common Files\Nokia
2008-06-20 17:37:09         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Nokia
2008-06-20 17:36:36         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\PC Suite
2008-06-14 07:23:53         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\U3
2008-06-13 10:10:35         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Gaijin Ent
2008-06-12 17:58:28         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Nokia Multimedia Player
2008-06-12 07:26:11         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Mozilla
2008-06-05 21:59:03         0 d-------- C:\Program Files\VSO
2008-06-05 21:58:30         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\Vso
2008-06-05 21:50:40         0 d-------- C:\Program Files\JalbumWin
2008-06-05 06:56:27         0 d-------- C:\Users\tristan.hervouet\AppData\Roaming\JAlbum
2008-06-05 06:40:41         0 d-------- C:\Program Files\City Interactive
2008-05-23 09:06:38     31007 --a------ C:\Users\tristan.hervouet\AppData\Roaming\UserTile.png


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25	57344	--a------	C:\Program Files\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-02-01 10:20	57224	--a------	C:\Program Files\eREAD6.0\WebHook.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-10-24 15:45]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 05:34]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:23]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:23]
"MSSMSGS"="winhpd32.rom,CKhRun" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 17:17:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=pwloaz.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
"C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup	GPSvc
WindowsMobile	wcescomm rapimgr
LocalServiceRestricted	WcesComm RapiMgr
bthsvcs	BthServ
bdx	scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-08-04 23:38:24 ------------
0
Réponse 18 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
ok très bien combofix a bien nettoyer ton système
mais il aurait fallu le rapport pour que je puisse vérifier ce qu'il peut y rester

tu le trouveras dans C:\ComboFix.txt
@+
0
Réponse 19 / 28
tristan.h Messages postés 37 Statut Membre
 
Voici : 

ComboFix 08-08-03.05 - tristan.hervouet 2008-08-04 21:57:11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale   6.0.6001.1.1252.1.1036.18.2118 [GMT 2:00]
Endroit: C:\Users\tristan.hervouet\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((   Fichiers créés 2008-07-04 to 2008-08-04  ))))))))))))))))))))))))))))))))))))
.

2008-08-04 18:18 . 2008-08-04 18:18	<REP>	d--------	C:\Program Files\iTunes
2008-08-04 18:18 . 2008-08-04 18:18	<REP>	d--------	C:\Program Files\iPod
2008-08-04 18:13 . 2004-03-29 16:23	90,112	--a------	C:\Windows\unvise32.exe
2008-08-04 18:10 . 2008-08-04 18:13	<REP>	d--------	C:\Program Files\The Logo Creator v5
2008-08-04 17:02 . 2008-08-04 17:02	<REP>	d--------	C:\Users\tristan.hervouet\AppData\Roaming\BitDefender
2008-08-04 17:01 . 2008-08-04 17:02	<REP>	d--------	C:\Users\All Users\BitDefender
2008-08-04 17:01 . 2008-08-04 17:02	<REP>	d--------	C:\ProgramData\BitDefender
2008-08-03 21:31 . 2008-08-03 21:31	<REP>	d--------	C:\Users\tristan.hervouet\AppData\Roaming\Malwarebytes
2008-08-03 21:31 . 2008-08-03 21:31	<REP>	d--------	C:\Users\All Users\Malwarebytes
2008-08-03 21:31 . 2008-08-03 21:31	<REP>	d--------	C:\ProgramData\Malwarebytes
2008-08-03 21:31 . 2008-08-03 21:31	<REP>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 21:31 . 2008-07-30 20:07	38,472	--a------	C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-03 21:31 . 2008-07-30 20:07	17,144	--a------	C:\Windows\System32\drivers\mbam.sys
2008-08-03 20:15 . 2008-08-03 20:15	<REP>	d--------	C:\Deckard
2008-08-03 19:35 . 2008-08-04 17:13	<REP>	d--------	C:\Users\tristan.hervouet\AppData\Roaming\SUPERAntiSpyware.com
2008-08-03 19:35 . 2008-08-03 19:35	<REP>	d--------	C:\Users\All Users\SUPERAntiSpyware.com
2008-08-03 19:35 . 2008-08-03 19:35	<REP>	d--------	C:\ProgramData\SUPERAntiSpyware.com
2008-08-03 19:35 . 2008-08-04 17:13	<REP>	d--------	C:\Program Files\SUPERAntiSpyware
2008-08-02 23:33 . 2008-06-26 03:45	12,240,896	--a------	C:\Windows\System32\NlsLexicons0007.dll
2008-08-02 23:33 . 2008-06-26 03:45	2,644,480	--a------	C:\Windows\System32\NlsLexicons0009.dll
2008-08-02 23:33 . 2008-06-26 05:29	801,280	--a------	C:\Windows\System32\NaturalLanguage6.dll
2008-08-02 23:32 . 2008-04-26 10:25	3,600,952	--a------	C:\Windows\System32\ntkrnlpa.exe
2008-08-02 23:32 . 2008-04-26 10:25	3,549,240	--a------	C:\Windows\System32\ntoskrnl.exe
2008-08-02 23:32 . 2008-04-26 10:26	891,448	--a------	C:\Windows\System32\drivers\tcpip.sys
2008-08-02 23:32 . 2008-04-12 05:32	784,896	--a------	C:\Windows\System32\rpcrt4.dll
2008-08-02 23:32 . 2008-05-10 05:35	564,736	--a------	C:\Windows\System32\emdmgmt.dll
2008-08-02 23:32 . 2008-04-05 03:21	72,192	--a------	C:\Windows\System32\drivers\pacer.sys
2008-08-02 23:32 . 2008-04-05 05:34	15,360	--a------	C:\Windows\System32\pacerprf.dll
2008-08-02 23:30 . 2008-05-08 23:59	430,080	--a------	C:\Windows\System32\vbscript.dll
2008-08-02 23:30 . 2008-05-08 23:59	180,224	--a------	C:\Windows\System32\scrobj.dll
2008-08-02 23:30 . 2008-05-08 23:59	172,032	--a------	C:\Windows\System32\scrrun.dll
2008-08-02 23:30 . 2008-05-08 23:59	155,648	--a------	C:\Windows\System32\wscript.exe
2008-08-02 23:30 . 2008-05-08 23:58	135,168	--a------	C:\Windows\System32\wshom.ocx
2008-08-02 23:30 . 2008-05-08 23:58	135,168	--a------	C:\Windows\System32\cscript.exe
2008-08-02 23:30 . 2008-05-08 23:59	90,112	--a------	C:\Windows\System32\wshext.dll
2008-08-02 21:58 . 2008-08-02 21:58	<REP>	d--------	C:\outil
2008-08-02 20:30 . 2008-08-02 20:30	<REP>	d--------	C:\Program Files\Alwil Software
2008-08-01 19:49 . 2008-08-03 20:53	<REP>	d--------	C:\Users\All Users\Lavasoft
2008-08-01 19:49 . 2008-08-03 20:53	<REP>	d--------	C:\ProgramData\Lavasoft
2008-08-01 19:13 . 2008-08-01 19:41	<REP>	d--------	C:\Windows\BDOSCAN8
2008-08-01 09:54 . 2008-08-01 09:55	294	--a------	C:\Windows\System32\owdfklrw.tmp
2008-08-01 09:53 . 2008-08-01 09:55	233	---hs----	C:\Windows\System32\owdfklrw.ini
2008-08-01 01:31 . 2008-08-01 01:31	97	--a------	C:\Windows\wininit.ini
2008-08-01 01:15 . 2008-08-04 08:35	<REP>	d--------	C:\Users\All Users\Spybot - Search & Destroy
2008-08-01 01:15 . 2008-08-04 08:35	<REP>	d--------	C:\ProgramData\Spybot - Search & Destroy
2008-08-01 01:15 . 2008-08-04 08:35	<REP>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-07-31 23:54 . 2008-07-31 23:54	33,792	--a------	C:\Windows\System32\winhpd32.rom
2008-07-31 22:53 . 2008-07-31 22:53	<REP>	d--hs----	C:\Windows\ftpcache
2008-07-31 22:25 . 2008-07-31 22:25	<REP>	d--------	C:\Program Files\id Software

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 20:12	81,984	----a-w	C:\Windows\System32\bdod.bin
2008-08-04 19:22	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Azureus
2008-08-04 16:16	---------	d-----w	C:\Program Files\QuickTime
2008-08-04 15:01	---------	d-----w	C:\Program Files\BitDefender
2008-08-04 15:00	---------	d-----w	C:\Program Files\Common Files\BitDefender
2008-08-04 06:38	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\SolidDocuments
2008-08-03 06:09	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-02 21:37	---------	d-----w	C:\Program Files\Windows Mail
2008-08-02 21:35	---------	d-----w	C:\ProgramData\Microsoft Help
2008-07-31 18:47	---------	d-----w	C:\Program Files\Azureus
2008-07-19 14:32	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Apple Computer
2008-07-02 12:59	875,238	----a-w	C:\Windows\Pyrenees-Orientales.exe
2008-07-02 12:59	49,152	----a-w	C:\Windows\Pyrenees-Orientales.scr
2008-07-01 13:05	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\gtk-2.0
2008-07-01 10:13	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\FileZilla
2008-06-30 16:41	---------	d-----w	C:\Program Files\FileZilla FTP Client
2008-06-27 07:40	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-27 07:33	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Sony
2008-06-27 07:33	---------	d-----w	C:\ProgramData\Sony
2008-06-26 20:50	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Sites
2008-06-26 20:50	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Classes de site
2008-06-25 21:03	21,672	----a-w	C:\Windows\system32\drivers\ggsemc.sys
2008-06-25 21:03	13,352	----a-w	C:\Windows\system32\drivers\ggflt.sys
2008-06-25 21:02	---------	d-----w	C:\ProgramData\Sony Ericsson
2008-06-25 20:30	---------	d-----w	C:\Program Files\Sony Ericsson
2008-06-25 20:30	---------	d-----w	C:\Program Files\Sony
2008-06-25 20:30	---------	d-----w	C:\Program Files\Common Files\Sony Shared
2008-06-25 20:26	---------	d-----w	C:\Program Files\Sony Setup
2008-06-25 20:21	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-25 20:14	---------	d-----w	C:\ProgramData\BVRP Software
2008-06-23 20:06	---------	d-----w	C:\Program Files\GameHouse
2008-06-20 19:51	---------	d-----w	C:\Program Files\CapCom
2008-06-20 15:42	---------	d-----w	C:\ProgramData\Nokia
2008-06-20 15:41	---------	d-----w	C:\Program Files\Nokia
2008-06-20 15:40	---------	d-----w	C:\ProgramData\Installations
2008-06-20 15:40	---------	d-----w	C:\Program Files\Common Files\Nokia
2008-06-20 15:37	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Nokia
2008-06-20 15:36	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\PC Suite
2008-06-18 05:57	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-14 05:23	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\U3
2008-06-13 08:10	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Gaijin Ent
2008-06-12 15:58	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Nokia Multimedia Player
2008-06-09 08:07	---------	d-----w	C:\ProgramData\NVIDIA
2008-06-05 19:59	---------	d-----w	C:\Program Files\VSO
2008-06-05 19:58	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\Vso
2008-06-05 19:50	---------	d-----w	C:\Program Files\JalbumWin
2008-06-05 04:56	---------	d-----w	C:\Users\tristan.hervouet\AppData\Roaming\JAlbum
2008-06-05 04:40	---------	d-----w	C:\Program Files\City Interactive
2008-05-27 05:21	1,582,592	----a-w	C:\Windows\System32\tquery.dll
2008-05-27 05:21	1,418,240	----a-w	C:\Windows\System32\mssrch.dll
2008-05-27 05:17	87,552	----a-w	C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17	87,552	----a-w	C:\Windows\System32\mssitlb.dll
2008-05-27 05:17	754,176	----a-w	C:\Windows\System32\propsys.dll
2008-05-27 05:17	60,416	----a-w	C:\Windows\System32\msscntrs.dll
2008-05-27 05:17	6,103,040	----a-w	C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17	34,816	----a-w	C:\Windows\System32\msscb.dll
2008-05-27 05:17	32,768	----a-w	C:\Windows\System32\mssprxy.dll
2008-05-27 05:17	313,344	----a-w	C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17	301,568	----a-w	C:\Windows\System32\srchadmin.dll
2008-05-27 05:17	194,560	----a-w	C:\Windows\System32\offfilt.dll
2008-05-27 05:17	143,872	----a-w	C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17	11,776	----a-w	C:\Windows\System32\msshooks.dll
2008-05-27 05:17	1,671,680	----a-w	C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59	18,904	----a-w	C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59	106,605	----a-w	C:\Windows\System32\StructuredQuerySchema.bin
2008-03-31 15:32	47,360	----a-w	C:\Users\tristan.hervouet\AppData\Roaming\pcouffin.sys
2008-01-21 02:41	174	--sha-w	C:\Program Files\desktop.ini
2008-04-17 10:57	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-17 10:57	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-17 10:57	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-08-04_21.40.47.04   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-04 19:36:13	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-04 19:55:09	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-04 19:55:09	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-04 19:36:41	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-04 19:56:33	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-04 19:56:33	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-04 19:37:26	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-04 19:56:28	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-04 19:56:28	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-04 15:11:06	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-04 19:36:28	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-04 15:11:06	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 19:36:28	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 15:11:06	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-04 19:36:28	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-04 16:11:04	101,896	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-08-04 20:05:29	101,896	----a-w	C:\Windows\System32\perfc009.dat
- 2008-08-04 16:11:04	124,228	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-08-04 20:05:29	124,228	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-08-04 16:11:04	589,884	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-08-04 20:05:29	589,884	----a-w	C:\Windows\System32\perfh009.dat
- 2008-08-04 16:11:04	672,084	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-08-04 20:05:29	672,084	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-08-04 15:10:09	9,720	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231782478-2301343587-1217985927-1000_UserData.bin
+ 2008-08-04 19:56:51	10,140	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231782478-2301343587-1217985927-1000_UserData.bin
- 2008-08-04 15:10:09	106,146	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-04 19:56:51	107,050	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-04 15:10:06	51,890	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-04 19:56:50	51,898	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:23 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:27 219520]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:23 202240]
"MSSMSGS"="winhpd32.rom" [2008-07-31 23:54 33792 C:\Windows\System32\winhpd32.rom]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-10-24 15:45 1418752]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 05:34 868352]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - C:\Users\tristan.hervouet\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-06-06 17:17:08 152616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pwloaz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 1410344 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2007-02-06 17:43 252704 C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
--a------ 2007-07-20 09:50 328992 C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-02-20 17:19 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2007-01-24 12:21 563080 C:\Windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3231782478-2301343587-1217985927-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A08ECA5D-6090-47A8-95BC-3D98D456DEC3}C:\\kav\\kis7.0\\french\\setup.exe"= UDP:C:\kav\kis7.0\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"UDP Query User{845646CC-6864-4C37-B174-ECAB7B6C3DD7}C:\\kav\\kis7.0\\french\\setup.exe"= TCP:C:\kav\kis7.0\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"{1B890770-20E4-4456-8BB2-207B9464DEF6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3FA6B3D5-C4BF-48AD-B4C0-03756037FF9B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44C0CB6A-42BB-47F4-B39E-FA208D199B08}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C1D44612-3105-4269-8B7A-BD37898DE24F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D05E7230-FC87-481B-A10B-5AAF251A997A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{14D07FE2-EEF6-4001-A56E-BFBE6578E773}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{301216B9-B6BC-49E2-864F-8CB05DA19864}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{C9A04A98-5638-40B9-BB31-DE18886E1980}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{15A6E26A-C3D4-444E-B44A-337A1AC305E4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{04B14E45-2BAA-4640-8D90-20E1E74648CE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 Ext2fs;Ext2fs;C:\Windows\system32\DRIVERS\ext2fs.sys [2008-01-20 17:56]
R1 IfsMount;IfsMount;C:\Windows\system32\DRIVERS\ifsmount.sys [2007-12-29 19:50]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-06-25 23:03]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
bdx	REG_MULTI_SZ   	scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-04 C:\Windows\Tasks\User_Feed_Synchronization-{30B5208F-E842-4190-A105-0E9761244DBA}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 04:23]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\tristan.hervouet\AppData\Roaming\Mozilla\Firefox\Profiles\zymy1itz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 22:13:08
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-08-04 22:34:45
ComboFix-quarantined-files.txt  2008-08-04 20:29:59
ComboFix2.txt  2008-08-04 19:41:32

Pre-Run: 379,212,132,352 octets libres
Post-Run: 379,169,497,088 octets libres

292	--- E O F ---	2008-08-02 21:37:44
0
Réponse 20 / 28
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\Windows\System32\owdfklrw.tmp
C:\Windows\System32\owdfklrw.ini
C:\Windows\System32\winhpd32.rom
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

ensuite redémarre ton PC et dit moi si tu as encore des soucis et comment ce comorte ton PC

@+

0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses