Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Logiciels-Pilotes

Je ne peux plus désinstaller avg free 8

Dernière réponse le 26 mar 2009 à 22:08:19 sonya88, le 23 mar 2009 à 16:54:23

Signaler ce message aux modérateurs

Bonjour,
En janvier 2009, j'ai installé la version gratuite de avg : avg free 8 SUR VISTA
Au départ tout fonctionnait comme il faut sauf que depuis quelques jours, il ne fonctionne plus, lorsque j'allume le pc, un message me dit que la version n'est pas vérifiée ou quelque chose du genre (c'est en anglais), ensuite on m'invite à faire la mise à jour sauf qu'on me demande un numéro de licence que je n'ai pas...En plus, impossible de le désinstaller même avec regcleaner ou avgremover ou en mode sans échec, cela me dit qu'il y a une erreur! Le comble, c'est que je ne peux plus rien télécharger, ni logiciel ni pièces jointes de mails. Cela fait mine de télécharger que je mette enregistrer ou executer et ensuite une fois que cela à télécharger, je n'ai rien...
Je ne sais plus quoi faire...
Si quelqu'un pouvait m'aider, merci beaucoup!
Sonia

Configuration: Windows Vista
Internet Explorer 7.0

Meilleures réponses pour « je ne peux plus désinstaller avg free 8 » dans :

PB avec AVG FREE 8.5 (Résolu) Voir

Imposssible de désinstaller AVG Free Edition Voir

Mise ajour de AVG free edition 8.5 Voir

Présentation et Configuration de l'antivirus AVG free. VoirVoici un tutoriel pour configurer l'antivirus AVG free dans le but qu'il soit le plus efficace possible, nous ferons aussi un petit commentaire pour chaque composant de l'antivirus : Pour info, l'antivirus AVG free est téléchargeable...

Update failed avg free VoirLorsque vous souhaitez mettre à jour votre antivirus AVG Free, celui-ci affiche le message suivant : update failed , the connection with update server has failed La traduction de ce message est la suivante : la mise a jour a échoué, votre...

Désinstaller IE 8 VoirDésinstallation d'IE 8 Vous avez installé IE8 pour le tester et vous souhaitez désormais revenir à une version précédente ? Voici la procédure à suivre pour les OS suivants : Windows Vista Windows XP Windows Vista Ouvrir le...

Impossible de desinstaller AVG Free Voir

Bug avec avg free 8.0 (Résolu) Voir

Installation AVG free 8 (Résolu) Voir

Télécharger AVG Free Voir

Posez votre question Répondre

Destrio5, le 23 mar 2009 à 16:59:47

Salut,

On va regarder ça plus "précisément".

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

sonya88, le 23 mar 2009 à 17:14:39

Merci pour ta réponse, le soucis est que je ne peux pas télécharger random's system inforamtion tool non plus... Rien ne fonctionne... J'essayerai ce soir que quelqu'un le télécharge et me le remette sur mon pc...

Répondre à sonya88

tribun, le 23 mar 2009 à 17:19:01

Bonjour
avg free edition 8.0 est un logiciel gratuit qui n'as pas besoin de licence !
tu est sure que c'est bien celui là que tu as installé ? Qui aime l'instruction ! trouve la connaissance qui vient de la réflexion !

Répondre à tribun

sonya88, le 23 mar 2009 à 17:26:52

Oui c'est bien celui-ci, c'est pour cela, c'est à n'y rien comprendre....

Répondre à sonya88

Destrio5, le 23 mar 2009 à 17:29:07

La version 8.5 est sortie.

Répondre à Destrio5

tribun, le 23 mar 2009 à 17:36:09

Est ce que tu sais allez dans exécuter
si oui ! tape regedit et puis ok
et dans Edition et Rechercher , tape AVG , ou AVG free !
tu sera dirigé sur la clé ! essaie la suppression ! Qui aime l'instruction ! trouve la connaissance qui vient de la réflexion !

Répondre à tribun

Destrio5, le 23 mar 2009 à 17:36:57

Ou essayer avec Revo Uninstaller.

Répondre à Destrio5

Destrio5, le 23 mar 2009 à 17:19:07

Oui, c'est le mieux à faire.

Répondre à Destrio5

sonya88, le 23 mar 2009 à 20:22:24

Voila!
Logfile of random's system information tool 1.06 (written by random/random)
Run by sonia at 2009-03-23 20:18:35
WIN_VISTA Service Pack 1
System drive C: has 77 GB (34%) free of 228 GB
Total RAM: 3070 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:56, on 23/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\ACD Systems\FR\DevDetect.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\eMule\emule.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lphant\eLePhantClient.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
F:\logiciel\RSIT.exe
C:\Program Files\trend micro\sonia.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PanelApp] C:\Users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-1775725231-339353010-3357015990-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-1775725231-339353010-3357015990-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1775725231-339353010-3357015990-1000\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - HKUS\S-1-5-21-1775725231-339353010-3357015990-1000\..\Run: [PanelApp] C:\Users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe (User '?')
O4 - HKUS\S-1-5-21-1775725231-339353010-3357015990-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1775725231-339353010-3357015990-1000\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (User '?')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
End of file - 10981 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie-sonia.job
C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complète du système - sonia.job
C:\Windows\tasks\Recovery DVD Creator-sonia.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b284373-1765-4464-a587-80fbc2b2eefa}]
LphantBar Toolbar - C:\Program Files\LphantBar\tbLpha.dll [2008-03-13 1524248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-25 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
P2P Torrent Toolbar - C:\Program Files\P2P_Torrent\tbP2P1.dll [2009-02-16 1882136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-25 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{bc4be15d-6a34-4356-9e97-79e43da32b1d} - P2P Torrent Toolbar - C:\Program Files\P2P_Torrent\tbP2P1.dll [2009-02-16 1882136]
{6b284373-1765-4464-a587-80fbc2b2eefa} - LphantBar Toolbar - C:\Program Files\LphantBar\tbLpha.dll [2008-03-13 1524248]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-25 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-19 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-19 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-19 81920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-02-09 845360]
"CardReaderMonitor"=C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe [2007-07-25 643072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-18 29744]
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-15 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2008-02-04 1038136]
"Device Detector"=DevDetect.exe -autorun []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-01-14 1688872]
"PanelApp"=C:\Users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe [2007-01-24 31232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-25 39408]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\system32\EZUPBH~1.DLL [2008-11-29 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-23 20:18:35 ----D---- C:\rsit
2009-03-23 20:18:35 ----D---- C:\Program Files\trend micro
2009-03-23 13:49:03 ----D---- C:\Program Files\VS Revo Group
2009-03-23 13:04:51 ----D---- C:\Program Files\Panda Security
2009-03-20 07:35:33 ----D---- C:\Windows\Minidump
2009-03-12 07:40:20 ----A---- C:\Windows\system32\wmp.dll
2009-03-12 07:40:19 ----A---- C:\Windows\system32\spwmp.dll
2009-03-12 07:40:19 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-12 07:40:18 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-12 07:39:58 ----A---- C:\Windows\system32\schannel.dll
2009-02-24 21:44:48 ----D---- C:\Program Files\AVS4YOU

======List of files/folders modified in the last 1 months======

2009-03-23 20:18:40 ----D---- C:\Windows\Temp
2009-03-23 20:18:35 ----RD---- C:\Program Files
2009-03-23 20:06:58 ----SHD---- C:\System Volume Information
2009-03-23 15:38:51 ----D---- C:\Windows\system32\catroot2
2009-03-23 15:35:40 ----D---- C:\Windows\winsxs
2009-03-23 15:35:40 ----D---- C:\Windows\system32\Msdtc
2009-03-23 15:35:38 ----D---- C:\Windows\system32\wbem
2009-03-23 15:34:52 ----D---- C:\Windows\system32\config
2009-03-23 15:33:10 ----SD---- C:\Windows\Downloaded Program Files
2009-03-23 15:33:10 ----D---- C:\Windows\Tasks
2009-03-23 15:33:10 ----D---- C:\Windows\system32\spool
2009-03-23 15:33:10 ----D---- C:\Windows\rescache
2009-03-23 15:33:10 ----D---- C:\Windows\inf
2009-03-23 15:32:39 ----D---- C:\Windows\registration
2009-03-23 15:32:26 ----D---- C:\Windows\system32\XPSViewer
2009-03-23 14:10:21 ----HD---- C:\$AVG8.VAULT$
2009-03-23 00:25:17 ----D---- C:\Windows\Microsoft.NET
2009-03-23 00:25:12 ----RSD---- C:\Windows\assembly
2009-03-22 23:14:42 ----SHD---- C:\Windows\Installer
2009-03-22 23:14:38 ----D---- C:\Program Files\Java
2009-03-22 22:38:12 ----D---- C:\Windows\system32\catroot
2009-03-22 20:23:20 ----D---- C:\Windows\prefetch
2009-03-16 16:55:34 ----D---- C:\Windows\system32\WDI
2009-03-13 18:45:21 ----D---- C:\Program Files\Windows Media Player
2009-03-13 18:45:20 ----D---- C:\Program Files\Windows Mail
2009-03-12 07:33:00 ----D---- C:\Windows\system32\CodeIntegrity
2009-03-01 16:30:47 ----SD---- C:\Users\sonia\AppData\Roaming\Microsoft
2009-03-01 16:30:47 ----D---- C:\Windows
2009-03-01 16:30:47 ----AD---- C:\Windows\system32\drivers
2009-03-01 16:30:47 ----AD---- C:\Windows\System32
2009-03-01 16:30:45 ----HD---- C:\ProgramData
2009-03-01 16:30:45 ----D---- C:\ProgramData\avg8
2009-02-25 12:55:00 ----A---- C:\Windows\system32\mrt.exe
2009-02-24 21:44:58 ----D---- C:\Program Files\Common Files\AVSMedia

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-28 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-01-28 107272]
R2 irda;Protocole IrDA; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-11-05 182272]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-19 7626400]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 47616]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-02-09 182456]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 vm331avs;Bison Webcam; C:\Windows\System32\Drivers\vm331avs.sys [2007-09-07 943016]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-28 325128]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 STIrUsb;Dongle SigmaTel USB-IrDA; C:\Windows\system32\DRIVERS\irstusb.sys [2008-01-21 30208]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2008-04-24 45056]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-14 447784]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-18 654848]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-18 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-25 137200]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PanelSvc;PanelSvc; C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe [2007-11-09 77312]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-03-23 20:18:58

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ACDSee for PENTAX 3.0-->MsiExec.exe /X{82515476-A57B-4C43-B642-5F396E20C648}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{04B848BE-8B67-4B44-929D-BC14D9B4FFF4}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Photoshop Elements 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobePE6*
Adobe Premiere Elements 4.0 Templates-->msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0 Templates-->MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Adobe_Premiere_ES*
Adobe Premiere Elements 4.0-->msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0-->MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVS Audio Converter version 5.1-->"C:\Program Files\AVS4YOU\AVSAudioConverter\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bison WebCam-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x040c -removeonly
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IFICVENza.INF
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ffdshow-->"C:\Program Files\ffdshow\uninstall.exe"
Firefox2.0.0.11-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
HDMI Audio Switch-->C:\Program Files\Conexant\HDMI_AudioSwitch\SETUP.EXE -U -IHDMI_AudioSwitch
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Infocentre Rev. 2.0.0.1-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Lphant v3.51-->"C:\Program Files\Lphant\unins000.exe"
LphantBar Toolbar-->C:\PROGRA~1\LPHANT~1\UNWISE.EXE C:\PROGRA~1\LPHANT~1\INSTALL.LOG
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *WKS9*
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR*
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Nero8*
Nero 8 Essentials-->MsiExec.exe /X{980B9958-1239-4FC5-8C88-AC5650321036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
P2P_Torrent Toolbar-->C:\PROGRA~1\P2P_TO~1\UNWISE.EXE C:\PROGRA~1\P2P_TO~1\INSTALL.LOG
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
Programme Votre Opinion-->MsiExec.exe /I{D5EA1755-1899-4380-A4BA-83840648CBDA}
Realtek Card Reader Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4210CB1-A469-41AF-A619-C97B07FDF6FD}\setup.exe" -l0x9 -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Skype 3.6.2.248-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

Merci pour ton aide!

Répondre à sonya88

Destrio5, le 23 mar 2009 à 20:27:04

Ton PC est infecté donc on va commencer par ça :

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5

sonya88, le 23 mar 2009 à 20:59:54

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1889
Windows 6.0.6001 Service Pack 1

23/03/2009 20:48:44
mbam-log-2009-03-23 (20-48-44).txt

Type de recherche: Examen rapide
Eléments examinés: 61462
Temps écoulé: 4 minute(s), 45 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\P2P_Torrent\tbP2P1.dll (Adware.Shopper) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\P2P_Torrent\tbP2P1.dll (Adware.Shopper) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.

Répondre à sonya88

Destrio5, le 23 mar 2009 à 21:00:53

Avgremover ne fonctionne toujours pas ?

Répondre à Destrio5

sonya88, le 23 mar 2009 à 22:55:09

J'ai essayé avgremover mais cela ne fonctionne pas...cela s'est lancé mais aucun résultat...Il m'a demandé de redémarrer le pc, ce que j'ai fais et quand il s'est redémarré, il me dit "NTLDR manque", j'ai fais F8 SATA HARD DISK

Répondre à sonya88

Destrio5, le 23 mar 2009 à 23:18:26

Le PC démarre quand même ?

Répondre à Destrio5

sonya88, le 23 mar 2009 à 23:23:23

Oui le pc démarre

Répondre à sonya88

Destrio5, le 23 mar 2009 à 23:33:35

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Désactive l'UAC le temps de la désinfection.

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
AvgMfx86
AvgTdiX
AvgLdx86
avg8wd
avg8emc

:files
C:\Program Files\AVG

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Répondre à Destrio5

sonya88, le 23 mar 2009 à 23:55:38

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service AvgMfx86 stopped successfully.
Service AvgMfx86 deleted successfully.
Unable to stop service AvgTdiX .
Service AvgLdx86 stopped successfully.
Service AvgLdx86 deleted successfully.
Service avg8wd stopped successfully.
Service avg8wd deleted successfully.
Service avg8emc stopped successfully.
Service avg8emc deleted successfully.
========== FILES ==========
Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Users\sonia\AppData\Local\Temp\~DFED4B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 03232009_235032

Files moved on Reboot...
Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot.
C:\Users\sonia\AppData\Local\Temp\~DFED4B.tmp moved successfully.

Répondre à sonya88

Destrio5, le 24 mar 2009 à 00:01:01

Tu as essayé d'installer AVG Free 8.5 ?

Répondre à Destrio5

sonya88, le 24 mar 2009 à 00:15:19

J'ai essayé d'installer avg free 8.5, cela fonctionnait bien jusqu'à ce qu'à la fin dans dossier de destination je ne peux pas aller sur suivant (dossier de destination est : C:\Program Files\AVG\AVG8)

Répondre à sonya88

Destrio5, le 24 mar 2009 à 00:18:53

Bon, on va utiliser un outil plus puissant.

--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5

sonya88, le 24 mar 2009 à 00:40:25

ComboFix 09-03-22.01 - sonia 2009-03-24 0:27:41.1 - NTFSx86
Lancé depuis: c:\users\sonia\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-23 23:50 . 2009-03-23 23:50 <REP> d-------- C:\_OTMoveIt
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\users\sonia\AppData\Roaming\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\programdata\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:41 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 20:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-23 20:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-23 20:18 . 2009-03-23 20:18 <REP> d-------- C:\rsit
2009-03-23 20:18 . 2009-03-23 20:18 <REP> d-------- c:\program files\trend micro
2009-03-23 13:49 . 2009-03-23 13:49 <REP> d-------- c:\program files\VS Revo Group
2009-03-23 13:04 . 2009-03-23 13:04 <REP> d-------- c:\program files\Panda Security
2009-03-12 07:40 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-12 07:40 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-12 07:40 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-12 07:40 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-12 07:39 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-12 07:39 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-02-24 21:44 . 2009-03-23 15:33 <REP> d-------- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 19:54 --------- d-----w c:\program files\P2P_Torrent
2009-03-22 22:14 --------- d-----w c:\program files\Java
2009-03-13 17:45 --------- d-----w c:\program files\Windows Mail
2009-02-24 20:44 --------- d-----w c:\program files\Common Files\AVSMedia
2009-02-05 18:57 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 18:57 --------- d-----w c:\program files\Windows Live
2009-01-30 10:00 0 ----a-w c:\users\sonia\AppData\Roaming\wklnhst.dat
2009-01-30 10:00 --------- d-----w c:\users\sonia\AppData\Roaming\Template
2009-01-25 01:43 --------- d-----w c:\program files\Google
2008-11-28 22:31 27,335 ----a-w c:\users\sonia\AppData\Roaming\nvModes.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-06-30 11:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-06-18 12:05 122,368 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-11-05 00:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-05 00:03 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-05 00:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b284373-1765-4464-a587-80fbc2b2eefa}]
2008-03-13 10:30 1524248 --a------ c:\program files\LphantBar\tbLpha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2009-03-01 16:32 131584 --a------ c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\pahelper_1100.2009.0210.1225.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"PanelApp"="c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe" [2007-01-24 31232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-18 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-11-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D08091BE-A149-47D7-9D62-88D01DF55043}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{AAA36FD7-21FF-4FAE-BA2D-B7F9E7FE6F81}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F4A270D4-776E-4227-BFE8-2A87D20D70B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91AF3D58-60BF-47A9-BCFC-4C94888EDFFE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC7BB057-038A-4932-97DF-81FF6A7A5EAB}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{A295DB48-98D1-404C-9A4A-0C12A648E065}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{1881C2EE-1A19-444D-879C-96F1A290663F}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{EB8A6E6E-C35C-49C2-BD5A-36EA476124FE}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{741D17D2-76AE-4105-8E74-51D825952AEB}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{FA67E796-8ABB-4E57-8279-680E3EB6D93E}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{001B08A6-699F-499E-9D3E-D1645A74666C}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{FEAECD8B-10D0-4002-AF94-E9A6534465F8}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{7A121710-9A4B-4182-8C53-601196D226BD}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{9D9FBEBA-DC65-4B7D-AEFD-461FF5B25982}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{A83138E0-42F7-4C8F-A4E4-C3D1FDD79B09}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{458E68BE-FDFE-4E49-B5A9-BB0FB233FF76}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"{9DEC8F9A-3640-4572-9814-7BF3A86B16D5}"= UDP:c:\users\sonia\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{83BF579E-80D6-4937-BEBF-B6A1139BD2A8}"= TCP:c:\users\sonia\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{32E4D779-718E-43D8-A9EA-F789BE64965E}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{DAABD2AA-07DA-47C4-8988-934DB64850EC}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
"{04B959B8-4DC2-4401-A5A9-35DEE3360B2F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{84AB31DF-685B-41D7-8650-DD90EA0BED9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 PanelSvc;PanelSvc;c:\program files\Votre Opinion\PanelApp\PanelSvc.exe [2007-11-09 77312]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 vm331avs;Bison Webcam;c:\windows\system32\Drivers\vm331avs.sys [2007-09-07 943016]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - IPNAT
*Deregistered* - AFD
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - Compbatt
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IPNAT
*Deregistered* - irda
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - symlcbrd
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\Extension de garantie-sonia.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13]

2009-03-23 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - sonia.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-03-23 c:\windows\Tasks\Recovery DVD Creator-sonia.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-02-04 11:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-{95A27763-F62A-4114-9072-E81D87DE3B68} - c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
ShellIconOverlayIdentifiers-{E300CD91-100F-4E67-9AF3-1384A6124015} - c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
ShellIconOverlayIdentifiers-{5E529433-B50E-4bef-A63B-16A6B71B071A} - c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
HKCU-Run-Device Detector - DevDetect.exe

.
------- Examen supplémentaire -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/...{moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 00:33:07
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1156)
c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\pahelper_1100.2009.0210.1225.dll
c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp_1100.2009.0210.1225.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ACD Systems\FR\DevDetect.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-03-24 0:38:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-23 23:38:23

Avant-CF: 79 114 563 584 octets libres
Après-CF: 78,738,382,848 octets libres

285 --- E O F --- 2009-03-23 14:41:08

Répondre à sonya88

Destrio5, le 24 mar 2009 à 00:42:48

/!\ Seul sonya88 peut suivre cette procédure. /!\

1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

Folder::
c:\program files\P2P_Torrent
C:\Program Files\AVG

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FC7BB057-038A-4932-97DF-81FF6A7A5EAB}"=-
"{A295DB48-98D1-404C-9A4A-0C12A648E065}"=-

--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.

2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/...

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt

Répondre à Destrio5

sonya88, le 24 mar 2009 à 01:00:07

ComboFix 09-03-22.01 - sonia 2009-03-24 0:47:58.2 - NTFSx86
Lancé depuis: c:\users\sonia\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\sonia\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\P2P_Torrent
c:\program files\P2P_Torrent\INSTALL.LOG
c:\program files\P2P_Torrent\P2P_TorrentToolbarHelper.exe
c:\program files\P2P_Torrent\tbP2P_.dll
c:\program files\P2P_Torrent\toolbar.cfg
c:\program files\P2P_Torrent\UNWISE.EXE
c:\program files\AVG . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))
.

2009-03-24 00:51 . 2007-01-04 10:15 9,336 --a------ c:\windows\System32\WinIo.sys
2009-03-23 23:50 . 2009-03-23 23:50 <REP> d-------- C:\_OTMoveIt
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\users\sonia\AppData\Roaming\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\programdata\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:41 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 20:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-23 20:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-23 20:18 . 2009-03-23 20:18 <REP> d-------- C:\rsit
2009-03-23 20:18 . 2009-03-23 20:18 <REP> d-------- c:\program files\trend micro
2009-03-23 13:49 . 2009-03-23 13:49 <REP> d-------- c:\program files\VS Revo Group
2009-03-23 13:04 . 2009-03-23 13:04 <REP> d-------- c:\program files\Panda Security
2009-03-12 07:40 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-12 07:40 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-12 07:40 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-12 07:40 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-12 07:39 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-12 07:39 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-02-24 21:44 . 2009-03-23 15:33 <REP> d-------- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 22:14 --------- d-----w c:\program files\Java
2009-03-13 17:45 --------- d-----w c:\program files\Windows Mail
2009-02-24 20:44 --------- d-----w c:\program files\Common Files\AVSMedia
2009-02-05 18:57 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 18:57 --------- d-----w c:\program files\Windows Live
2009-01-30 10:00 0 ----a-w c:\users\sonia\AppData\Roaming\wklnhst.dat
2009-01-30 10:00 --------- d-----w c:\users\sonia\AppData\Roaming\Template
2009-01-25 01:43 --------- d-----w c:\program files\Google
2008-11-28 22:31 27,335 ----a-w c:\users\sonia\AppData\Roaming\nvModes.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-06-30 11:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-06-18 12:05 122,368 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-11-05 00:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-05 00:03 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-05 00:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_ 0.37.05.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-23 23:33:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-23 23:51:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-23 23:51:16 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-23 23:33:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-23 23:51:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-23 23:51:15 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-23 23:27:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-23 23:32:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-23 23:27:01 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-23 23:32:52 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-23 23:27:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-23 23:32:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-23 23:19:46 13,982 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1775725231-339353010-3357015990-1000_UserData.bin
+ 2009-03-23 23:34:32 14,540 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1775725231-339353010-3357015990-1000_UserData.bin
- 2009-03-23 23:19:45 72,942 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-23 23:34:32 73,092 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b284373-1765-4464-a587-80fbc2b2eefa}]
2008-03-13 10:30 1524248 --a------ c:\program files\LphantBar\tbLpha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2009-03-01 16:32 131584 --a------ c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\pahelper_1100.2009.0210.1225.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"PanelApp"="c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe" [2007-01-24 31232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-18 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-11-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D08091BE-A149-47D7-9D62-88D01DF55043}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{AAA36FD7-21FF-4FAE-BA2D-B7F9E7FE6F81}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F4A270D4-776E-4227-BFE8-2A87D20D70B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91AF3D58-60BF-47A9-BCFC-4C94888EDFFE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1881C2EE-1A19-444D-879C-96F1A290663F}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{EB8A6E6E-C35C-49C2-BD5A-36EA476124FE}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{741D17D2-76AE-4105-8E74-51D825952AEB}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{FA67E796-8ABB-4E57-8279-680E3EB6D93E}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{001B08A6-699F-499E-9D3E-D1645A74666C}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{FEAECD8B-10D0-4002-AF94-E9A6534465F8}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{7A121710-9A4B-4182-8C53-601196D226BD}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{9D9FBEBA-DC65-4B7D-AEFD-461FF5B25982}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{A83138E0-42F7-4C8F-A4E4-C3D1FDD79B09}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{458E68BE-FDFE-4E49-B5A9-BB0FB233FF76}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"{9DEC8F9A-3640-4572-9814-7BF3A86B16D5}"= UDP:c:\users\sonia\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{83BF579E-80D6-4937-BEBF-B6A1139BD2A8}"= TCP:c:\users\sonia\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{32E4D779-718E-43D8-A9EA-F789BE64965E}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{DAABD2AA-07DA-47C4-8988-934DB64850EC}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
"{04B959B8-4DC2-4401-A5A9-35DEE3360B2F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{84AB31DF-685B-41D7-8650-DD90EA0BED9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 PanelSvc;PanelSvc;c:\program files\Votre Opinion\PanelApp\PanelSvc.exe [2007-11-09 77312]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 vm331avs;Bison Webcam;c:\windows\system32\Drivers\vm331avs.sys [2007-09-07 943016]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - Compbatt
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IPNAT
*Deregistered* - irda
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - symlcbrd
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-03-23 c:\windows\Tasks\Extension de garantie-sonia.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13]

2009-03-23 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - sonia.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-03-23 c:\windows\Tasks\Recovery DVD Creator-sonia.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-02-04 11:13]
.
.
------- Examen supplémentaire -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/...{moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 00:51:20
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(668)
c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\pahelper_1100.2009.0210.1225.dll
c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp_1100.2009.0210.1225.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-03-24 0:57:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-23 23:56:59
ComboFix2.txt 2009-03-23 23:38:34

Avant-CF: 78 757 523 456 octets libres
Après-CF: 78,631,280,640 octets libres

302 --- E O F --- 2009-03-23 14:41:08

Répondre à sonya88

Destrio5, le 24 mar 2009 à 01:02:33

Il est vraiment accroché le dossier AVG.

Refais la manip' en mode sans échec.

Répondre à Destrio5

sonya88, le 24 mar 2009 à 01:21:37

Etant sous vista je ne vois pas comment je peu démarrer en mode sans echec, sachant que j'ai essayé avec la touche F8 et que ca fonctionne pas. cette touche me sert déjà a redemarrer l'ordi et quand je le redémarre j'ai toujours ce message cliquer "ctrl + Alt + Supp" manque NDTLR

Par contre je peux de nouveau télécharger des logiciel et lire mes mails

Merci

P.S : toujours interessé pour trouver la solution au NDTLR manquant et enlever AVG

Répondre à sonya88

Destrio5, le 24 mar 2009 à 01:28:36

Essaie F5 pour le mode sans échec.

Répondre à Destrio5

sonya88, le 24 mar 2009 à 01:50:21

Voila le rapport en mode sans échec :

ComboFix 09-03-22.01 - sonia 2009-03-24 1:39:04.3 - NTFSx86 MINIMAL
Lancé depuis: c:\users\sonia\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\sonia\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-24 au 2009-03-24 ))))))))))))))))))))))))))))))))))))
.

2009-03-24 01:02 . 2009-03-24 01:02 <REP> d-------- c:\users\sonia\AppData\Roaming\vlc
2009-03-24 01:02 . 2009-03-24 01:02 <REP> d-------- c:\program files\VideoLAN
2009-03-23 23:50 . 2009-03-23 23:50 <REP> d-------- C:\_OTMoveIt
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\users\sonia\AppData\Roaming\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:40 <REP> d-------- c:\programdata\Malwarebytes
2009-03-23 20:40 . 2009-03-23 20:41 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 20:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-23 20:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-23 20:18 . 2009-03-23 20:18 <REP> d-------- C:\rsit
2009-03-23 20:18 . 2009-03-23 20:18 <REP> d-------- c:\program files\trend micro
2009-03-23 13:49 . 2009-03-23 13:49 <REP> d-------- c:\program files\VS Revo Group
2009-03-23 13:04 . 2009-03-23 13:04 <REP> d-------- c:\program files\Panda Security
2009-03-12 07:40 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-12 07:40 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-12 07:40 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-12 07:40 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-12 07:39 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-12 07:39 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-02-24 21:44 . 2009-03-23 15:33 <REP> d-------- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 22:14 --------- d-----w c:\program files\Java
2009-03-13 17:45 --------- d-----w c:\program files\Windows Mail
2009-02-24 20:44 --------- d-----w c:\program files\Common Files\AVSMedia
2009-02-05 18:57 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-05 18:57 --------- d-----w c:\program files\Windows Live
2009-01-30 10:00 0 ----a-w c:\users\sonia\AppData\Roaming\wklnhst.dat
2009-01-30 10:00 --------- d-----w c:\users\sonia\AppData\Roaming\Template
2009-01-25 01:43 --------- d-----w c:\program files\Google
2008-11-28 22:31 27,335 ----a-w c:\users\sonia\AppData\Roaming\nvModes.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-06-30 11:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-06-18 12:05 122,368 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-11-05 00:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-05 00:03 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-05 00:03 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_ 0.37.05.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-23 23:33:04 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-24 00:43:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-24 00:43:28 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-23 23:33:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-24 00:43:28 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-24 00:43:28 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-23 23:27:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-24 00:12:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-23 23:27:01 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-24 00:12:03 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-23 23:27:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-24 00:12:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-23 23:19:46 13,982 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1775725231-339353010-3357015990-1000_UserData.bin
+ 2009-03-24 00:13:48 14,564 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1775725231-339353010-3357015990-1000_UserData.bin
- 2009-03-23 23:19:45 72,942 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-24 00:13:48 73,350 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-23 23:19:43 47,858 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-24 00:13:47 48,436 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b284373-1765-4464-a587-80fbc2b2eefa}]
2008-03-13 10:30 1524248 --a------ c:\program files\LphantBar\tbLpha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6b284373-1765-4464-a587-80fbc2b2eefa}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= "c:\program files\LphantBar\tbLpha.dll" [2008-03-13 1524248]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2009-03-01 16:32 131584 --a------ c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\pahelper_1100.2009.0210.1225.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"PanelApp"="c:\users\sonia\AppData\Local\Votre Opinion\PanelApp\PanelApp.exe" [2007-01-24 31232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"CardReaderMonitor"="c:\program files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 643072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-18 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-15 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-11-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D08091BE-A149-47D7-9D62-88D01DF55043}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{AAA36FD7-21FF-4FAE-BA2D-B7F9E7FE6F81}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F4A270D4-776E-4227-BFE8-2A87D20D70B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91AF3D58-60BF-47A9-BCFC-4C94888EDFFE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1881C2EE-1A19-444D-879C-96F1A290663F}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{EB8A6E6E-C35C-49C2-BD5A-36EA476124FE}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{741D17D2-76AE-4105-8E74-51D825952AEB}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{FA67E796-8ABB-4E57-8279-680E3EB6D93E}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{001B08A6-699F-499E-9D3E-D1645A74666C}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{FEAECD8B-10D0-4002-AF94-E9A6534465F8}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{7A121710-9A4B-4182-8C53-601196D226BD}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{9D9FBEBA-DC65-4B7D-AEFD-461FF5B25982}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{A83138E0-42F7-4C8F-A4E4-C3D1FDD79B09}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{458E68BE-FDFE-4E49-B5A9-BB0FB233FF76}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"{9DEC8F9A-3640-4572-9814-7BF3A86B16D5}"= UDP:c:\users\sonia\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{83BF579E-80D6-4937-BEBF-B6A1139BD2A8}"= TCP:c:\users\sonia\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{32E4D779-718E-43D8-A9EA-F789BE64965E}c:\\program files\\lphant\\elephantclient.exe"= UDP:c:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{DAABD2AA-07DA-47C4-8988-934DB64850EC}c:\\program files\\lphant\\elephantclient.exe"= TCP:c:\program files\lphant\elephantclient.exe:lphant Client
"{04B959B8-4DC2-4401-A5A9-35DEE3360B2F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{84AB31DF-685B-41D7-8650-DD90EA0BED9D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 PanelSvc;PanelSvc;c:\program files\Votre Opinion\PanelApp\PanelSvc.exe [2007-11-09 77312]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-11-21 327168]
S3 vm331avs;Bison Webcam;c:\windows\system32\Drivers\vm331avs.sys [2007-09-07 943016]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - Compbatt
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IPNAT
*Deregistered* - irda
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - symlcbrd
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-03-24 c:\windows\Tasks\Extension de garantie-sonia.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13]

2009-03-23 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - sonia.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-03-24 c:\windows\Tasks\Recovery DVD Creator-sonia.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-02-04 11:13]
.
.
------- Examen supplémentaire -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/...{moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 01:43:30
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2009-03-24 1:48:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-24 00:48:17
ComboFix2.txt 2009-03-23 23:57:05
ComboFix3.txt 2009-03-23 23:38:34

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 78,450,741,248 octets libres

292 --- E O F --- 2009-03-23 14:41:08

Répondre à sonya88

Destrio5, le 24 mar 2009 à 01:51:49

"c:\program files\AVG . . . . impossible à supprimer"

---> Essaie de supprimer le dossier avec Unlocker :
http://ccollomb.free.fr/unlocker/unlocker1.8.7.exe

Répondre à Destrio5

sonya88, le 24 mar 2009 à 02:07:50

Cela ne fonctionne pas, j'ai téléchargé unlocker mais il ne se lance pas lorsque je veux l'utiliser

Répondre à sonya88

36 réponses 12 Suivant

Posez votre question Répondre