Se connecter / S'enregistrer
Votre question

Pages blanche sur certains sites.

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Octobre 2010 22:17:08

Bonjour à tous.
J'ai un problème depuis quelques jours. Lorsque j'essaye de me connecter sur certains sites (des sites de forum ou des blogs par exemple). Je me retrouve redirigé vers un autre lien qui affiche une page blanche. J'utilise Firefox et lorsque je clique sur la petit flèche noire vers le bas (qui montre les pages récentes consultées) je vois que l'URL du site que je veux consulter à la base à un wyciwig://*/http://... avec * un chiffre qui indique le nombre de tentative d'afficher la page du site.
J'ai été infecté par des trojans que je pense avoir désinfecté avec MBAM .
Est-ce que le problème vient d'une infection , d'un antivirus ou d'une mauvaise configuration de firefox ??

Merci

Autres pages sur : pages blanche certains sites

25 Octobre 2010 00:41:24

Bonsoir,

*Télécharge RSIT (merci random/random) sur le Bureau : Ici
Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
-Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès dans ton pare-feu si demandé et accepte la licence).
Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
Poste le contenu de log.txt (celui qui s' ouvre) ainsi que info.txt qui est dans la Barre des Tâches

NB : Ces rapports sont enregistrés dans le dossier C:\rsit

A+
25 Octobre 2010 09:15:58

Merci pour la réponse !

Voila les rapports :

log.txt ->


Logfile of random's system information tool 1.08 (written by random/random)
Run by Moreau at 2010-10-25 09:13:44
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 103 GB (78%) free of 131 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:13:49, on 25/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
E:\Antivirus\a-squared Free\a2service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\deamon tools\daemon.exe
C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
E:\logiciel gravure\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
E:\power dvd\PDVDServ.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Moreau\Bureau\RSIT.exe
C:\Program Files\trend micro\Moreau.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchqu.com/sidebar.html?src=ssb&sysid=403
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/sidebar.html?src=ssb&sysid=403
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/sidebar.html?src=ssb&sysid=403
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\real player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\deamon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RemoteControl] "E:\power dvd\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "E:\power dvd\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] E:\Vidéos\Autres\RD_www.warcity.org\DLD.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Moreau\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [IJKUK66HMN] C:\DOCUME~1\Moreau\LOCALS~1\Temp\Ild.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol...
O17 - HKLM\System\CCS\Services\Tcpip\..\{152A4E2A-294D-46EF-8EE5-5D2198E5CA40}: NameServer = 93.188.164.126,93.188.160.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{289C97E2-B76E-4AB9-8A93-1269B84B66A1}: NameServer = 93.188.164.126,93.188.160.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6EF567-6BD6-4265-A364-73A0079D09B8}: NameServer = 93.188.164.126,93.188.160.206
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.126,93.188.160.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{152A4E2A-294D-46EF-8EE5-5D2198E5CA40}: NameServer = 93.188.164.126,93.188.160.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.126,93.188.160.206
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Antivirus\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fun4IM Coordinator - Discordia Limited - C:\PROGRA~1\Fun4IM\Bandoo.exe
O23 - Service: Service Google Update (gupdate1c98dc55d6e27c6) (gupdate1c98dc55d6e27c6) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NMSAccessU - Unknown owner - E:\logiciel gravure\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 16332 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\ddcb7344.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2009-12-16 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\real player\rpbrowserrecordplugin.dll [2008-07-21 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]
Searchqu Toolbar - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll [2010-02-10 87488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-10 1233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\SearchSettings.dll [2009-12-16 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
BandooIEPlugin Class - C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll [2010-08-23 2195456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-08-22 218160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2009-12-16 700416]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-10 1233288]
{7FF99715-3016-4381-84CE-E4E4C9673020} - Searchqu Toolbar - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll [2010-02-10 87488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\System32\xRaidSetup.exe [2007-03-21 1953792]
"GamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-02-14 380928]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"DAEMON Tools-1033"=E:\deamon tools\daemon.exe [2004-08-22 81920]
"TrueImageMonitor.exe"=C:\Program Files\Micro Application\TrueImage\TrueImageMonitor.exe [2005-11-28 1009044]
"Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2005-11-28 118784]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-07-21 185896]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"RemoteControl"=E:\power dvd\PDVDServ.exe [2007-01-08 68640]
"LanguageShortcut"=E:\power dvd\Language\Language.exe [2007-01-08 52256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-12-16 975360]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"DATAMNGR"=C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [2010-08-22 796608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DLD.EXE"=E:\Vidéos\Autres\RD_www.warcity.org\DLD.exe []
"RayV"=C:\Program Files\RayV\RayV\RayV.exe [2010-06-28 2561320]
"Octoshape Streaming Services"=C:\Documents and Settings\Moreau\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]
"IJKUK66HMN"=C:\DOCUME~1\Moreau\LOCALS~1\Temp\Ild.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-05-27 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\UUSEE\UUSeePlayer.exe"="E:\UUSEE\UUSeePlayer.exe:*:Enabled:UUPlayer"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Cygwin\usr\X11R6\bin\XWin.exe"="C:\Cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"E:\station ripper\StationRipper\StationRipperConsole.exe"="E:\station ripper\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
"E:\Program Files\TVAnts\Tvants.exe"="E:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"E:\Sopcast\adv\SopAdver.exe"="E:\Sopcast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"E:\Sopcast\SopCast.exe"="E:\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\JEU PES 2009\pes2009.exe"="E:\JEU PES 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
"E:\mutorrent\uTorrent.exe"="E:\mutorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\Program Files\ma-config.com\maconfservice.exe"="E:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
"E:\PES 2009\pes2009.exe"="E:\PES 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Blood bowl\Blood Bowl\BB.exe"="E:\Blood bowl\Blood Bowl\BB.exe:*:Enabled:Blood Bowl"
"E:\Blood bowl\Blood Bowl\Autorun\Exe\Autorun.exe"="E:\Blood bowl\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun"
"E:\Blood bowl\Blood Bowl\Blood Bowl\BB.exe"="E:\Blood bowl\Blood Bowl\Blood Bowl\BB.exe:*:Enabled:Blood Bowl"
"E:\Blood bowl\Blood Bowl\Blood Bowl\Autorun\Exe\Autorun.exe"="E:\Blood bowl\Blood Bowl\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Program Files\RayV\RayV\RayV.dll"="C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV"
"E:\pes 2010\pes2010.exe"="E:\pes 2010\pes2010.exe:*:Enabled:p ro Evolution Soccer 2010"
"C:\Documents and Settings\Moreau\Application Data\RayV\Viewer\RayV.dll"="C:\Documents and Settings\Moreau\Application Data\RayV\Viewer\RayV.dll:*:Enabled:RayV"
"E:\Lol\League of Legends\Air\LolClient.exe"="E:\Lol\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"E:\Lol\League of Legends\Game\League of Legends.exe"="E:\Lol\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"E:\2K11\nba2k11.exe"="E:\2K11\nba2k11.exe:*:Enabled:NBA 2K11"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"
"E:\JEU PES 2011\pes2011.exe"="E:\JEU PES 2011\pes2011.exe:*:Enabled:p ro Evolution Soccer 2011"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

======List of files/folders created in the last 1 months======

2010-10-25 09:13:44 ----D---- C:\rsit
2010-10-25 09:13:44 ----D---- C:\Program Files\trend micro
2010-10-24 21:32:25 ----D---- C:\Documents and Settings\Moreau\Application Data\Malwarebytes
2010-10-24 21:23:52 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-24 21:23:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-24 21:23:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-21 17:39:28 ----D---- C:\Documents and Settings\All Users\Application Data\KONAMI
2010-10-19 19:05:16 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-10-18 20:09:32 ----D---- C:\Documents and Settings\Moreau\Application Data\Bandoo
2010-10-18 19:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Bandoo
2010-10-18 19:30:27 ----D---- C:\Documents and Settings\Moreau\Application Data\searchqutb
2010-10-18 19:30:24 ----D---- C:\Documents and Settings\All Users\Application Data\Fun4IM
2010-10-18 19:30:23 ----D---- C:\Program Files\Windows Searchqu Toolbar
2010-10-18 19:30:23 ----D---- C:\Program Files\Fun4IM
2010-10-18 19:29:25 ----D---- C:\Program Files\icons
2010-10-16 21:25:44 ----D---- C:\Documents and Settings\Moreau\Application Data\Octoshape

======List of files/folders modified in the last 1 months======

2010-10-25 09:13:44 ----RD---- C:\Program Files
2010-10-25 09:13:41 ----D---- C:\WINDOWS\Prefetch
2010-10-25 09:12:58 ----SHD---- C:\WINDOWS\Installer
2010-10-25 09:12:58 ----SHD---- C:\Config.Msi
2010-10-25 09:12:36 ----D---- C:\WINDOWS\system32
2010-10-25 09:06:52 ----D---- C:\WINDOWS\Temp
2010-10-25 09:06:32 ----D---- C:\Program Files\Fichiers communs\Akamai
2010-10-25 09:06:16 ----SD---- C:\WINDOWS\Tasks
2010-10-25 00:33:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-24 23:31:15 ----D---- C:\Program Files\Mozilla Firefox
2010-10-24 22:01:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-10-24 22:01:02 ----D---- C:\WINDOWS\system32\drivers
2010-10-24 21:47:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-24 21:46:17 ----D---- C:\WINDOWS
2010-10-24 21:29:24 ----D---- C:\Documents and Settings\Moreau\Application Data\Winamp
2010-10-24 21:29:21 ----D---- C:\Documents and Settings\Moreau\Application Data\Media Player Classic
2010-10-24 21:27:15 ----D---- C:\Documents and Settings\Moreau\Application Data\Azureus
2010-10-24 21:27:10 ----D---- C:\WINDOWS\Minidump
2010-10-24 21:27:10 ----D---- C:\WINDOWS\Debug
2010-10-24 20:31:34 ----D---- C:\Documents and Settings\Moreau\Application Data\Skype
2010-10-24 18:07:31 ----D---- C:\Documents and Settings\Moreau\Application Data\skypePM
2010-10-24 14:46:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-10-20 07:19:31 ----D---- C:\Documents and Settings\Moreau\Application Data\RayV
2010-10-19 19:05:53 ----HD---- C:\WINDOWS\inf
2010-10-19 19:05:13 ----D---- C:\WINDOWS\WinSxS
2010-10-18 19:23:24 ----A---- C:\Documents and Settings\Moreau\Application Data\ddcb7344.exe
2010-10-15 13:50:04 ----D---- C:\Documents and Settings\Moreau\Application Data\2K Sports
2010-10-15 13:43:47 ----D---- C:\WINDOWS\system32\DirectX
2010-10-15 13:43:28 ----RSD---- C:\WINDOWS\assembly
2010-10-02 19:08:24 ----D---- C:\Documents and Settings\Moreau\Application Data\uTorrent
2010-09-29 19:46:35 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avgntmgr;avgntmgr; C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys [2008-01-21 22336]
R0 d347bus;d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\System32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [2007-03-24 46208]
R0 ohci1394;Contrôleur hôte compatible IEE 1394 VIA OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\System32\DRIVERS\snapman.sys [2008-06-07 96320]
R0 timounter;Acronis TrueImage Backup Archive Explorer; C:\WINDOWS\System32\DRIVERS\timntr.sys [2008-06-07 249152]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-02-14 11136]
R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376]
R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-11-10 75072]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-07-04 20747]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [2008-06-07 30688]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-05-27 4830720]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-05-17 101904]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\System32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\Moreau\LOCALS~1\Temp\ewdmaudn.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; E:\Antivirus\a-squared Free\a2service.exe [2008-07-04 380016]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-05-27 602112]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-11-15 258560]
R2 Fun4IM Coordinator;Fun4IM Coordinator; C:\PROGRA~1\Fun4IM\Bandoo.exe [2010-08-23 1938880]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-08-11 132144]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-08-06 331824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-05 153376]
R2 NMSAccessU;NMSAccessU; E:\logiciel gravure\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-30 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-30 107832]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2005-11-28 172032]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S2 gupdate1c98dc55d6e27c6;Service Google Update (gupdate1c98dc55d6e27c6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
S2 vvdsvc;VJVodServices; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-08-11 57640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-08-13 259440]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Voici info.txt->

info.txt logfile of random's system information tool 1.08 2010-10-25 09:14:21

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 8.1.7 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8.2.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A82000000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Akamai NetSession Interface-->C:\Program Files\Fichiers communs\Akamai\uninstall.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:E:\FLV player\Uninstall\uninstall.xml"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
a-squared Free 3.5-->"E:\Antivirus\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
ASUS GamerOSD AP-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E96BE1AC-D50C-4EE5-808F-95F25364F78B}
ATI AVIVO Codecs-->MsiExec.exe /I{79AE776D-FA42-4040-B5F3-F317500D0FCD}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\System32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\System32\Attansic\L1 x86 1969 1048 L1
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus-->E:\Azureus\Uninstall.exe
Blood Bowl 1.1.3.3-->"E:\Blood bowl\Blood Bowl\Blood Bowl\unins000.exe"
Call of Duty Modern Warfare 2-->"E:\Call of Duty Modern Warfare 2\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{87323561-58BA-4D5B-BADA-A791B69D1705}
CCleaner-->"E:\Antivirus\CCleaner\uninst.exe"
CDBurnerXP-->"E:\logiciel gravure\CDBurnerXP\unins000.exe"
CDex extraction audio-->"E:\Cdex\uninstall.exe"
Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Correctif pour Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dealio Toolbar v4.0.2-->MsiExec.exe /X{C878CD69-85DB-426B-81A3-E71175AAEB91}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
Dream Match Tennis Pro v2.15-->"E:\Tennis\Dream.Match.Tennis.Pro.2.13\Dream Match Tennis Pro\unins000.exe"
DVD Decoder Pak for Windows XP-->MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
eMule-->"E:\emule\Uninstall.exe"
Flock (2.0)-->C:\Program Files\Flock\uninstall\helper.exe
FLV Player-->E:\FLV player\uninstall.exe
Free Mp3 Wma Converter V 1.9-->"E:\Convertisseur\Free Audio Pack\unins000.exe"
Frets On Fire-->"E:\frets on fire\Uninstall.exe"
Fun4IM-->C:\Program Files\Fun4IM\PreUninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Game Graphic Studio-->MsiExec.exe /I{5AEDCB07-25E3-4136-BE1E-BB2A2944355D}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
HD View-->MsiExec.exe /I{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}
HijackThis 2.0.2-->"E:\Antivirus\HijackThis.exe" /uninstall
Hotspot Shield 1.22-->C:\Program Files\Hotspot Shield\Uninstall.exe
HydraVision-->MsiExec.exe /X{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c
Java Web Start-->"C:\Program Files\Java\jre6\bin\uninst-javaws.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JDownloader-->E:\Jdownloader\uninstall.exe
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
League of Legends-->"E:\Lol\League of Legends\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x40c
Ma-Config.com-->MsiExec.exe /X{B301DCED-AA7B-4EE5-8EB6-967DA385714A}
Malwarebytes' Anti-Malware-->"E:\Antivirus\Malwarebytes' Anti-Malware\unins000.exe"
Mecaplan Wips v2.19.45-->"E:\mecaplan\Mecaplan Wips v2_19_45\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007-->MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
ModdingWay PES 2010 Demo - Brazil Addon - 0.5-->E:\pes 10\Uninstall-MW-Demo.exe
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.6.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NBA League Pass Broadband-->C:\Program Files\RayV\RayV\uninstall.exe
NDSROM Player-->E:\Emulation\DS\Uninstal.exe
Nero 9 Lite-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDFCreator-->E:\Program Files\PDFCreator\unins000.exe
PokerStars-->"E:\poker\PokerStarsUninstall.exe" /u:p okerStars
PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x00040c /z-uninstall
PowerQuest PartitionMagic 7.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
Pro Evolution Soccer 2011-->MsiExec.exe /X{1148E85C-E1AF-48E0-A29C-68DACE07E054}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QHLive Player-->"C:\WINDOWS\QHLive Player\uninstall.exe" "/U:C:\Program Files\QHLiveII\Uninstall\uninstall.xml"
Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Search Settings v1.2.3-->MsiExec.exe /X{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\304~1.2\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\304~1.2\Install.LOG
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.0.3-->E:\Sopcast\uninst.exe
SPVOD Player1.8-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe"
StarCraft II-->C:\Program Files\Fichiers communs\Blizzard Entertainment\StarCraft II\Uninstall.exe
StationRipper 2.90K-->E:\station ripper\StationRipper\uninstall-StationRipper.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->E:\Teamspeak2_RC2\unins000.exe
ToonFX Photo Trial-->E:\toon photo\ToonFX\PhotoTrial\uninstall.exe
TrueImage-->MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.5.2.2-->E:\tvu player\TVUPlayer\uninst.exe
Update FMC V3.2 Vf-->"C:\Program Files\Sports Interactive\Football Manager 2008\data\db\unins000.exe"
Update FMC V4.2-->"E:\Fm 2008\data\db\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veetle TV 0.9.18-->E:\veetle\UninstallVeetleTV.exe
VideoLAN VLC media player 0.8.6i-->E:\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Warhammer 40,000: Dawn of War II - Beta-->"E:\Steam\steam.exe" steam://uninstall/15660
WebTV-->C:\Program Files\InstallShield Installation Information\{B9135AC5-0FA4-4565-9768-61BF6C79CD29}\setup.exe -runfromtemp -l0x0009 -removeonly
Winamp Toolbar for Firefox-->"C:\Documents and Settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp-->"E:\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Searchqu Toolbar-->C:\Program Files\Windows Searchqu Toolbar\uninstall.exe
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordBiz version 1.8-->"E:\scrabble\WordBiz\unins000.exe"
Worms World Party-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled) (outdated)

======System event log======

Computer Name: GUIGUI
Event Code: 62464
Message: UVD Information

Record Number: 70376
Source Name: ati2mtag
Time Written: 20101018194455.000000+120
Event Type: Informations
User:

Computer Name: GUIGUI
Event Code: 62464
Message: UVD Information

Record Number: 70375
Source Name: ati2mtag
Time Written: 20101018194455.000000+120
Event Type: Informations
User:

Computer Name: GUIGUI
Event Code: 62464
Message: UVD Information

Record Number: 70374
Source Name: ati2mtag
Time Written: 20101018194455.000000+120
Event Type: Informations
User:

Computer Name: GUIGUI
Event Code: 62464
Message: UVD Information

Record Number: 70373
Source Name: ati2mtag
Time Written: 20101018194455.000000+120
Event Type: Informations
User:

Computer Name: GUIGUI
Event Code: 62464
Message: UVD Information

Record Number: 70372
Source Name: ati2mtag
Time Written: 20101018194455.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: GUIGUI
Event Code: 0
Message:
Record Number: 5663
Source Name: gusvc
Time Written: 20100509211610.000000+120
Event Type: Informations
User:

Computer Name: GUIGUI
Event Code: 0
Message:
Record Number: 5662
Source Name: gusvc
Time Written: 20100509211500.000000+120
Event Type: Informations
User:

Computer Name: GUIGUI
Event Code: 2
Message: Title StreetFighterIV.exe (1, 0, 0, 1)
XLive 2.0.0687.0 (PANORAMA_V2.00_RTM.090421-2351) C:\WINDOWS\system32\xlive.dll


0x80151007

XLive Logon Failed

00:45:07:69:C4:64
192.168.1.100
0xfb000000002a80ad
LogonHR == 0x001510f0
Games for Windows - LIVE DLL

Record Number: 5661
Source Name: XLive
Time Written: 20100509210924.000000+120
Event Type: Avertissement
User:

Computer Name: GUIGUI
Event Code: 2
Message: Title StreetFighterIV.exe (1, 0, 0, 1)
XLive 2.0.0687.0 (PANORAMA_V2.00_RTM.090421-2351) C:\WINDOWS\system32\xlive.dll


0x80151007

Live Logon Failed

00:45:07:69:C4:64
192.168.1.100
0x0
LogonHR == 0x80150002
Games for Windows - LIVE DLL

Record Number: 5660
Source Name: XLive
Time Written: 20100509210913.000000+120
Event Type: Avertissement
User:

Computer Name: GUIGUI
Event Code: 2
Message: Title StreetFighterIV.exe (1, 0, 0, 1)
XLive 2.0.0687.0 (PANORAMA_V2.00_RTM.090421-2351) C:\WINDOWS\system32\xlive.dll


0x80151007

XLive Logon Failed

00:45:07:69:C4:64
192.168.1.100
0xfb000000002a80ad
LogonHR == 0x001510f0
Games for Windows - LIVE DLL

Record Number: 5659
Source Name: XLive
Contenus similaires
25 Octobre 2010 16:00:43

Re
Voila le rapport :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25/10/2010 15:58:17
mbam-log-2010-10-25 (15-58-17).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 116477
Temps écoulé: 4 minute(s), 46 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{152a4e2a-294d-46ef-8ee5-5d2198e5ca40}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{289c97e2-b76e-4ab9-8a93-1269b84b66a1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{289c97e2-b76e-4ab9-8a93-1269b84b66a1}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd6ef567-6bd6-4265-a364-73a0079d09b8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd6ef567-6bd6-4265-a364-73a0079d09b8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
25 Octobre 2010 17:59:48

Bonjour,

le rapport MBAM indique Aucune action entreprise
Refais la manip' avec, supprime tout ce qu' il trouve et poste le rapport.

A+
25 Octobre 2010 18:12:44

Ah ! Dsl !

Voila le rapport avec les suppressions :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25/10/2010 18:11:38
mbam-log-2010-10-25 (18-11-38).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 116742
Temps écoulé: 4 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{152a4e2a-294d-46ef-8ee5-5d2198e5ca40}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{289c97e2-b76e-4ab9-8a93-1269b84b66a1}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{289c97e2-b76e-4ab9-8a93-1269b84b66a1}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd6ef567-6bd6-4265-a364-73a0079d09b8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd6ef567-6bd6-4265-a364-73a0079d09b8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.164.126,93.188.160.206 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
25 Octobre 2010 18:46:17

Re,

fais la manip' de ComboFix (merci sUBs) et poste le rapport : Ici
25 Octobre 2010 21:07:11

Rapport combofix :

ComboFix 10-10-24.06 - Moreau 25/10/2010 20:27:04.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1408 [GMT 2:00]
Lancé depuis: c:\documents and settings\Moreau\Bureau\ComboFi.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Moreau\Application Data\AD ON Multimedia
c:\documents and settings\Moreau\Application Data\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\Moreau\Application Data\ddcb7344.exe
c:\documents and settings\Moreau\Application Data\Dealio
c:\documents and settings\Moreau\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Moreau\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\daemon.dll
c:\windows\system32\ernel32.dll
c:\windows\system32\spool\prtprocs\w32x86\17qGM7.dll
c:\windows\system32\spool\prtprocs\w32x86\55sK5.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((((((( Fichiers créés du 2010-09-25 au 2010-10-25 ))))))))))))))))))))))))))))))))))))
.

2010-10-25 17:59 . 2010-10-25 18:01 -------- d-----w- C:\ComboFi
2010-10-25 13:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-25 13:49 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 13:30 . 2010-10-25 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-25 07:13 . 2010-10-25 07:14 -------- d-----w- C:\rsit
2010-10-25 07:13 . 2010-10-25 07:13 -------- d-----w- c:\program files\trend micro
2010-10-24 21:30 . 2010-10-24 21:30 8627568 ----a-w- c:\program files\Mozilla Firefox\Firefox Setup 3.6.11.exe
2010-10-24 19:32 . 2010-10-24 19:32 -------- d-----w- c:\documents and settings\Moreau\Application Data\Malwarebytes
2010-10-24 19:23 . 2010-10-24 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-21 15:39 . 2010-10-21 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-10-19 17:05 . 2010-10-24 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-18 17:30 . 2010-10-18 18:31 -------- d-----w- c:\documents and settings\Moreau\Application Data\searchqutb
2010-10-18 17:30 . 2010-10-18 17:30 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2010-10-18 17:29 . 2010-10-18 17:29 -------- d-----w- c:\program files\icons
2010-10-16 19:25 . 2010-10-16 19:25 -------- d-----w- c:\documents and settings\Moreau\Application Data\Octoshape

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-09 09:19 . 2009-02-09 09:19 227696 ----a-w- c:\program files\mozilla firefox\components\AdVComponent.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-06-28 2561320]
"Octoshape Streaming Services"="c:\documents and settings\Moreau\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\System32\xRaidSetup.exe" [2007-03-21 1953792]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"DAEMON Tools-1033"="e:\deamon tools\daemon.exe" [2004-08-22 81920]
"TrueImageMonitor.exe"="c:\program files\Micro Application\TrueImage\TrueImageMonitor.exe" [2005-11-28 1009044]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2005-11-28 118784]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-21 185896]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"RemoteControl"="e:\power dvd\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="e:\power dvd\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\UUSEE\\UUSeePlayer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"e:\\station ripper\\StationRipper\\StationRipperConsole.exe"=
"e:\\Program Files\\TVAnts\\Tvants.exe"=
"e:\\Sopcast\\adv\\SopAdver.exe"=
"e:\\Sopcast\\SopCast.exe"=
"e:\\mutorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.dll"=
"e:\\Lol\\League of Legends\\Air\\LolClient.exe"=
"e:\\Lol\\League of Legends\\Game\\League of Legends.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\2K11\\nba2k11.exe"=
"e:\\JEU PES 2011\\pes2011.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [25/05/2008 19:49 22336]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [26/05/2008 20:58 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [26/05/2008 20:58 5248]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/06/2009 11:51 28544]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [25/05/2008 19:49 45376]
R2 a2free;a-squared Free Service;e:\antivirus\a-squared Free\a2service.exe [04/07/2008 12:03 380016]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/08/2001 14:00 14336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16/12/2009 18:38 375296]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [25/05/2008 17:57 38656]
S2 gupdate1c98dc55d6e27c6;Service Google Update (gupdate1c98dc55d6e27c6);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 12:25 133104]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\Moreau\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\Moreau\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [13/08/2010 14:43 259440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'

2010-10-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 08:37]

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 10:25]

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 10:25]

2010-10-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 15:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.searchqu.com/sidebar.html?src=ssb&sysid=403
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\extensions\{7762a897-2a75-4e3f-a3a7-55bd098b9879}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Moreau\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\Moreau\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: e:\real player\Netscape6\nppl3260.dll
FF - plugin: e:\real player\Netscape6\nprjplug.dll
FF - plugin: e:\real player\Netscape6\nprpjplug.dll
FF - plugin: e:\veetle\Player\npvlc.dll
FF - plugin: e:\veetle\plugins\npVeetle.dll
FF - plugin: e:\veetle\VLCBroadcast\npvbp.dll
FF - plugin: e:\vlc\npvlc.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-DLD.EXE - e:\vidéos\Autres\RD_www.warcity.org\DLD.exe
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-BloodBowl_is1 - e:\blood bowl\Blood Bowl\Blood Bowl\unins000.exe
AddRemove-ModdingWay PES 2010 Demo - Brazil Addon - 0.5 - e:\pes 10\Uninstall-MW-Demo.exe
AddRemove-NDSROM Player - e:\emulation\DS\Uninstal.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Update FMC V4.2_is1 - e:\fm 2008\data\db\unins000.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Moreau\Application Data\Mozilla\Firefox\Profiles\d8bzza1j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-{3CDF9C0F-6C77-4307-80A6-0A9D47C174D8}_is1 - e:\call of duty modern warfare 2\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-25 21:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1454471165-616249376-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:1d,5f,c4,6a,49,5b,38,b6,e1,2f,a6,25,37,85,11,13,3a,50,1e,b3,5e,60,84,
bd,f5,99,be,95,65,b5,bf,9d,2d,da,7d,04,59,a1,48,a2,c3,1b,a6,5c,ab,8a,03,4f,\
"??"=hex:ff,43,13,ba,ae,8b,74,2b,e4,8a,d8,20,dc,5b,78,44

[HKEY_USERS\S-1-5-21-1454471165-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,06,3b,e1,50,63,98,b7,c0,2c,30,7f,ff,5f,00,28,54,51,70,16,08,
6a,0c,03,3a,06,83,dc,2a,da,be,51,93,3b,f6,6b,55,ba,7f,c3,a5,47,60,6a,28,a1,\
"rkeysecu"=hex:a8,b6,88,8f,b6,7a,b3,ea,51,e9,ea,fb,3e,01,43,4e
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\ATKKBService.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
e:\logiciel gravure\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Cyberlink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-10-25 21:05:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-25 19:05

Avant-CF: 107 614 580 736 octets libres
Après-CF: 107 540 389 888 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

- - End Of File - - F1ADE692186568A14674A8E98BAECED8
25 Octobre 2010 23:09:58

Bonsoir,

utilises-tu un proxy?

1) Télécharge :
CCleaner : Ici
Lance-le puis clique sur Options>Avancé et décoche Effacer uniquement les fichiers Temp de Windows datant de plus de 24 heures. Ferme le programme.

2) Lance CCleaner :
Dans le menu Nettoyeur, clique sur Analyse (laisse-le travailler) puis sur le bouton Lancer le nettoyage.
Fais cela plusieurs fois.

A+
26 Octobre 2010 09:44:58

Bonjour,

Non je n'utilise pas de proxy.

Mon problème de redirection de page semble résolu.
Cependant, j'attends encore quelques temps afin de voir si le problème se stabilise.
Merci infiniment en tout cas.

A+
26 Octobre 2010 14:16:18

Bonjour,

nous n' avons pas terminé.

¤ Télécharge Ad-Remover (merci C_XX) sur ton Bureau : Ici
- Double-clique dessus pour le démarrer (pour les utilisateurs de Vista/7, clic-droit>Exécuter en tant qu' Administrateur)
- Lance la recherche et poste le rapport généré

A+
Edit : Manip'
26 Octobre 2010 18:33:52

Voila le rapport d'Ad-remover:

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:32:53 le 26/10/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Moreau@GUIGUI ( )

============== RECHERCHE ==============

Service: "Application Updater" Présent

Fichier trouvé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar
Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier trouvé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\extensions\toolbar@ask.com
Dossier trouvé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
Dossier trouvé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\searchqutb
Fichier trouvé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\searchplugins\SearchquWebSearch.xml
Dossier trouvé: C:\Program Files\Ask.com
Dossier trouvé: C:\Documents and Settings\Moreau\Application Data\AskToolbar
Dossier trouvé: C:\Documents and Settings\Moreau\Local Settings\Application Data\AskToolbar
Dossier trouvé: C:\Program Files\Application Updater
Dossier trouvé: C:\Documents and Settings\Moreau\Application Data\Search Settings
Dossier trouvé: C:\Documents and Settings\Moreau\Application Data\SearchquTB

-- Fichier ouvert: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\Prefs.js --
Ligne trouvée: user_pref("CT694331.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT6943...
Ligne trouvée: user_pref("extensions.asktb.cbid", "N9");
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1287873859831");
Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne trouvée: user_pref("extensions.asktb.nero.userName", "");
Ligne trouvée: user_pref("extensions.asktb.o", "15418");
Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.r", "2");
-- Fichier Fermé --


Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé trouvée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé trouvée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé trouvée: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Clé trouvée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore
Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé trouvée: HKLM\Software\bandoo
Clé trouvée: HKLM\Software\Application Updater
Clé trouvée: HKLM\Software\DataMngr
Clé trouvée: HKLM\Software\Dealio
Clé trouvée: HKLM\Software\Search Settings
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\DataMngr
Clé trouvée: HKCU\Software\Dealio
Clé trouvée: HKCU\Software\Search Settings
Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé trouvée: HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar

Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.11 (fr)] **

-- C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\Prefs.js --
browser.download.dir, E:\\scite
browser.search.defaultenginename, Web Search
browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinamp...
browser.search.selectedEngine, Web Search
browser.startup.homepage, hxxp://www.google.fr
browser.startup.homepage_override.mstone, rv:1.9.2.11
keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://www.google.fr/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 26/10/2010 (6912 Octet(s))

Fin à: 18:33:23, 26/10/2010

============== E.O.F ==============
26 Octobre 2010 19:10:09

Re,

- Double-clique sur Ad-Remover pour l' exécuter
- Lance le nettoyage et poste le rapport
27 Octobre 2010 13:31:11

Re !

======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 13:26:01 le 27/10/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
Moreau@GUIGUI ( )

============== ACTION(S) ==============

Service: "Application Updater" Stoppé et supprimé

Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar
Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier supprimé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\extensions\toolbar@ask.com
Dossier supprimé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
Dossier supprimé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\searchqutb
Fichier supprimé: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\searchplugins\SearchquWebSearch.xml
Dossier supprimé: C:\Program Files\Ask.com
Dossier supprimé: C:\Documents and Settings\Moreau\Application Data\AskToolbar
Dossier supprimé: C:\Documents and Settings\Moreau\Local Settings\Application Data\AskToolbar
Dossier supprimé: C:\Program Files\Application Updater
Dossier supprimé: C:\Documents and Settings\Moreau\Application Data\Search Settings
Dossier supprimé: C:\Documents and Settings\Moreau\Application Data\SearchquTB

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("CT694331.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT6943...
Ligne supprimée: user_pref("extensions.asktb.cbid", "N9");
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
Ligne supprimée: user_pref("extensions.asktb.l", "dis");
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1287873859831");
Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne supprimée: user_pref("extensions.asktb.nero.userName", "");
Ligne supprimée: user_pref("extensions.asktb.o", "15418");
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
Ligne supprimée: user_pref("extensions.asktb.r", "2");
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé supprimée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé supprimée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé supprimée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Clé supprimée: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore
Clé supprimée: HKLM\Software\Classes\BandooCore.BandooCore.1
Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr
Clé supprimée: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKLM\Software\Classes\AppID\BandooCore.EXE
Clé supprimée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Clé supprimée: HKLM\Software\bandoo
Clé supprimée: HKLM\Software\Application Updater
Clé supprimée: HKLM\Software\DataMngr
Clé supprimée: HKLM\Software\Dealio
Clé supprimée: HKLM\Software\Search Settings
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AskToolbar
Clé supprimée: HKCU\Software\DataMngr
Clé supprimée: HKCU\Software\Dealio
Clé supprimée: HKCU\Software\Search Settings
Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé supprimée: HKLM\Software\Classes\Installer\Products\96DC878CBD58B624183A7E1157AABE19
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Classes\Installer\Products\D82C50F59AED6DA47AA360145789E8BA
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\96DC878CBD58B624183A7E1157AABE19
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\D82C50F59AED6DA47AA360145789E8BA
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.11 (fr)] **

-- C:\Documents and Settings\Moreau\Application Data\Mozilla\FireFox\Profiles\d8bzza1j.default\Prefs.js --
browser.download.dir, E:\\scite
browser.search.defaultenginename, Web Search
browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinamp...
browser.search.selectedEngine, Web Search
browser.startup.homepage, hxxp://www.google.fr
browser.startup.homepage_override.mstone, rv:1.9.2.11
keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 1047 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 27/10/2010 (2874 Octet(s))
C:\Ad-Report-SCAN[1].txt - 26/10/2010 (8735 Octet(s))
C:\Ad-Report-SCAN[2].txt - 27/10/2010 (8791 Octet(s))

Fin à: 13:26:49, 27/10/2010

============== E.O.F ==============


Voila le rapport de nettoyage.


A+
27 Octobre 2010 13:49:40

:hello: ,

il faut mettre à jour Java (faille de sécurité) :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6u22 et dans la page suivante, coche I agree... puis télécharge Multi-language/Windows Offline Installation/jre-6u22-windows-i586.exe
Adobe (idem) :
http://www.adobe.com/fr/products/acrobat/readstep2.html
Acrobat Reader 9.4
Décoche McAfee Security Scan gratuit

De+ mets à jour Internet Explorer (8) : http://www.microsoft.com/france/windows/products/winfam...

A+

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS