Se connecter / S'enregistrer
Votre question

Comment se debarrasser de popeo, main exoclick... ?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Janvier 2010 12:40:57

Bonjour

Depuis quelques temps (je crois que ca correspond au moment ou j'ai installé Spyware doctor) je me retrouve infesté par des pages publicitaires comme exoclick, popeo, memoletter.com, c.ppcxml.ne etc lors d'une navigation sur internet.
J'ai désinstallé spyware doctor mais en vain, ces foutues pages se manifestent encore ce qui est, vous pouvez le deviner, tres embêtant.

Si vous pouviez m'aider cela serait genial !

Merci d'avance

Autres pages sur : debarrasser popeo main exoclick

a c 267 8 Sécurité
14 Janvier 2010 13:23:34

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\Rsit.
    m
    0
    l
    14 Janvier 2010 13:41:41

    Merci beaucoup pour votre réponse rapide.
    Voici les deux rapports :

    Log.txt



    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Les cousins at 2010-01-14 13:38:57
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 9 GB (12%) free of 76 GB
    Total RAM: 2046 MB (44% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:38:59, on 14/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18349)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Users\Les cousins\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Users\Les cousins\AppData\Roaming\UpdateStar\UpdateStar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Users\Les cousins\AppData\Roaming\SystemProc\lsass.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Les cousins\AppData\Local\vvlmbdds.exe
    C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
    C:\Users\Les cousins\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Les cousins\Desktop\RSIT.exe
    C:\Program Files\trend micro\Les cousins.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {16F02BAE-AD47-43E6-B630-0557F4EC173d} - C:\Windows\System32\fdProxy32.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
    O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Les cousins\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [ertyuop] C:\Windows\system32\rttrwq.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [UpdateStar] C:\Users\Les cousins\AppData\Roaming\UpdateStar\UpdateStar.exe -A
    O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Les cousins\AppData\Roaming\Bifrost\server.exe
    O4 - HKCU\..\Run: [stub] C:\Users\Les cousins\AppData\Local\Temp\M4x0ubot.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [RTHDBPL] C:\Users\Les cousins\AppData\Roaming\SystemProc\lsass.exe
    O4 - HKCU\..\Run: [Vfovecabafojo] rundll32.exe "C:\Users\Les cousins\AppData\Local\wempos2.dll",Startup
    O4 - HKCU\..\Run: [vvlmbdds] "c:\users\les cousins\appdata\local\vvlmbdds.exe" vvlmbdds
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [ZagrebLand] C:\Windows\TEMP\c.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ZagrebLand] C:\Windows\TEMP\c.exe (User 'Default user')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Les cousins\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - AppInit_DLLs: C:\Windows\System32\GEARAspi32.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10624 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\Google Software Updater.job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    C:\Windows\tasks\Norton Security Scan for Les cousins.job
    C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16F02BAE-AD47-43E6-B630-0557F4EC173d}]
    C:\Windows\System32\fdProxy32.dll [2010-01-06 193536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "EoEngine"= []
    "Google Updater"=C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2010-01-05 160752]
    "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "MRT"=C:\Windows\system32\MRT.exe [2010-01-05 29634504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SoftwareHelper"=C:\Users\Les cousins\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "TOSCDSPD"=TOSCDSPD.EXE []
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
    "ertyuop"=C:\Windows\system32\rttrwq.exe []
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-08 39408]
    "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
    "UpdateStar"=C:\Users\Les cousins\AppData\Roaming\UpdateStar\UpdateStar.exe [2009-07-28 4710640]
    "{9B71D88C-C598-4935-C5D1-43AA4DB90836}"=C:\Users\Les cousins\AppData\Roaming\Bifrost\server.exe [2009-10-27 1747576]
    "stub"=C:\Users\Les cousins\AppData\Local\Temp\M4x0ubot.exe [2009-11-14 46158]
    "Steam"=C:\Program Files\Steam\Steam.exe [2009-12-02 1217808]
    "RTHDBPL"=C:\Users\Les cousins\AppData\Roaming\SystemProc\lsass.exe [2010-01-06 67584]
    "Vfovecabafojo"=C:\Users\Les cousins\AppData\Local\wempos2.dll [2008-01-19 41984]
    "vvlmbdds"=c:\users\les cousins\appdata\local\vvlmbdds.exe [2010-01-11 434176]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    PC TimeWatch Tray Icon.lnk - C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe

    C:\Users\Les cousins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Notification de cadeaux MSN.lnk - C:\Users\Les cousins\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\Windows\System32\GEARAspi32.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05391e95-2687-11dd-918a-001cbfca964c}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae87caae-0c59-11dd-b09c-001cbfca964c}]
    shell\AutoRun\command - E:\ju.bat
    shell\open\command - E:\ju.bat


    ======List of files/folders created in the last 1 months======

    2010-01-14 13:33:51 ----D---- C:\Program Files\trend micro
    2010-01-14 13:33:50 ----D---- C:\rsit
    2010-01-14 11:33:31 ----A---- C:\Users\Les cousins\AppData\Roaming\vymECmNtReHKETQ.vbs
    2010-01-13 11:01:34 ----A---- C:\Users\Les cousins\AppData\Roaming\jffVnWXWDGGON.vbs
    2010-01-13 09:21:15 ----A---- C:\Windows\system32\t2embed.dll
    2010-01-13 09:21:15 ----A---- C:\Windows\system32\fontsub.dll
    2010-01-12 09:34:41 ----A---- C:\Users\Les cousins\AppData\Roaming\9tAc2xS.vbs
    2010-01-11 08:52:01 ----A---- C:\Users\Les cousins\AppData\Roaming\cB5eT.vbs
    2010-01-10 13:02:26 ----A---- C:\Users\Les cousins\AppData\Roaming\5w6xCE2.vbs
    2010-01-09 10:05:02 ----A---- C:\Users\Les cousins\AppData\Roaming\ADermHC.vbs
    2010-01-08 08:44:27 ----A---- C:\Users\Les cousins\AppData\Roaming\JUNLISSeXHKz3.vbs
    2010-01-07 11:39:03 ----A---- C:\Users\Les cousins\AppData\Roaming\eddnVDq83HyxlGK.vbs
    2010-01-06 22:58:41 ----A---- C:\Users\Les cousins\AppData\Roaming\jXFgNgS.vbs
    2010-01-06 22:50:37 ----A---- C:\Windows\oublr2611.exe
    2010-01-06 22:49:56 ----A---- C:\Windows\qhllk21270.exe
    2010-01-06 22:47:50 ----A---- C:\Windows\system32\fdProxy32.dll
    2010-01-06 22:47:49 ----A---- C:\Users\Les cousins\AppData\Roaming\DBZ5qDgwyfEf8.vbs
    2010-01-06 22:47:25 ----A---- C:\Windows\system32\dmutil32.dll
    2010-01-06 22:47:24 ----A---- C:\Users\Les cousins\AppData\Roaming\yIaEHzsJ5CzlY.vbs
    2010-01-06 22:47:18 ----SHD---- C:\Users\Les cousins\AppData\Roaming\SystemProc
    2010-01-06 22:47:01 ----ASH---- C:\Users\Les cousins\AppData\Roaming\478B.tmp
    2010-01-06 22:47:00 ----A---- C:\Windows\system32\d3d10_132.dll
    2010-01-06 22:46:59 ----A---- C:\Windows\system32\GEARAspi32.dll
    2010-01-06 22:46:59 ----A---- C:\Users\Les cousins\AppData\Roaming\0MmU2yhXfEfxK0C.vbs
    2010-01-06 22:04:24 ----D---- C:\Program Files\eMule
    2010-01-06 20:58:54 ----D---- C:\Program Files\Common Files\Adobe
    2010-01-05 19:10:43 ----D---- C:\Users\Les cousins\AppData\Roaming\PC Tools
    2010-01-05 19:10:43 ----D---- C:\ProgramData\PC Tools
    2010-01-05 19:10:43 ----D---- C:\Program Files\Spyware Doctor
    2010-01-05 19:10:43 ----D---- C:\Program Files\Common Files\PC Tools
    2010-01-05 18:46:53 ----D---- C:\ProgramData\Google Updater
    2010-01-04 21:06:26 ----D---- C:\Fraps
    2010-01-04 11:06:37 ----D---- C:\Dofus 2
    2009-12-15 13:08:37 ----D---- C:\Windows\Sun

    ======List of files/folders modified in the last 1 months======

    2010-01-14 13:38:58 ----D---- C:\Windows\Temp
    2010-01-14 13:33:51 ----RD---- C:\Program Files
    2010-01-14 12:35:24 ----D---- C:\Windows\Tasks
    2010-01-14 12:20:41 ----AD---- C:\ProgramData\TEMP
    2010-01-14 11:42:43 ----D---- C:\Windows\winsxs
    2010-01-14 11:37:49 ----SHD---- C:\System Volume Information
    2010-01-14 11:37:01 ----D---- C:\Windows\System32
    2010-01-14 11:36:51 ----D---- C:\Windows\system32\catroot
    2010-01-14 11:36:50 ----D---- C:\Windows\system32\catroot2
    2010-01-14 11:36:41 ----D---- C:\Program Files\Windows Mail
    2010-01-14 11:36:26 ----A---- C:\Windows\system32\MRT.INI
    2010-01-14 11:34:23 ----D---- C:\Program Files\Steam
    2010-01-08 11:11:46 ----D---- C:\Users\Les cousins\AppData\Roaming\Dofus 2
    2010-01-08 08:31:52 ----D---- C:\Windows\system32\drivers
    2010-01-08 08:31:50 ----D---- C:\Windows
    2010-01-06 22:56:48 ----D---- C:\Users\Les cousins\AppData\Roaming\LimeWire
    2010-01-06 22:50:19 ----D---- C:\Windows\system32\Tasks
    2010-01-06 22:45:32 ----D---- C:\Users\Les cousins\AppData\Roaming\Azureus
    2010-01-06 22:04:26 ----D---- C:\ProgramData\eMule
    2010-01-06 20:59:51 ----SHD---- C:\Windows\Installer
    2010-01-06 20:59:50 ----D---- C:\ProgramData\Adobe
    2010-01-06 20:58:54 ----D---- C:\Program Files\Common Files
    2010-01-06 20:58:54 ----D---- C:\Program Files\Adobe
    2010-01-06 20:51:00 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-06 20:50:51 ----D---- C:\ProgramData\Google
    2010-01-05 19:10:43 ----HD---- C:\ProgramData
    2010-01-05 18:46:53 ----D---- C:\Program Files\Google
    2010-01-05 18:42:52 ----D---- C:\Program Files\Common Files\Symantec Shared
    2010-01-05 18:40:04 ----D---- C:\Program Files\EoRezo
    2010-01-05 18:40:03 ----D---- C:\Users\Les cousins\AppData\Roaming\EoRezo
    2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
    2010-01-04 21:26:25 ----D---- C:\Users\Les cousins\AppData\Roaming\vlc
    2010-01-04 19:17:02 ----D---- C:\Windows\Prefetch
    2010-01-04 11:02:19 ----D---- C:\Program Files\Dofus 2
    2010-01-04 10:57:47 ----D---- C:\Program Files\Dofus
    2010-01-02 09:21:40 ----D---- C:\Program Files\Common Files\Steam
    2009-12-26 00:03:44 ----D---- C:\Windows\inf
    2009-12-26 00:03:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-12-25 10:55:39 ----D---- C:\Windows\system32\config
    2009-12-25 10:55:21 ----D---- C:\Windows\system32\spool
    2009-12-25 10:55:21 ----D---- C:\Windows\system32\Msdtc
    2009-12-25 10:55:21 ----D---- C:\Windows\system32\CodeIntegrity
    2009-12-25 10:55:16 ----D---- C:\Windows\system32\wbem
    2009-12-25 10:55:16 ----D---- C:\Windows\registration
    2009-12-25 10:51:56 ----D---- C:\Windows\system32\LogFiles

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-11-01 3170304]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    R3 PTWDrv;PTW - Process monitoring driver; \??\C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 4096]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-07-27 188336]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
    R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
    R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
    S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
    S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
    S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
    S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
    S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
    S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
    S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
    S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160]
    S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
    S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
    S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
    S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
    S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
    R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
    R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-11-01 626688]
    R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-19 1028432]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
    R2 PTWsvc;PCTimeWatch; C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2009-02-16 937984]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
    R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
    S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 194032]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
    S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2009-11-02 444288]
    S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-01-01 321320]

    -----------------EOF-----------------


    Info.txt :


    info.txt logfile of random's system information tool 1.06 2010-01-14 13:34:29

    ======Uninstall list======

    -->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x40c
    Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
    Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x040c
    Catalyst Control Center - Branding-->MsiExec.exe /I{BC1ADEAD-99F1-4707-B31B-CDB222D5BB68}
    Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    CooperativeAdvertiser-->C:\Program Files\CooperativeAdvertiser\uninstall.exe uninstall=cooperativeadvertiser
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dofus-->msiexec /qb /x {5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}
    Dofus-->MsiExec.exe /I{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}
    DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x40c
    EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
    Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
    Favorit-->c:\users\les cousins\appdata\local\daxukhdd.bat
    FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
    Fraps-->"C:\Fraps\uninstall.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
    Google Toolbar for Firefox-->C:\ProgramData\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
    Guitar Pro 4 Demo-->MsiExec.exe /X{22C1B575-C746-46F2-80A3-EE9612AF5FAA}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HLSW v1.3.0-->"C:\Program Files\HLSW\unins000.exe"
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
    iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Lecteur CANALPLAY 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\setup.exe" -l0x40c -removeonly
    LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
    livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
    LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Corporation-->MsiExec.exe /I{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}
    Microsoft LifeCam-->MsiExec.exe /X{36C97B5B-5593-45B8-B50E-DAD87036BD9D}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
    Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl
    Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
    Nokia PC Suite-->C:\ProgramData\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_wu_fre.exe
    Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
    Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
    OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
    Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_a366d9d6\nokbtmdm.inf
    Package de pilotes Windows - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_9e7751a9\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
    PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
    PC TimeWatch-->"C:\Program Files\MainSoft\PC TimeWatch\unins000.exe"
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe uninstall=playmp3z
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
    Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x40c
    Reg (DOFUS Audio Subsystem)-->msiexec /qb /x {3F900346-A316-BA88-B83C-2513F1260AD7}
    Reg (DOFUS Audio Subsystem)-->MsiExec.exe /I{3F900346-A316-BA88-B83C-2513F1260AD7}
    SAMSUNG CDMA Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
    SoftwareUpdate 1.0-->"C:\Users\Les cousins\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe"
    SpotMSN 1.8.4-->"C:\Program Files\Nsasoft\SpotMSN\unins000.exe"
    Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}
    SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x040c
    TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x40c
    TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x040c uninstall
    TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
    TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x040c
    TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
    TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036
    TOSHIBA Mot de passe responsable-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036
    Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x040c -removeonly
    TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
    TOSHIBA Software Modem-->Tosmreg -U
    TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x040c
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    UpdateStar-->MsiExec.exe /X{17460611-3151-4B4F-A710-BDAF4AB1D57E}
    VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vodafone WCDMA Composite Device Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
    Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
    Vuze-->C:\Program Files\Vuze\uninstall.exe
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
    Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
    Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
    Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
    Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

    ======Security center information======

    AS: Lavasoft Ad-Watch Live! (disabled)
    AS: Windows Defender (disabled) (outdated)

    ======System event log======

    Computer Name: PC-de-Lescousin
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CBFCA964C. Il s'est produit l'erreur suivante :
    L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
    Record Number: 104717
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090421140152.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
    Record Number: 104730
    Source Name: cdrom
    Time Written: 20090421173042.477000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CBFCA964C. Il s'est produit l'erreur suivante :
    L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
    Record Number: 104807
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090422093659.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CBFCA964C. Il s'est produit l'erreur suivante :
    L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
    Record Number: 104815
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090422130908.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 6008
    Message: L'arrêt système précédant à 20:27:18 le 22/04/2009 n'était pas prévu.
    Record Number: 104847
    Source Name: EventLog
    Time Written: 20090423062726.000000-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-Lescousin
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-659711424-1180134611-2956167126-1000:
    Process 4 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-659711424-1180134611-2956167126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    Record Number: 57017
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20100113082335.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-Lescousin
    Event Code: 3013
    Message: Impossible de mettre à jour l'entrée <C:\USERS\LES COUSINS\APPDATA\ROAMING\ADOBE\AIR\UPDATER\BACKGROUND\FULL> dans la configuration de hachage.

    Contexte : Application , Catalogue SystemIndex

    Détails :
    Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

    Record Number: 57048
    Source Name: Microsoft-Windows-Search
    Time Written: 20100113102129.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 3013
    Message: Impossible de mettre à jour l'entrée <C:\USERS\LES COUSINS\APPDATA\ROAMING\ADOBE\AIR\UPDATER\BACKGROUND\FULL> dans la configuration de hachage.

    Contexte : Application , Catalogue SystemIndex

    Détails :
    Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

    Record Number: 57049
    Source Name: Microsoft-Windows-Search
    Time Written: 20100113102129.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 1002
    Message: Le programme Dofus.exe version 0.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : b5c Heure de début : 01ca944656dfce90 Heure de fin : 15
    Record Number: 57059
    Source Name: Application Hang
    Time Written: 20100113153300.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Lescousin
    Event Code: 1000
    Message: Application défaillante iexplore.exe, version 7.0.6001.18349, horodatage 0x4ae6d1b5, module défaillant ntdll.dll, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000005, décalage d’erreur 0x0003d02b, ID du processus 0x1098, heure de début de l’application 0x01ca950d9eb25040.
    Record Number: 57118
    Source Name: Application Error
    Time Written: 20100114113521.000000-000
    Even
    m
    0
    l
    Contenus similaires
    a c 267 8 Sécurité
    14 Janvier 2010 14:08:46

    Ce PC est très infecté.

    Il se peut que quelqu'un ait accès à ton PC à distance.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    m
    0
    l
    14 Janvier 2010 16:09:25

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3561
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    14/01/2010 16:09:00
    mbam-log-2010-01-14 (16-09-00).txt

    Type de recherche: Examen rapide
    Eléments examinés: 118302
    Temps écoulé: 10 minute(s), 10 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 31
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 33

    Processus mémoire infecté(s):
    C:\Users\Les cousins\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
    C:\Users\Les cousins\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Windows\System32\GEARAspi32.dll (Trojan.Agent) -> Delete on reboot.
    C:\Users\Les cousins\AppData\Roaming\478B.tmp (Trojan.Agent) -> Delete on reboot.
    C:\Users\Les cousins\AppData\Local\wempos2.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16f02bae-ad47-43e6-b630-0557f4ec173d} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{16f02bae-ad47-43e6-b630-0557f4ec173d} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cooperativeadvertiser.cooperativeadvertiser (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cooperativeadvertiser.cooperativeadvertiser.1 (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1bd2970f-9db9-f23a-1aef-71a27de17caf} (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1bd2970f-9db9-f23a-1aef-71a27de17caf} (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16f02bae-ad47-43e6-b630-0557f4ec173d} (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\CooperativeAdvertiser (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SystemInit (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CooperativeAdvertiser (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvlmbdds (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vfovecabafojo (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ertyuop (Spyware.OnlineGames) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\gearaspi32.dll -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\gearaspi32.dll -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\CooperativeAdvertiser (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Roaming\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Users\Les cousins\Local Settings\Application Data\vvlmbdds_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\Local Settings\Application Data\vvlmbdds_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\Local Settings\Application Data\vvlmbdds.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\Local Settings\Application Data\vvlmbdds.exe (Adware.Navipromo.H) -> Delete on reboot.
    C:\Windows\System32\fdProxy32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
    c:\Users\les cousins\AppData\Local\vvlmbdds.exe (Trojan.Agent.H) -> Delete on reboot.
    C:\Windows\System32\GEARAspi32.dll (Trojan.Agent) -> Delete on reboot.
    C:\Users\Les cousins\AppData\Roaming\478B.tmp (Trojan.Agent) -> Delete on reboot.
    C:\Users\Les cousins\AppData\Local\wempos2.dll (Trojan.Agent) -> Delete on reboot.
    C:\Users\Les cousins\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\d3d10_132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\System32\dmutil32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\Windows\Temp\bpnt.tmp (Worm.Autorun) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\E3CA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\qhllk21270.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\oublr2611.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\spool\prtprocs\w32x86\C053.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Program Files\CooperativeAdvertiser\uninstall.exe (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Delete on reboot.
    C:\Users\Les cousins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Roaming\Bifrost\server.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Windows\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Windows\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Les cousins\AppData\Local\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    m
    0
    l
    a c 267 8 Sécurité
    14 Janvier 2010 20:49:28

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Désinstalle Vuze Toolbar.

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    14 Janvier 2010 23:06:25

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Les cousins at 2010-01-14 23:05:28
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 11 GB (14%) free of 76 GB
    Total RAM: 2046 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:05:35, on 14/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18349)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Users\Les cousins\AppData\Roaming\UpdateStar\UpdateStar.exe
    C:\Users\Les cousins\AppData\Local\Temp\M4x0ubot.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
    C:\Users\Les cousins\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Les cousins\Desktop\RSIT.exe
    C:\Program Files\trend micro\Les cousins.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [UpdateStar] C:\Users\Les cousins\AppData\Roaming\UpdateStar\UpdateStar.exe -A
    O4 - HKCU\..\Run: [stub] C:\Users\Les cousins\AppData\Local\Temp\M4x0ubot.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vfovecabafojo] rundll32.exe "C:\Users\Les cousins\AppData\Local\wempos2.dll",Startup
    O4 - HKCU\..\Run: [vvlmbdds] "c:\users\les cousins\appdata\local\vvlmbdds.exe" vvlmbdds
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [ZagrebLand] C:\Windows\TEMP\c.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ZagrebLand] C:\Windows\TEMP\c.exe (User 'Default user')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Les cousins\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - AppInit_DLLs: C:\Windows\System32\GEARAspi32.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9382 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\Google Software Updater.job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    C:\Windows\tasks\Norton Security Scan for Les cousins.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "EoEngine"= []
    "Google Updater"=C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2010-01-05 160752]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "TOSCDSPD"=TOSCDSPD.EXE []
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-08 39408]
    "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
    "UpdateStar"=C:\Users\Les cousins\AppData\Roaming\UpdateStar\UpdateStar.exe [2009-07-28 4710640]
    "stub"=C:\Users\Les cousins\AppData\Local\Temp\M4x0ubot.exe [2009-11-14 46158]
    "Steam"=C:\Program Files\Steam\Steam.exe [2009-12-02 1217808]
    "Vfovecabafojo"=C:\Users\Les cousins\AppData\Local\wempos2.dll,Startup []
    "vvlmbdds"=c:\users\les cousins\appdata\local\vvlmbdds.exe vvlmbdds []

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    PC TimeWatch Tray Icon.lnk - C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe

    C:\Users\Les cousins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Notification de cadeaux MSN.lnk - C:\Users\Les cousins\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\Windows\System32\GEARAspi32.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05391e95-2687-11dd-918a-001cbfca964c}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae87caae-0c59-11dd-b09c-001cbfca964c}]
    shell\AutoRun\command - E:\ju.bat
    shell\open\command - E:\ju.bat


    ======List of files/folders created in the last 1 months======

    2010-01-14 15:56:45 ----D---- C:\Users\Les cousins\AppData\Roaming\Malwarebytes
    2010-01-14 15:56:40 ----D---- C:\ProgramData\Malwarebytes
    2010-01-14 15:56:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-01-14 13:33:51 ----D---- C:\Program Files\trend micro
    2010-01-14 13:33:50 ----D---- C:\rsit
    2010-01-14 11:33:31 ----A---- C:\Users\Les cousins\AppData\Roaming\vymECmNtReHKETQ.vbs
    2010-01-13 11:01:34 ----A---- C:\Users\Les cousins\AppData\Roaming\jffVnWXWDGGON.vbs
    2010-01-13 09:21:15 ----A---- C:\Windows\system32\t2embed.dll
    2010-01-13 09:21:15 ----A---- C:\Windows\system32\fontsub.dll
    2010-01-12 09:34:41 ----A---- C:\Users\Les cousins\AppData\Roaming\9tAc2xS.vbs
    2010-01-11 08:52:01 ----A---- C:\Users\Les cousins\AppData\Roaming\cB5eT.vbs
    2010-01-10 13:02:26 ----A---- C:\Users\Les cousins\AppData\Roaming\5w6xCE2.vbs
    2010-01-09 10:05:02 ----A---- C:\Users\Les cousins\AppData\Roaming\ADermHC.vbs
    2010-01-08 08:44:27 ----A---- C:\Users\Les cousins\AppData\Roaming\JUNLISSeXHKz3.vbs
    2010-01-07 11:39:03 ----A---- C:\Users\Les cousins\AppData\Roaming\eddnVDq83HyxlGK.vbs
    2010-01-06 22:58:41 ----A---- C:\Users\Les cousins\AppData\Roaming\jXFgNgS.vbs
    2010-01-06 22:47:49 ----A---- C:\Users\Les cousins\AppData\Roaming\DBZ5qDgwyfEf8.vbs
    2010-01-06 22:47:24 ----A---- C:\Users\Les cousins\AppData\Roaming\yIaEHzsJ5CzlY.vbs
    2010-01-06 22:47:18 ----SHD---- C:\Users\Les cousins\AppData\Roaming\SystemProc
    2010-01-06 22:46:59 ----A---- C:\Users\Les cousins\AppData\Roaming\0MmU2yhXfEfxK0C.vbs
    2010-01-06 22:04:24 ----D---- C:\Program Files\eMule
    2010-01-06 20:58:54 ----D---- C:\Program Files\Common Files\Adobe
    2010-01-05 19:10:43 ----D---- C:\Users\Les cousins\AppData\Roaming\PC Tools
    2010-01-05 19:10:43 ----D---- C:\ProgramData\PC Tools
    2010-01-05 19:10:43 ----D---- C:\Program Files\Spyware Doctor
    2010-01-05 19:10:43 ----D---- C:\Program Files\Common Files\PC Tools
    2010-01-05 18:46:53 ----D---- C:\ProgramData\Google Updater
    2010-01-04 21:06:26 ----D---- C:\Fraps
    2010-01-04 11:06:37 ----D---- C:\Dofus 2
    2009-12-15 13:08:37 ----D---- C:\Windows\Sun

    ======List of files/folders modified in the last 1 months======

    2010-01-14 23:05:35 ----D---- C:\Windows\Prefetch
    2010-01-14 23:05:33 ----D---- C:\Windows\Temp
    2010-01-14 23:05:17 ----RD---- C:\Program Files
    2010-01-14 20:18:32 ----SHD---- C:\System Volume Information
    2010-01-14 16:53:21 ----D---- C:\Windows\Tasks
    2010-01-14 16:52:52 ----D---- C:\Program Files\Steam
    2010-01-14 16:50:09 ----D---- C:\Windows\System32
    2010-01-14 16:50:08 ----D---- C:\Windows\system32\drivers
    2010-01-14 16:08:56 ----D---- C:\Windows
    2010-01-14 15:56:40 ----HD---- C:\ProgramData
    2010-01-14 15:54:25 ----AD---- C:\ProgramData\TEMP
    2010-01-14 11:42:43 ----D---- C:\Windows\winsxs
    2010-01-14 11:36:51 ----D---- C:\Windows\system32\catroot
    2010-01-14 11:36:50 ----D---- C:\Windows\system32\catroot2
    2010-01-14 11:36:41 ----D---- C:\Program Files\Windows Mail
    2010-01-14 11:36:26 ----A---- C:\Windows\system32\MRT.INI
    2010-01-08 11:11:46 ----D---- C:\Users\Les cousins\AppData\Roaming\Dofus 2
    2010-01-06 22:56:48 ----D---- C:\Users\Les cousins\AppData\Roaming\LimeWire
    2010-01-06 22:50:19 ----D---- C:\Windows\system32\Tasks
    2010-01-06 22:45:32 ----D---- C:\Users\Les cousins\AppData\Roaming\Azureus
    2010-01-06 22:04:26 ----D---- C:\ProgramData\eMule
    2010-01-06 20:59:51 ----SHD---- C:\Windows\Installer
    2010-01-06 20:59:50 ----D---- C:\ProgramData\Adobe
    2010-01-06 20:58:54 ----D---- C:\Program Files\Common Files
    2010-01-06 20:58:54 ----D---- C:\Program Files\Adobe
    2010-01-06 20:51:00 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-06 20:50:51 ----D---- C:\ProgramData\Google
    2010-01-05 18:46:53 ----D---- C:\Program Files\Google
    2010-01-05 18:42:52 ----D---- C:\Program Files\Common Files\Symantec Shared
    2010-01-05 18:40:04 ----D---- C:\Program Files\EoRezo
    2010-01-05 18:40:03 ----D---- C:\Users\Les cousins\AppData\Roaming\EoRezo
    2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
    2010-01-04 21:26:25 ----D---- C:\Users\Les cousins\AppData\Roaming\vlc
    2010-01-04 11:02:19 ----D---- C:\Program Files\Dofus 2
    2010-01-04 10:57:47 ----D---- C:\Program Files\Dofus
    2010-01-02 09:21:40 ----D---- C:\Program Files\Common Files\Steam
    2009-12-26 00:03:44 ----D---- C:\Windows\inf
    2009-12-26 00:03:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-12-25 10:55:39 ----D---- C:\Windows\system32\config
    2009-12-25 10:55:21 ----D---- C:\Windows\system32\spool
    2009-12-25 10:55:21 ----D---- C:\Windows\system32\Msdtc
    2009-12-25 10:55:21 ----D---- C:\Windows\system32\CodeIntegrity
    2009-12-25 10:55:16 ----D---- C:\Windows\system32\wbem
    2009-12-25 10:55:16 ----D---- C:\Windows\registration
    2009-12-25 10:51:56 ----D---- C:\Windows\system32\LogFiles

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-11-01 3170304]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    R3 PTWDrv;PTW - Process monitoring driver; \??\C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 4096]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-07-27 188336]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
    R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
    R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
    S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
    S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
    S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
    S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
    S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
    S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
    S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
    S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160]
    S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
    S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
    S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
    S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
    S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-11-01 626688]
    R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-19 1028432]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
    R2 PTWsvc;PCTimeWatch; C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2009-02-16 937984]
    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
    R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
    S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 194032]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
    S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
    S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
    S3 Service CANALPLAY;Service CANALPLAY; C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2009-11-02 444288]
    S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-01-01 321320]

    -----------------EOF-----------------
    m
    0
    l
    14 Janvier 2010 23:07:02

    Merci en tout cas pour votre aide :) 
    m
    0
    l
    a c 267 8 Sécurité
    14 Janvier 2010 23:36:25

  • Désactive l'UAC le temps de la désinfection.

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option L.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS