Se connecter / S'enregistrer
Votre question

Virus et réinitialisation

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Juillet 2009 23:33:31

Bonjours. J'ai depuis avoir essayé d'installer Photoshop CS4 un Virus apparemment concéquent. Lorsque je démarre normalement mon ordi au bout de quelques minutes une page bleu avec des tat de chose écrite s'affiche pour quelques seconde puis redémarre mon PC, je n'ai évidament pas le temps de lire le message qui s'affiche. J'ai fait un scan Avast pour localiser les virus, puis passé un coup de Cclener mais rien a faire le problème persiste. J'ai essayé de suprimer Photoshop (le logiciel qui ma fait buger) mais rien a faire impossible de le désinstaller. Donc comme ici je voie qu'il y a des pros d'informatique et que je n'y connai strictement rien, quelqu'un pourai t-il me donner des conseils pour une réinitialisation complète histoire de me débarasser de tout ces virus ?Quelque chose que je pourrai faire de chez moi sans aide d'un profetionel. Etant mineur et tenu sous autorité parental cela m'arangerai que le problème épargne le porte monnai =). Merci d'avance.

Autres pages sur : virus reinitialisation

a c 295 8 Sécurité
21 Juillet 2009 23:43:23

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    22 Juillet 2009 10:13:53

    Merci d'avoir répondu si rapidement. J'ai fait ce que tu ma dit et voilà le résultat pour log.txt :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Rebecca at 2009-07-22 10:03:57
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 390 GB (83%) free of 469 GB
    Total RAM: 2047 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:04:01, on 22/07/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Users\Rebecca\Downloads\RSIT.exe
    C:\Program Files\trend micro\Rebecca.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
    O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Rebecca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: ArcSoft Connect Daemon ACDaemonAeLookupSvc (ACDaemonAeLookupSvc) - Unknown owner - C:\Windows\TEMP\hyorjqcavu.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10273 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Extension de garantie.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-103813548-3676433594-586706414-1002Core.job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-103813548-3676433594-586706414-1002UA.job
    C:\Windows\tasks\Recovery DVD Creator.job
    C:\Windows\tasks\User_Feed_Synchronization-{4DD449E3-55A4-4E29-A20A-10FFEDA3CC98}.job
    C:\Windows\tasks\User_Feed_Synchronization-{59E258E4-A18C-420A-BDFE-BC930E273F2B}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-11 308856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-12 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-30 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-12 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-08 352256]
    {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-02-06 429816]
    {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-12-09 333192]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-12 259696]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-02-05 1006264]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-10 4468736]
    "Skytel"=C:\Windows\Skytel.exe [2007-05-07 1826816]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
    ""= []
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-01-11 232184]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-22 29744]
    "toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-11 185896]
    "lxdimon.exe"=C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [2007-07-16 434864]
    "lxdiamon"=C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [2007-07-16 25264]
    "FaxCenterServer"=C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [2007-07-16 311984]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
    "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-05-11 1232896]
    "SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2007-07-19 1120568]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
    "Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-05-08 3640368]
    ""= []
    "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-17 39408]
    "VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-02-06 3572984]
    "Google Update"=C:\Users\Rebecca\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-22 133104]

    C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1862f375-1de6-11dd-9951-001d7d28070f}]
    shell\AutoRun\command - J:\LaunchU3.exe -a


    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-07-21 23:43:09 ----D---- C:\Program Files\trend micro
    2009-07-21 23:43:08 ----D---- C:\rsit
    2009-07-20 19:17:27 ----A---- C:\Windows\ntbtlog.txt
    2009-07-18 14:53:42 ----SHD---- C:\Windows\system32\lowsec
    2009-07-18 11:03:06 ----D---- C:\Windows\Sun
    2009-07-17 12:23:47 ----D---- C:\Users\Rebecca\AppData\Roaming\Adobe
    2009-07-16 23:47:38 ----D---- C:\ProgramData\FLEXnet
    2009-07-16 23:22:01 ----D---- C:\Program Files\Common Files\Adobe AIR
    2009-07-16 23:15:57 ----D---- C:\Program Files\Common Files\Macrovision Shared
    2009-07-15 10:31:45 ----A---- C:\Windows\system32\t2embed.dll
    2009-07-15 10:31:45 ----A---- C:\Windows\system32\lpk.dll
    2009-07-15 10:31:45 ----A---- C:\Windows\system32\fontsub.dll
    2009-07-15 10:31:45 ----A---- C:\Windows\system32\dciman32.dll
    2009-07-15 10:31:45 ----A---- C:\Windows\system32\atmlib.dll
    2009-07-15 10:31:45 ----A---- C:\Windows\system32\atmfd.dll

    ======List of files/folders modified in the last 1 months======

    2009-07-22 10:00:21 ----D---- C:\Windows\Minidump
    2009-07-22 10:00:12 ----D---- C:\Windows
    2009-07-22 09:58:29 ----D---- C:\Windows\Temp
    2009-07-21 23:43:09 ----RD---- C:\Program Files
    2009-07-21 23:06:41 ----D---- C:\Windows\inf
    2009-07-21 23:06:41 ----AD---- C:\Windows\System32
    2009-07-21 23:06:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-07-20 23:31:14 ----D---- C:\Windows\Prefetch
    2009-07-20 19:40:16 ----D---- C:\Windows\rescache
    2009-07-20 19:01:04 ----D---- C:\Users\Rebecca\AppData\Roaming\Azureus
    2009-07-17 16:08:06 ----D---- C:\Windows\winsxs
    2009-07-17 16:08:06 ----D---- C:\Windows\system32\fr-FR
    2009-07-17 14:44:32 ----D---- C:\Program Files\CCleaner
    2009-07-17 12:26:40 ----D---- C:\Program Files\Adobe
    2009-07-17 10:39:37 ----D---- C:\Windows\system32\catroot2
    2009-07-17 00:10:36 ----D---- C:\Windows\system32\drivers
    2009-07-16 23:47:38 ----HD---- C:\ProgramData
    2009-07-16 23:47:01 ----SHD---- C:\Windows\Installer
    2009-07-16 23:37:33 ----SHD---- C:\System Volume Information
    2009-07-16 23:29:26 ----D---- C:\ProgramData\Adobe
    2009-07-16 23:27:49 ----D---- C:\Program Files\Common Files\Adobe
    2009-07-16 23:24:41 ----RSD---- C:\Windows\Fonts
    2009-07-16 23:22:01 ----D---- C:\Program Files\Common Files
    2009-07-16 10:11:18 ----D---- C:\Windows\system32\catroot
    2009-07-16 10:11:13 ----D---- C:\Program Files\Windows Mail
    2009-07-16 10:10:59 ----D---- C:\ProgramData\Microsoft Help
    2009-07-14 23:27:20 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-14 18:34:58 ----D---- C:\Users\Rebecca\AppData\Roaming\LimeWire
    2009-07-10 12:39:18 ----D---- C:\ProgramData\Lx_cats
    2009-07-06 00:44:37 ----D---- C:\Users\Rebecca\AppData\Roaming\dvdcss
    2009-06-30 11:06:46 ----D---- C:\Windows\Tasks
    2009-06-30 11:06:42 ----D---- C:\Windows\system32\Tasks
    2009-06-27 12:12:39 ----D---- C:\Program Files\Vuze
    2009-06-23 11:14:43 ----D---- C:\Windows\system32\Macromed

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\Windows\system32\DRIVERS\WlanUIG.sys [2005-06-17 379456]
    S1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
    S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
    S2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    S2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-06 7568832]
    S3 PD0620VID;Creative WebCam Instant; C:\Windows\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
    S2 ACDaemonAeLookupSvc;ArcSoft Connect Daemon ACDaemonAeLookupSvc; C:\Windows\TEMP\hyorjqcavu.exe [2009-07-21 25088]
    S2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]
    S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
    S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 iprip;@%Systemroot%\system32\iprip.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S2 lxdi_device;lxdi_device; C:\Windows\system32\lxdicoms.exe [2007-06-11 517040]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
    S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
    S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-16 655624]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-22 29744]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-22 29744]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------

    Et pour info.txt : info.txt logfile of random's system information tool 1.06 2009-07-21 23:43:34

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
    -->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    -->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    -->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    -->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    -->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
    Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
    Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
    Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
    Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
    Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
    Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
    Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
    Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
    Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
    Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
    Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
    Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
    Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
    Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
    Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
    Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
    Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
    Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
    Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
    Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
    Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
    Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
    Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
    Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
    Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
    Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
    Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
    Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
    Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
    Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
    Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
    Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
    AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
    AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
    ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1AlbumPage
    ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1Funhouse
    ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1GreetingCard
    ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1PhotoBook
    ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1Calendar
    ArcSoft Print Creations - Photo Prints-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1PhotoPrint
    ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1ScrapBook
    ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c -1Slimline
    ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BB40290-1F6A-4CC2-A29B-5BAA33C6B151}\Setup.exe" -l0x40c
    Artful GIF Animator 1.2-->"C:\Program Files\Artful GIF Animator\unins000.exe"
    Ask.com Search Assistant 1.0.1-->C:\Program Files\Ask Search Assistant\uninst.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
    Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
    Creative WebCam Instant Driver (1.01.02.0729)-->C:\Windows\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
    Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
    Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
    Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
    GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
    Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
    Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
    GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
    HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
    Lexmark 3500-4500 Series-->C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
    LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
    Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
    Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
    Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
    Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Mozilla Firefox (2.0.0.20)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    MSN Connection Center-->C:\Program Files\MSN\MSNIA\CC\MSNCC\ccrestore.exe /Uninstall
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
    Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
    Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
    Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
    PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
    PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe
    Popsicle-->"C:\Users\Public\Documents\Popsicle\unins000.exe"
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek HD Audio V6.0.1.5413-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
    SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
    Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
    Solutions de télécopie Lexmark-->C:\Program Files\\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
    Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
    Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    Video NVIDIA v162.22-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
    VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
    Vuze-->C:\Program Files\Vuze\uninstall.exe
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
    Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

    ======Hosts File======

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090720-0]
    AS: Windows Defender (disabled)
    AS: avast! antivirus 4.8.1335 [VPS 090720-0]

    ======System event log======

    Computer Name: PC-de-Rebecca
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service usnjsvc avec les arguments "" pour démarrer le serveur :
    {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
    Record Number: 163379
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090721073217.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Rebecca
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service ShellHWDetection avec les arguments "" pour démarrer le serveur :
    {DD522ACC-F821-461A-A407-50B198B896DC}
    Record Number: 163380
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090721073235.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Rebecca
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0060B3B08176. Il s'est produit l'erreur suivante :
    Le délai de temporisation de sémaphore a expiré.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
    Record Number: 163383
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090721185625.000000-000
    Event Type: Avertissement
    User:

    Computer Name: PC-de-Rebecca
    Event Code: 1000
    Message: Votre ordinateur a perdu le bail de son adresse IP 192.168.1.10 sur la carte réseau d'adresse réseau 0060B3B08176.
    Record Number: 163384
    Source Name: Microsoft-Windows-Dhcp-Client
    Time Written: 20090721185625.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Rebecca
    Event Code: 10005
    Message: DCOM a reçu l'erreur "1084" lors de la mise en route du service WSearch avec les arguments "" pour démarrer le serveur :
    {9E175B6D-F52A-11D8-B9A5-505054503030}
    Record Number: 163386
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090721214331.000000-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-Rebecca
    Event Code: 11
    Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...; avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon la vérification par rapport à l'horloge système en cours ou le tampon daté dans le fichier signé.
    .
    Record Number: 37688
    Source Name: Microsoft-Windows-CAPI2
    Time Written: 20061231221047.000000-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-Rebecca
    Event Code: 11
    Message: Échec de l'extraction de la liste racine tierce partie depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update...; avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon la vérification par rapport à l'horloge système en cours ou le tampon daté dans le fichier signé.
    .
    Record Number: 37689
    Source Name: Microsoft-Windows-CAPI2
    Time Written: 20061231221047.000000
    Contenus similaires
    a c 295 8 Sécurité
    22 Juillet 2009 15:37:18

  • Désactive l'UAC le temps de la désinfection.

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option S.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-SCAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    22 Juillet 2009 18:08:33

    Voilà le rapport :


    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:33:02, 22/07/2009 | Mode Normal | Option: SCAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
    Nom du PC: PC-DE-REBECCA | Utilisateur actuel: Rebecca
    .
    Administrateur: Administrateur *Desactive*
    N'est pas administrateur: ASPNET
    N'est pas administrateur: Catherine
    N'est pas administrateur: Invité
    Administrateur: Rebecca
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    Service: "ASKService"
    Service: "ASKUpgrade"
    .
    HKCR\AppID\{F7759ABC-B7D8-437C-ADC4-B35F2E1692CC}
    HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCR\popsicle.comadvpro
    HKCR\popsicle.comadvpro.1
    HKCU\Software\LowRegistry\Popsicle
    HKCU\Software\MediaHoldings
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}
    HKCU\Software\PlayMP3
    HKCU\Software\Popsicle
    HKLM\Software\Classes\AppID\{F7759ABC-B7D8-437C-ADC4-B35F2E1692CC}
    HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Classes\popsicle.comadvpro
    HKLM\Software\Classes\popsicle.comadvpro.1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA678786-D2EE-4439-9A6F-40F82562FFB4}_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    .
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Program Files\AskBarDis
    C:\Program Files\Ask Search Assistant
    C:\Program Files\playmp3z
    C:\Users\Rebecca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
    C:\Users\Public\DOCUME~1\Popsicle
    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 2.0.0.20 *

    Nom du profil: ak1qfsiv.default (Rebecca)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.plusnetwork.com");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.20");
    .
    .

    * Internet Explorer Version 8.0.6001.18372 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Search bar: hxxp://www.google.com/ie
    Search Page: hxxp://www.google.com
    Start Page: hxxp://www.plusnetwork.com

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    .
    ============== Processus Caches/Bloque ==============
    .
    PID: 1132 [LOCKED] audiodg.exe
    .

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Users\Rebecca\Documents\LimeWire\Saved\les sims 3 + crack.zip
    .
    ===================================
    .
    4003 Octet(s) - C:\Ad-Report-SCAN.log
    .
    2830 Fichier(s) - C:\Users\Rebecca\AppData\Local\Temp
    22 Fichier(s) - C:\Windows\Temp
    .
    0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 18:02:16 | 22/07/2009
    .
    ============== E.O.F ==============
    .
    a c 295 8 Sécurité
    22 Juillet 2009 18:11:46

    Tu peux faire l'option L et poster le rapport.
    23 Juillet 2009 16:53:16

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 13:55:12, 23/07/2009 | Mode sans echec | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
    Nom du PC: PC-DE-REBECCA | Utilisateur actuel: Rebecca
    .
    Administrateur: Administrateur *Desactive*
    N'est pas administrateur: ASPNET
    N'est pas administrateur: Catherine
    N'est pas administrateur: Invité
    Administrateur: Rebecca
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: "ASKService"
    Service: "ASKUpgrade"
    .
    HKCR\AppID\{F7759ABC-B7D8-437C-ADC4-B35F2E1692CC}
    HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCR\popsicle.comadvpro
    HKCR\popsicle.comadvpro.1
    HKCU\Software\LowRegistry\Popsicle
    HKCU\Software\MediaHoldings
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C}
    HKCU\Software\PlayMP3
    HKCU\Software\Popsicle
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA678786-D2EE-4439-9A6F-40F82562FFB4}_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    .
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z\Run PlayMP3z.lnk
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.de-DE
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.es-ES
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.fr-FR
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.it-IT
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\contents.rdf
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
    C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\unins000.dat
    C:\Program Files\AskBarDis\unins000.exe
    C:\Program Files\AskBarDis\bar\bin
    C:\Program Files\AskBarDis\bar\Settings
    C:\Program Files\AskBarDis\bar\bin\askBar.dll
    C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
    C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\AskBarDis\bar\bin\psvince.dll
    C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
    C:\Program Files\AskBarDis\bar\Settings\config.dat
    C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
    C:\Program Files\AskBarDis
    C:\Program Files\Ask Search Assistant\ask.ico
    C:\Program Files\Ask Search Assistant\AskSearchAsst.ini
    C:\Program Files\Ask Search Assistant\Install.asa.log
    C:\Program Files\Ask Search Assistant\uninst.exe
    C:\Program Files\Ask Search Assistant
    C:\Program Files\playmp3z\uninstall.exe
    C:\Program Files\playmp3z
    C:\Users\Rebecca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
    C:\Users\Public\DOCUME~1\Popsicle\ADVa.exe
    C:\Users\Public\DOCUME~1\Popsicle\ADVPro_reg.exe
    C:\Users\Public\DOCUME~1\Popsicle\unins000.dat
    C:\Users\Public\DOCUME~1\Popsicle\unins000.exe
    C:\Users\Public\DOCUME~1\Popsicle

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 2.0.0.20 *

    Nom du profil: ak1qfsiv.default (Rebecca)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.plusnetwork.com");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.20");
    .
    .

    * Internet Explorer Version 8.0.6001.18372 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.google.com
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Users\Rebecca\Documents\LimeWire\Saved\les sims 3 + crack.zip
    .
    ===================================
    .
    8292 Octet(s) - C:\Ad-Report-CLEAN.log
    4321 Octet(s) - C:\Ad-Report-SCAN.log
    .
    56 Fichier(s) - C:\Users\Rebecca\AppData\Local\Temp
    13 Fichier(s) - C:\Windows\Temp
    .
    20 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    24 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 15:28:43 | 23/07/2009
    .
    ============== E.O.F ==============
    .
    a c 295 8 Sécurité
    23 Juillet 2009 17:24:24

  • Désinstalle Java 6 Update 6.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    23 Juillet 2009 18:26:01

    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2488
    Windows 6.0.6000

    23/07/2009 18:12:50
    mbam-log-2009-07-23 (18-12-50).txt

    Type de recherche: Examen rapide
    Eléments examinés: 89505
    Temps écoulé: 4 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    \\?\globalroot\systemroot\System32\geyekrdadjbcim.dll (Trojan.TDSS) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    \\?\globalroot\systemroot\System32\geyekrdadjbcim.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp105777299.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp106582670.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp106646479.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp112902274.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp140031806.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp141381170.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp148044277.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp191955113.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp42539831.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\Temp\_avast4_\unp78831781.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
    c:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
    a c 295 8 Sécurité
    23 Juillet 2009 19:04:37

  • Relance MBAM, va dans Quarantaine et supprime tout.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    23 Juillet 2009 20:46:42

    ComboFix 09-07-23.01 - Rebecca 23/07/2009 19:50.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.1105 [GMT 2:00]
    Running from: c:\users\Rebecca\Downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: avast! antivirus 4.8.1335 [VPS 090722-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    Overlay aborted ... Please run ComboFix once more
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Installer\21b10fb.msp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_iprip


    ((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
    .

    2009-07-23 18:04 . 2009-07-23 18:04 -------- d-----w- c:\users\Catherine\AppData\Local\temp
    2009-07-23 16:06 . 2009-07-23 16:06 -------- d-----w- c:\users\Rebecca\AppData\Roaming\Malwarebytes
    2009-07-23 16:06 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-23 16:06 . 2009-07-23 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-23 16:06 . 2009-07-23 16:06 -------- d-----w- c:\progra~2\Malwarebytes
    2009-07-23 16:06 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-23 15:57 . 2009-07-23 16:14 -------- d-----w- c:\progra~2\NOS
    2009-07-23 15:57 . 2009-07-23 16:14 -------- d-----w- c:\program files\NOS
    2009-07-23 15:57 . 2009-07-23 15:57 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-23 15:57 . 2009-07-23 15:57 -------- d-----w- c:\program files\Java
    2009-07-22 15:32 . 2009-07-23 13:28 -------- d-----w- c:\program files\Ad-remover
    2009-07-21 21:43 . 2009-07-22 08:03 -------- d-----w- c:\program files\trend micro
    2009-07-21 21:43 . 2009-07-21 21:43 -------- d-----w- C:\rsit
    2009-07-18 09:03 . 2009-07-18 09:03 -------- d-----w- c:\windows\Sun
    2009-07-17 10:25 . 2009-07-23 16:04 -------- d-----w- c:\users\Rebecca\AppData\Local\Adobe
    2009-07-16 21:47 . 2009-07-16 21:47 -------- d-----w- c:\progra~2\FLEXnet
    2009-07-16 21:22 . 2009-07-16 21:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-07-16 21:15 . 2009-07-16 21:15 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2009-07-15 08:31 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 08:31 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 08:31 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 08:31 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 08:31 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2009-07-15 08:31 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-23 18:10 . 2007-02-05 07:09 9754 ----a-w- c:\windows\system32\perfc00C.dat
    2009-07-23 18:10 . 2007-02-05 07:09 29686 ----a-w- c:\windows\system32\perfh00C.dat
    2009-07-23 17:45 . 2008-05-20 19:30 -------- d-----w- c:\users\Rebecca\AppData\Roaming\Azureus
    2009-07-23 16:57 . 2008-05-18 14:06 -------- d-----w- c:\users\Rebecca\AppData\Roaming\dvdcss
    2009-07-23 16:03 . 2007-02-04 23:15 -------- d-----w- c:\program files\Common Files\Adobe
    2009-07-23 14:49 . 2008-05-27 17:48 1356 ----a-w- c:\users\Rebecca\AppData\Local\d3d9caps.dat
    2009-07-17 12:44 . 2009-05-24 14:55 -------- d-----w- c:\program files\CCleaner
    2009-07-16 22:10 . 2008-05-09 16:52 132024 ----a-w- c:\users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-16 08:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-16 08:10 . 2007-02-04 23:26 -------- d-----w- c:\progra~2\Microsoft Help
    2009-07-14 21:27 . 2007-02-04 23:07 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-14 16:34 . 2008-06-18 12:15 -------- d-----w- c:\users\Rebecca\AppData\Roaming\LimeWire
    2009-07-10 10:39 . 2008-05-13 16:34 -------- d-----w- c:\progra~2\Lx_cats
    2009-06-27 10:14 . 2008-05-21 11:20 177 ----a-w- c:\users\Rebecca\AppData\Roaming\Azureus\restart.bat
    2009-06-27 10:12 . 2009-03-06 17:29 -------- d-----w- c:\program files\Vuze
    2009-06-13 05:29 . 2007-02-04 23:14 -------- d-----w- c:\program files\Microsoft Works
    2009-06-08 10:44 . 2008-08-12 09:07 1290 ----a-w- c:\users\Rebecca\AppData\Roaming\wklnhst.dat
    2009-05-25 10:46 . 2008-05-10 16:42 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-05-19 18:24 . 2009-05-19 18:24 21193018 ----a-w- c:\progra~2\SPLDDB5.tmp
    2009-04-30 12:44 . 2009-06-14 08:34 1244672 ----a-w- c:\windows\system32\mcmde.dll
    2009-04-30 12:06 . 2009-06-14 08:34 292352 ----a-w- c:\windows\system32\psisdecd.dll
    2009-04-30 12:00 . 2009-06-14 08:34 428032 ----a-w- c:\windows\system32\EncDec.dll
    2008-09-22 13:54 . 2008-09-22 13:54 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2009-02-16 15:04 . 2007-02-04 23:13 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2009-02-16 15:04 . 2007-02-04 23:13 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2009-02-16 15:04 . 2007-02-04 23:13 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2009-02-16 15:04 . 2007-02-04 23:13 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2009-02-16 15:04 . 2007-02-04 23:13 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    2007-02-05 07:05 . 2007-02-05 07:52 65536 --sha-w- c:\windows\oem\mp\boot\bootstat.dat
    2007-02-05 07:25 . 2007-02-05 07:23 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-11 1232896]
    "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-08 3640368]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-06 3572984]
    "Google Update"="c:\users\Rebecca\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-22 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-02-05 1006264]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 29744]
    "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896]
    "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
    "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
    "FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
    "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    c:\users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{79CFF6C7-E411-432B-88AD-1383F93E82D4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B37822F0-189D-4CE3-9B72-A03954E145AE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{A0EA457A-C9EF-45C1-B776-8C688A1AE10B}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{90DC3733-8D8F-427F-AC18-AD54A07FA845}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{CAD2FB64-3E5E-4D80-A1F2-CC4B1892AD98}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{4D3E78F5-FA99-4D72-8C1A-EE207F1978BC}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:D evice Monitor
    "{FB4D3A7C-8780-4270-B210-1F01957A8F40}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:D evice Monitor
    "{C3C88257-20DC-4B42-8A8A-4D06F098ACF4}"= UDP:c:\users\Rebecca\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
    "{C4ACB986-5F9B-4ED7-9D11-EB8636269C9F}"= TCP:c:\users\Rebecca\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
    "{DC7F0CEC-0481-4A2B-8E9F-C2C06380C0F4}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{FAC4FB89-423C-4A48-8B18-5D4250002F85}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
    "{93DD6BE7-5BA4-4920-B011-9179F33217FA}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "{77D97B8F-9B5C-4214-A37E-F3E5303218B8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
    "{CC0B7662-DABA-4A1A-8EE0-49A6931E18EA}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
    "{B5279F7B-2716-4CEE-ABF6-7EE18597663B}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
    "{294AC609-1C9B-469E-AB32-6471818DC8B6}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:p rinter Status Window
    "{E4E3C44B-2BFC-43D8-83A1-ACA77E4424B4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:p rinter Status Window
    "{9F105D42-B976-4FD6-9815-75546C73F703}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{0A9DAE1F-A064-4C1F-BFF0-BC51AE53A2D7}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
    "{25CF49D3-FC92-4F70-8D24-436FAEF9255F}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{C46C8957-4802-4607-A3DB-C4CED84067A1}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
    "{D51EFCF1-E91C-410E-8A9C-5DB7E50B3C03}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{9DDD08DA-A02B-465B-BD18-ADF0337DCB2A}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
    "{7A3C7BA3-372F-4724-919F-8C9F6F23EEE1}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "{4B339BDA-4744-40B2-99F5-AF23167B7EC0}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
    "TCP Query User{85A8DB5E-ED31-496D-95FC-E9BCE3EE2E13}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{00C00AFC-2047-4B05-9E92-4481EF3C1286}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{826D0CE8-066B-4CA6-B631-FE36A283CBC7}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{634DF071-E897-4B6A-BA57-73FD57D48FA0}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{15A8412B-5DBF-41A3-94C0-01FFC7985374}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{E3F8DA0D-00FF-4007-A9AB-4F7C17EE3471}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{F6CE31D3-8F4D-409D-B58B-56B30627F3EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{5C9D29A8-B97A-407F-91BE-8567DE09B644}"= UDP:c:\program files\MSN\MSNIA\CC\MSNCC\msncc.exe:MSN Connection Center
    "{91F3D709-4D13-4A11-9F2B-A426A0D4EF00}"= TCP:c:\program files\MSN\MSNIA\CC\MSNCC\msncc.exe:MSN Connection Center
    "{292F91C1-B6B7-458E-B9A6-3451F4D0EE4F}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "{4B855236-C972-4E16-B208-951CEC53F218}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "TCP Query User{71704211-49AE-45E2-863F-EFC37E5883F6}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{0959711E-3A0D-4D94-A8D3-20224B44B8AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "{CE45C749-93E1-4DFD-AB02-1629EE747629}"= UDP:5353:Adobe CSI CS4
    "{C97B6EF6-F814-4920-BCA3-E56A55098276}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
    "{0E258515-50A6-457F-914C-9630DF9F93C3}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
    "Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24/05/2009 16:47 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24/05/2009 16:47 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/05/2009 16:47 51792]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [11/06/2007 16:14 99248]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\System32\drivers\WlanUIG.sys [10/05/2008 18:01 379456]
    S2 ACDaemonAeLookupSvc;ArcSoft Connect Daemon ACDaemonAeLookupSvc;c:\windows\TEMP\hyorjqcavu.exe service --> c:\windows\TEMP\hyorjqcavu.exe service [?]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [05/02/2007 01:20 29744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    ipripsvc REG_MULTI_SZ iprip

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    FF - ProfilePath - c:\users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\ak1qfsiv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
    FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firef...{moz:client}&appver={moz:version}&");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-23 20:13
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\System32\lxdicoms.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\windows\System32\conime.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-23 20:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-23 18:21

    Pre-Run: 404 947 984 384 octets libres
    Post-Run: 415 538 774 016 octets libres

    246 --- E O F --- 2009-07-23 15:58
    a c 295 8 Sécurité
    24 Juillet 2009 20:49:40

    Je te donne des nouvelles bientôt ;) 
    a c 295 8 Sécurité
    25 Juillet 2009 15:53:51

  • Retélécharge ComboFix, relance-le et poste le rapport.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS