Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Res://ieframe.dll/dnserror.htm

Dernière réponse le 27 jun 2009 à 17:45:52 sulli974, le 21 jun 2009 à 15:29:25

Signaler ce message aux modérateurs

Bonjour,

Je me permet de vous écrire car j'ai un souci au niveau de ma connexion internet.
En effet, ayant désinstaller Nortion Internet Security pour le remplacer par l'antivirus Kapersky 2009 en le téléchargeant sur le site www.01net.com.
A la fin du téléchargement, j'ai installé l'antivirus mais ensuite pour activer la version d'évaluation on me disait que c'était impossible de se connecter au serveur.
J'ai alors ouvert une pages IE qui n'a pas ouvert et qui affichait en bas à gauche le message que j'ai mis dans le titre: en attente de res://ieframe.dll/dnserror.htm
Je ne peux plus me connecter à Windows Messenger 2009 aussi il me dit probleme au niveaux des ports principaux.

Que puis-je faire?

Merci de vos réponses.
IE 8, vista, orange livebox

Configuration: Windows Vista Internet Explorer 8.0

Meilleures réponses pour « res://ieframe.dll/dnserror.htm » dans :

PB message: res.shdoclc.dll/dnserror.htm (Résolu) Voir

Res://ieframe.dll/dnserror Voir

Res://ieframe.dll/dnserror.htm Voir

Res://sp3res.dll/default.hta VoirSi l'ordinateur affiche le message suivant au démarrage, des fichiers de Windows sont probablement corrompus : res://sp3res.dll/default.hta Rechercher les fichiers corrompus Pour rechercher les fichiers corrompus et corriger le problème,...

[Windows] HAL.DLL manquant ou corrompu VoirVous ne pouvez plus entrer sous Windows à cause de l'erreur suivante : HAL.DLL manquant ou corrompu Windows could not start because the following file is missing or corrupt: Windows\System32\Hal.dll Windows n'a pas pu démarrer car le fichier...

Erreur: xvidcore.dll not found VoirProblème: Vous avez une erreur "xvidcore.dll not found" lorsque vous essayez de lire une vidéo? Il est très facile et rapide de résoudre ce problème, suivez la résolution ci-dessous. Solution: Rendez-vous sur ce lien: http://www.dll...

Rés:shdoclc.dll/dnserror.htm QUE FAIRE? Voir

Accès internet : res:/ieframe.dll/dnserror.ht Voir

Ieframe.dll/dnserror Voir

Télécharger Resource Hacker VoirResHack (Resource Hacker) est un freeware permettant de voir, de modifier, de renommer, de supprimer ou d'extraire des ressources dans des fichiers exécutables (.exe, .ocx, .dll, .res, etc.). Il possède un compilateur/décompilateur interne...

Télécharger Visual Basic 6 Runtime (VB6 DLL) VoirLe Runtime Visual Basic 6 contient l'ensemble des librairies (DLL) nécessaires pour exécuter des programmes écrits en langage Visual Basic 6.0. Il contient notamment les DLL suivantes :...

Télécharger DLL to Lib Voir

Kernel32.dll Voirkernel32.dll Le processus kernel32.dll (kernel32.dll signifiant Windows Kernel Process) est un processus générique de Windows NT/2000/XP constituant le noyau de Windows et servant à gérer la mémoire, les ressources système et les processus légers...

Fichier DLL VoirFormat DLL Un fichier DLL est une librairie dynamique, c'est-à-dire un fichier destiné au système d'exploitation pour lui fournir des fonctions supplémentaires. Pour plus d'informations sur les DLL, vous pouvez vous reporter à l'article suivant :...

IE ne fonctionne pas. Non je n'ai aucun pare feu

Posez votre question Répondre

plopus, le 21 jun 2009 à 15:55:38

Bonjour

telecharge hijackthis sur ton bureau http://www.01net.com/...

choisit do a scan and save the log et poste le rapport

Répondre à plopus

sulli974, le 21 jun 2009 à 16:02:54

Bonjour,

Merci de m'avoir répondu.

Voici le résultat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:24, on 21/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Shamilah\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
F:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Showbalm] "C:\ProgramData\jump program program.atiw8rz"
O4 - HKCU\..\Run: [tons bike intra poll] "C:\ProgramData\32 readme fast.y5eegh7"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 10727 bytes

Répondre à sulli974

plopus, le 21 jun 2009 à 16:28:48

Salut

Sous VISTA : Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection)
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

donc tu as 2 infections qui sont trés presente dans ton PC la premiere MyWebSearch qui est un adware

pour supprimer :

* Télécharge et enregistre le fichier d installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.

* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"

* Au menu principal choisi l'option "L" et tape sur [entrée] .

* Laisse travailler l'outil et ne touche à rien ...

* Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.

ensuite tu dois aussi avoir des pubs intempestives qui provienne d'une infection LOP qui s'installe avec ces programmes dit gratuits :

* Sponsors MSN plus !
* Bittorent
* BitDownload
* BitGrabber
* NetPumper
* BitRoll
* TorrentQ
* Torrent101
* ...

pour supprimer :

* Télécharger et enregistrer lopSD sur ton bureau

http://eric.71.mespages.googlepages.com/LopSD.exe

* Double-clic Lop S&D

* Faire l'installation

* Fermer toutes les applications

* Le lancer par un double-clic sur le raccourci qui est sur le bureau

* Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

* Taper F pour français , puis presser entrée

* Taper 1

* Presser Entrée

* Le PC va redémarrer

* Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

* Attendre l'apparition du rapport

* Copier le rapport et le coller dans la réponse

* le rapport se trouve aussi à C:\lopR

Répondre à plopus

sulli974, le 21 jun 2009 à 18:27:01

Par contre, j'ai débuté le scan pour le AD-REMOVER à 16h47 et il n'est toujours pas terminé. C'est écris: "Scan en cours, veuillez patientez le temps de la recherche.

Répondre à sulli974

sulli974, le 21 jun 2009 à 19:25:35

Le Scan est terminé;

Voici le résultat concernant l'AD-REPORT:
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_M | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 21/06/2009 à 3:00 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:45:42, 21/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PC-DE-SHAMILAH | Utilisateur actuel: Shamilah
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: Shamilah
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: "MyWebSearchService"
.
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{1f52a5fa-a705-4415-b975-88503b291728}
HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244f69}
HKCR\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc}
HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
HKCR\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e}
HKCR\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f}
HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCR\screensavercontrol.screensaverinstaller
HKCR\screensavercontrol.screensaverinstaller.1
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKCU\Software\AppDataLow\Software\MyWebSearch
HKCU\Software\FunWebProducts
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\MyWebSearch
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\SYSTEM\ControlSet002\Services\MyWebSearchService
HKLM\SYSTEM\ControlSet003\Services\MyWebSearchService
HKU\S-1-5-21-535121939-2027292061-3925157221-1003\Software\Appdatalow\Software\Fun Web Products
HKU\S-1-5-21-535121939-2027292061-3925157221-1003\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
.
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Data
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Installr
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Shared
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Data\avatar.dat
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Installr\Cache
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Installr\Cache\029B27B9.exe
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Shared\Cache
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Users\Shamilah\AppData\LocalLow\FunWebProducts
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\History
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Settings
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\00140BE2.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029C6C75
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029C80A1
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029CB400
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029CBF27.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029CC59C.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029CCB28.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029CD5C2.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029CDE79.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029D3E73.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029D4805.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029D551F.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029D65C1.bin
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\029D6DFB
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\History\search3
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
C:\Users\Shamilah\AppData\LocalLow\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch
C:\Windows\System32\f3PSSavr.scr
C:\Users\Shamilah\AppData\Local\Temp\kiwee_toolbar_installer.exe
C:\Users\Shamilah\AppData\Local\Temp\MWSSRCSP.EXE
C:\Program Files\Windows Live\Messenger\riched20.dll
C:\Program Files\Internet Explorer\msimg32.dll

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 8.0.6001.18783 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
21831 Octet(s) - C:\Ad-Report-CLEAN.log
.
1086 Fichier(s) - C:\Users\Shamilah\AppData\Local\Temp
13 Fichier(s) - C:\Windows\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
6 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 20:52:59 | 21/06/2009
.
============== E.O.F ==============
.

Voici le résultat concernant le LopPR: PAR CONTRE PAS DE DEMARRAGE LORSQUE J'AI TAPE 1

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Shamilah ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:7640 Mo (Free:7 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 21/06/2009|21:17 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[04/10/2008|22:43] C:\Users\Shamilah\AppData\Local\acer eNM
[17/10/2008|22:09] C:\Users\Shamilah\AppData\Local\Adobe
[24/12/2008|22:12] C:\Users\Shamilah\AppData\Local\Apple
[25/12/2008|22:32] C:\Users\Shamilah\AppData\Local\Apple Computer
[04/10/2008|22:41] C:\Users\Shamilah\AppData\Local\Application Data
[27/01/2009|18:20] C:\Users\Shamilah\AppData\Local\d3d9caps.dat
[09/03/2009|17:39] C:\Users\Shamilah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[04/02/2009|14:44] C:\Users\Shamilah\AppData\Local\eMule
[12/04/2009|19:30] C:\Users\Shamilah\AppData\Local\GDIPFONTCACHEV1.DAT
[04/10/2008|22:41] C:\Users\Shamilah\AppData\Local\Historique
[21/06/2009|18:39] C:\Users\Shamilah\AppData\Local\IconCache.db
[28/04/2009|19:34] C:\Users\Shamilah\AppData\Local\Microsoft
[06/10/2008|04:07] C:\Users\Shamilah\AppData\Local\Microsoft Games
[06/02/2009|18:32] C:\Users\Shamilah\AppData\Local\Microsoft Help
[05/04/2009|19:35] C:\Users\Shamilah\AppData\Local\Seven Zip
[21/06/2009|21:13] C:\Users\Shamilah\AppData\Local\Temp
[04/10/2008|22:41] C:\Users\Shamilah\AppData\Local\Temporary Internet Files
[29/11/2008|07:42] C:\Users\Shamilah\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[21/06/2009 16:59][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{EBE3C95D-890A-49DF-B08A-0B03D10D16AF}.job
[21/06/2009 18:41][--ah-----] C:\Windows\tasks\SA.DAT
[21/06/2009 18:40][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[24/12/2008|22:14] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[19/10/2008|02:44] C:\ProgramData\32 readme fast.y5eegh7
[10/03/2008|23:26] C:\ProgramData\Adobe
[24/12/2008|22:11] C:\ProgramData\Apple
[24/12/2008|22:14] C:\ProgramData\Apple Computer
[02/11/2006|17:02] C:\ProgramData\Application Data
[25/03/2008|13:35] C:\ProgramData\Broadcom
[04/10/2008|22:37] C:\ProgramData\Bureau
[02/11/2006|17:02] C:\ProgramData\Desktop
[02/11/2006|17:02] C:\ProgramData\Documents
[04/02/2009|14:44] C:\ProgramData\eMule
[04/10/2008|22:37] C:\ProgramData\Favoris
[02/11/2006|17:02] C:\ProgramData\Favorites
[19/10/2008|02:44] C:\ProgramData\jump program program.0a4ren
[21/11/2008|19:59] C:\ProgramData\jump program program.atiw8rz
[19/10/2008|02:44] C:\ProgramData\jump program program.f0a1en
[21/06/2009|18:42] C:\ProgramData\Kaspersky Lab
[21/06/2009|15:05] C:\ProgramData\LuUninstall.LiveUpdate
[04/10/2008|22:37] C:\ProgramData\Menu D‚marrer
[19/10/2008|02:52] C:\ProgramData\Messenger Plus!
[12/04/2009|12:55] C:\ProgramData\Microsoft
[15/06/2009|16:37] C:\ProgramData\Microsoft Help
[04/10/2008|22:37] C:\ProgramData\ModŠles
[16/12/2008|00:22] C:\ProgramData\Poke admin tons bike
[02/11/2006|17:02] C:\ProgramData\Start Menu
[21/06/2009|11:48] C:\ProgramData\Symantec
[02/11/2006|17:02] C:\ProgramData\Templates
[16/12/2008|00:25] C:\ProgramData\trustface
[06/10/2008|00:38] C:\ProgramData\WLInstaller
[25/03/2008|13:45] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[25/03/2008|13:42] C:\Program Files\Acer Inc
[10/03/2008|23:26] C:\Program Files\Adobe
[21/06/2009|20:52] C:\Program Files\Ad-remover
[29/10/2008|02:42] C:\Program Files\AGI
[24/12/2008|22:12] C:\Program Files\Apple Software Update
[24/12/2008|22:13] C:\Program Files\Bonjour
[25/03/2008|13:35] C:\Program Files\Broadcom
[16/12/2008|00:18] C:\Program Files\Circle Developement
[21/06/2009|11:47] C:\Program Files\Common Files
[25/03/2008|13:28] C:\Program Files\CONEXANT
[25/03/2008|13:41] C:\Program Files\CyberLink
[04/02/2009|14:44] C:\Program Files\eMule
[04/10/2008|22:37] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[25/03/2008|13:51] C:\Program Files\InstallShield Installation Information
[10/03/2008|23:19] C:\Program Files\Intel
[21/06/2009|20:51] C:\Program Files\Internet Explorer
[06/10/2008|00:08] C:\Program Files\Inventel
[24/12/2008|22:14] C:\Program Files\iPod
[24/12/2008|22:14] C:\Program Files\iTunes
[21/06/2009|12:57] C:\Program Files\Kaspersky Lab
[25/03/2008|13:45] C:\Program Files\Launch Manager
[21/02/2009|13:10] C:\Program Files\Messenger Plus! Live
[21/02/2009|11:13] C:\Program Files\Microsoft
[02/11/2006|16:37] C:\Program Files\Microsoft Games
[11/03/2008|01:06] C:\Program Files\Microsoft Office
[21/02/2009|11:13] C:\Program Files\Microsoft Office Outlook Connector
[28/02/2009|12:22] C:\Program Files\Microsoft Silverlight
[11/03/2008|01:06] C:\Program Files\Microsoft Small Business
[19/03/2009|13:50] C:\Program Files\Microsoft SQL Server
[21/02/2009|11:09] C:\Program Files\Microsoft SQL Server Compact Edition
[21/02/2009|11:11] C:\Program Files\Microsoft Sync Framework
[11/03/2008|00:59] C:\Program Files\Microsoft Visual Studio
[12/04/2009|12:49] C:\Program Files\Microsoft Visual Studio 8
[11/03/2008|00:59] C:\Program Files\Microsoft Works
[11/03/2008|01:04] C:\Program Files\Microsoft.NET
[11/03/2008|11:55] C:\Program Files\Movie Maker
[12/04/2009|12:57] C:\Program Files\MSBuild
[04/10/2008|23:10] C:\Program Files\Netissimo
[11/03/2008|01:07] C:\Program Files\NewTech Infosystems
[06/10/2008|00:16] C:\Program Files\Orange
[24/12/2008|22:13] C:\Program Files\QuickTime
[10/03/2008|23:23] C:\Program Files\Realtek
[02/11/2006|16:37] C:\Program Files\Reference Assemblies
[06/10/2008|00:08] C:\Program Files\Securitoo
[29/11/2008|08:01] C:\Program Files\Super Mario Blue Twilight DX
[21/06/2009|15:05] C:\Program Files\Symantec
[10/03/2008|23:24] C:\Program Files\Synaptics
[02/11/2006|17:01] C:\Program Files\Uninstall Information
[19/10/2008|01:11] C:\Program Files\VideoLAN
[04/10/2008|22:59] C:\Program Files\Wanadoo
[11/03/2008|11:55] C:\Program Files\Windows Calendar
[11/03/2008|11:55] C:\Program Files\Windows Collaboration
[11/03/2008|11:55] C:\Program Files\Windows Defender
[11/03/2008|11:55] C:\Program Files\Windows Journal
[21/02/2009|11:12] C:\Program Files\Windows Live
[18/01/2009|21:27] C:\Program Files\Windows Live SkyDrive
[14/05/2009|14:12] C:\Program Files\Windows Mail
[13/03/2009|15:43] C:\Program Files\Windows Media Player
[04/10/2008|22:37] C:\Program Files\Windows NT
[11/03/2008|11:55] C:\Program Files\Windows Photo Gallery
[11/03/2008|11:55] C:\Program Files\Windows Sidebar
[11/03/2008|01:22] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/03/2008|23:26] C:\Program Files\Common Files\Adobe
[24/12/2008|22:14] C:\Program Files\Common Files\Apple
[11/03/2008|00:59] C:\Program Files\Common Files\DESIGNER
[06/10/2008|00:14] C:\Program Files\Common Files\France Telecom
[25/03/2008|13:41] C:\Program Files\Common Files\InstallShield
[11/03/2008|00:36] C:\Program Files\Common Files\LightScribe
[12/04/2009|13:03] C:\Program Files\Common Files\microsoft shared
[11/03/2008|00:34] C:\Program Files\Common Files\muvee Technologies
[11/03/2008|00:39] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|15:18] C:\Program Files\Common Files\Services
[02/11/2006|15:18] C:\Program Files\Common Files\SpeechEngines
[21/06/2009|15:05] C:\Program Files\Common Files\Symantec Shared
[21/02/2009|11:13] C:\Program Files\Common Files\System
[17/10/2008|03:01] C:\Program Files\Common Files\Windows Live
[06/10/2008|00:46] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

C:\ProgramData\jump program program.0a4ren
C:\ProgramData\jump program program.f0a1en
C:\ProgramData\32 readme fast.y5eegh7
C:\ProgramData\jump program program.atiw8rz

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Poke admin tons bike
C:\Program Files\Circle Developement

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Showbalm"="\"C:\\ProgramData\\jump program program.atiw8rz\""
"tons bike intra poll"="\"C:\\ProgramData\\32 readme fast.y5eegh7\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 21:18:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 230

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1087][D:45]-> C:\Users\Shamilah\AppData\Local\Temp
[F:8][D:1]-> C:\Users\Shamilah\AppData\Roaming\MICROS~1\Windows\Cookies
[F:24][D:4]-> C:\Users\Shamilah\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 21/06/2009|21:21 - Option : [1]

--------------------\\ Fin du rapport a 21:21:00
[ UAC => 1 ]

Répondre à sulli974

sulli974, le 21 jun 2009 à 19:27:51

Apres ces deux installations, mon Internet Explorer ne fonctionne toujours pas.

Répondre à sulli974

plopus, le 21 jun 2009 à 19:58:57

Re

on verra a la fin de la desinfection si il marche toujours pas pour internet explorer.

relance LOP en option 2 et poste le rapport

puis clic ici http://www.bibou0007.com/outils-specifiques-f78/rsit-t3035.htm
et suit le tuto de RSIT et poste moi le rapport

Répondre à plopus

sulli974, le 21 jun 2009 à 20:32:28

Lop avec option 2:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Shamilah ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:7640 Mo (Free:7 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 21/06/2009|22:06 )

[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\jump program program.0a4ren
Supprime! - C:\ProgramData\jump program program.f0a1en
Supprime! - C:\ProgramData\32 readme fast.y5eegh7
Supprime! - C:\ProgramData\jump program program.atiw8rz
Supprime! - C:\ProgramData\Poke admin tons bike
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[04/10/2008|22:43] C:\Users\Shamilah\AppData\Local\acer eNM
[17/10/2008|22:09] C:\Users\Shamilah\AppData\Local\Adobe
[24/12/2008|22:12] C:\Users\Shamilah\AppData\Local\Apple
[25/12/2008|22:32] C:\Users\Shamilah\AppData\Local\Apple Computer
[04/10/2008|22:41] C:\Users\Shamilah\AppData\Local\Application Data
[27/01/2009|18:20] C:\Users\Shamilah\AppData\Local\d3d9caps.dat
[09/03/2009|17:39] C:\Users\Shamilah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[04/02/2009|14:44] C:\Users\Shamilah\AppData\Local\eMule
[12/04/2009|19:30] C:\Users\Shamilah\AppData\Local\GDIPFONTCACHEV1.DAT
[04/10/2008|22:41] C:\Users\Shamilah\AppData\Local\Historique
[21/06/2009|22:04] C:\Users\Shamilah\AppData\Local\IconCache.db
[28/04/2009|19:34] C:\Users\Shamilah\AppData\Local\Microsoft
[06/10/2008|04:07] C:\Users\Shamilah\AppData\Local\Microsoft Games
[06/02/2009|18:32] C:\Users\Shamilah\AppData\Local\Microsoft Help
[05/04/2009|19:35] C:\Users\Shamilah\AppData\Local\Seven Zip
[21/06/2009|22:06] C:\Users\Shamilah\AppData\Local\Temp
[04/10/2008|22:41] C:\Users\Shamilah\AppData\Local\Temporary Internet Files
[29/11/2008|07:42] C:\Users\Shamilah\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[21/06/2009 16:59][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{EBE3C95D-890A-49DF-B08A-0B03D10D16AF}.job
[21/06/2009 22:05][--ah-----] C:\Windows\tasks\SA.DAT
[21/06/2009 22:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[24/12/2008|22:14] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/03/2008|23:26] C:\ProgramData\Adobe
[24/12/2008|22:11] C:\ProgramData\Apple
[24/12/2008|22:14] C:\ProgramData\Apple Computer
[02/11/2006|17:02] C:\ProgramData\Application Data
[25/03/2008|13:35] C:\ProgramData\Broadcom
[04/10/2008|22:37] C:\ProgramData\Bureau
[02/11/2006|17:02] C:\ProgramData\Desktop
[02/11/2006|17:02] C:\ProgramData\Documents
[04/02/2009|14:44] C:\ProgramData\eMule
[04/10/2008|22:37] C:\ProgramData\Favoris
[02/11/2006|17:02] C:\ProgramData\Favorites
[21/06/2009|22:05] C:\ProgramData\Kaspersky Lab
[21/06/2009|15:05] C:\ProgramData\LuUninstall.LiveUpdate
[04/10/2008|22:37] C:\ProgramData\Menu D‚marrer
[19/10/2008|02:52] C:\ProgramData\Messenger Plus!
[12/04/2009|12:55] C:\ProgramData\Microsoft
[15/06/2009|16:37] C:\ProgramData\Microsoft Help
[04/10/2008|22:37] C:\ProgramData\ModŠles
[02/11/2006|17:02] C:\ProgramData\Start Menu
[21/06/2009|11:48] C:\ProgramData\Symantec
[02/11/2006|17:02] C:\ProgramData\Templates
[16/12/2008|00:25] C:\ProgramData\trustface
[06/10/2008|00:38] C:\ProgramData\WLInstaller
[25/03/2008|13:45] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[25/03/2008|13:42] C:\Program Files\Acer Inc
[10/03/2008|23:26] C:\Program Files\Adobe
[21/06/2009|20:52] C:\Program Files\Ad-remover
[29/10/2008|02:42] C:\Program Files\AGI
[24/12/2008|22:12] C:\Program Files\Apple Software Update
[24/12/2008|22:13] C:\Program Files\Bonjour
[25/03/2008|13:35] C:\Program Files\Broadcom
[21/06/2009|11:47] C:\Program Files\Common Files
[25/03/2008|13:28] C:\Program Files\CONEXANT
[25/03/2008|13:41] C:\Program Files\CyberLink
[04/02/2009|14:44] C:\Program Files\eMule
[04/10/2008|22:37] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[25/03/2008|13:51] C:\Program Files\InstallShield Installation Information
[10/03/2008|23:19] C:\Program Files\Intel
[21/06/2009|20:51] C:\Program Files\Internet Explorer
[06/10/2008|00:08] C:\Program Files\Inventel
[24/12/2008|22:14] C:\Program Files\iPod
[24/12/2008|22:14] C:\Program Files\iTunes
[21/06/2009|12:57] C:\Program Files\Kaspersky Lab
[25/03/2008|13:45] C:\Program Files\Launch Manager
[21/02/2009|13:10] C:\Program Files\Messenger Plus! Live
[21/02/2009|11:13] C:\Program Files\Microsoft
[02/11/2006|16:37] C:\Program Files\Microsoft Games
[11/03/2008|01:06] C:\Program Files\Microsoft Office
[21/02/2009|11:13] C:\Program Files\Microsoft Office Outlook Connector
[28/02/2009|12:22] C:\Program Files\Microsoft Silverlight
[11/03/2008|01:06] C:\Program Files\Microsoft Small Business
[19/03/2009|13:50] C:\Program Files\Microsoft SQL Server
[21/02/2009|11:09] C:\Program Files\Microsoft SQL Server Compact Edition
[21/02/2009|11:11] C:\Program Files\Microsoft Sync Framework
[11/03/2008|00:59] C:\Program Files\Microsoft Visual Studio
[12/04/2009|12:49] C:\Program Files\Microsoft Visual Studio 8
[11/03/2008|00:59] C:\Program Files\Microsoft Works
[11/03/2008|01:04] C:\Program Files\Microsoft.NET
[11/03/2008|11:55] C:\Program Files\Movie Maker
[12/04/2009|12:57] C:\Program Files\MSBuild
[04/10/2008|23:10] C:\Program Files\Netissimo
[11/03/2008|01:07] C:\Program Files\NewTech Infosystems
[06/10/2008|00:16] C:\Program Files\Orange
[24/12/2008|22:13] C:\Program Files\QuickTime
[10/03/2008|23:23] C:\Program Files\Realtek
[02/11/2006|16:37] C:\Program Files\Reference Assemblies
[06/10/2008|00:08] C:\Program Files\Securitoo
[29/11/2008|08:01] C:\Program Files\Super Mario Blue Twilight DX
[21/06/2009|15:05] C:\Program Files\Symantec
[10/03/2008|23:24] C:\Program Files\Synaptics
[02/11/2006|17:01] C:\Program Files\Uninstall Information
[19/10/2008|01:11] C:\Program Files\VideoLAN
[04/10/2008|22:59] C:\Program Files\Wanadoo
[11/03/2008|11:55] C:\Program Files\Windows Calendar
[11/03/2008|11:55] C:\Program Files\Windows Collaboration
[11/03/2008|11:55] C:\Program Files\Windows Defender
[11/03/2008|11:55] C:\Program Files\Windows Journal
[21/02/2009|11:12] C:\Program Files\Windows Live
[18/01/2009|21:27] C:\Program Files\Windows Live SkyDrive
[14/05/2009|14:12] C:\Program Files\Windows Mail
[13/03/2009|15:43] C:\Program Files\Windows Media Player
[04/10/2008|22:37] C:\Program Files\Windows NT
[11/03/2008|11:55] C:\Program Files\Windows Photo Gallery
[11/03/2008|11:55] C:\Program Files\Windows Sidebar
[11/03/2008|01:22] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/03/2008|23:26] C:\Program Files\Common Files\Adobe
[24/12/2008|22:14] C:\Program Files\Common Files\Apple
[11/03/2008|00:59] C:\Program Files\Common Files\DESIGNER
[06/10/2008|00:14] C:\Program Files\Common Files\France Telecom
[25/03/2008|13:41] C:\Program Files\Common Files\InstallShield
[11/03/2008|00:36] C:\Program Files\Common Files\LightScribe
[12/04/2009|13:03] C:\Program Files\Common Files\microsoft shared
[11/03/2008|00:34] C:\Program Files\Common Files\muvee Technologies
[11/03/2008|00:39] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|15:18] C:\Program Files\Common Files\Services
[02/11/2006|15:18] C:\Program Files\Common Files\SpeechEngines
[21/06/2009|15:05] C:\Program Files\Common Files\Symantec Shared
[21/02/2009|11:13] C:\Program Files\Common Files\System
[17/10/2008|03:01] C:\Program Files\Common Files\Windows Live
[06/10/2008|00:46] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 87 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 22:07:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\Windows\System32\wbem\Performance\WmiApRpl_new.h 357 bytes
scan completed successfully
hidden processes: 0
hidden files: 231

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:1088][D:45]-> C:\Users\Shamilah\AppData\Local\Temp
[F:8][D:1]-> C:\Users\Shamilah\AppData\Roaming\MICROS~1\Windows\Cookies
[F:24][D:4]-> C:\Users\Shamilah\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 21/06/2009|21:21 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 21/06/2009|22:09 - Option : [2]

--------------------\\ Fin du rapport a 22:09:53
[ UAC => 1 ]

Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shamilah at 2009-06-21 22:13:27
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 7 GB (10%) free of 71 GB
Total RAM: 2038 MB (52% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{EBE3C95D-890A-49DF-B08A-0B03D10D16AF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"Adobe Reader Speed Launcher"=c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-29 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-29 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-29 137752]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-01-22 81920]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-06 57344]
"SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208]
"ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\Shamilah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Outil de notification Live Search.lnk - C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-21 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b84eb7-e2e2-11dd-803d-000000000000}]
shell\AutoRun\command - F:\2u.com
shell\explore\command - F:\2u.com
shell\open\command - F:\2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4156d958-9d36-11dd-918c-000000000000}]
shell\AutoRun\command - SETUP.EXE -0
shell\Explore\command - SETUP.EXE -E
shell\Open\command - SETUP.EXE -O

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a74b0f3b-e3be-11dd-af24-000000000000}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2a0fda3-07fd-11de-bb12-000000000000}]
shell\AutoRun\command - G:\e.com
shell\explore\command - G:\e.com
shell\open\command - G:\e.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc8d7d33-9c17-11dd-9691-000000000000}]
shell\AutoRun\command - F:\ymxf2.exe
shell\open\command - F:\ymxf2.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-21 22:13:27 ----D---- C:\rsit
2009-06-21 22:13:27 ----D---- C:\Program Files\trend micro
2009-06-21 21:17:18 ----A---- C:\lopR.txt
2009-06-21 21:16:47 ----D---- C:\Lop SD
2009-06-21 18:45:07 ----D---- C:\Program Files\Ad-remover
2009-06-21 15:05:11 ----SHD---- C:\Config.Msi
2009-06-21 13:40:03 ----A---- C:\Windows\system32\ieui.dll
2009-06-21 13:40:03 ----A---- C:\Windows\system32\iesetup.dll
2009-06-21 13:40:03 ----A---- C:\Windows\system32\iernonce.dll
2009-06-21 13:40:02 ----A---- C:\Windows\system32\wininet.dll
2009-06-21 13:40:02 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-21 13:40:02 ----A---- C:\Windows\system32\iertutil.dll
2009-06-21 13:40:02 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-21 13:40:02 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-21 13:40:01 ----A---- C:\Windows\system32\urlmon.dll
2009-06-21 13:40:00 ----A---- C:\Windows\system32\mshtml.dll
2009-06-21 13:40:00 ----A---- C:\Windows\system32\ieframe.dll
2009-06-21 13:37:18 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-21 13:37:17 ----A---- C:\Windows\system32\msls31.dll
2009-06-21 13:37:17 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-21 13:37:17 ----A---- C:\Windows\system32\icardie.dll
2009-06-21 13:37:17 ----A---- C:\Windows\system32\corpol.dll
2009-06-21 13:37:17 ----A---- C:\Windows\system32\admparse.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\inseng.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\imgutil.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\iepeers.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-21 13:37:16 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-21 13:37:15 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-21 13:37:15 ----A---- C:\Windows\system32\wextract.exe
2009-06-21 13:37:15 ----A---- C:\Windows\system32\webcheck.dll
2009-06-21 13:37:15 ----A---- C:\Windows\system32\occache.dll
2009-06-21 13:37:15 ----A---- C:\Windows\system32\mstime.dll
2009-06-21 13:37:15 ----A---- C:\Windows\system32\msrating.dll
2009-06-21 13:37:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-06-21 13:37:15 ----A---- C:\Windows\system32\ieakui.dll
2009-06-21 13:37:15 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-21 13:37:14 ----A---- C:\Windows\system32\vbscript.dll
2009-06-21 13:37:14 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-21 13:37:14 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-21 13:37:14 ----A---- C:\Windows\system32\jscript.dll
2009-06-21 13:37:14 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-21 13:37:14 ----A---- C:\Windows\system32\advpack.dll
2009-06-21 13:37:13 ----A---- C:\Windows\system32\url.dll
2009-06-21 13:37:12 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\PDMSetup.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\mshta.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\iexpress.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-21 13:37:12 ----A---- C:\Windows\system32\iesysprep.dll
2009-06-21 13:21:45 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-21 13:21:45 ----A---- C:\Windows\system32\infocardapi.dll
2009-06-21 13:21:44 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-06-21 13:21:44 ----A---- C:\Windows\system32\icardres.dll
2009-06-21 13:21:44 ----A---- C:\Windows\system32\icardagt.exe
2009-06-21 13:21:41 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-06-21 13:21:38 ----A---- C:\Windows\system32\PresentationHost.exe
2009-06-21 13:14:49 ----A---- C:\Windows\system32\dfshim.dll
2009-06-21 13:14:46 ----A---- C:\Windows\system32\mscoree.dll
2009-06-21 13:14:45 ----A---- C:\Windows\system32\netfxperf.dll
2009-06-21 13:14:31 ----A---- C:\Windows\system32\mscorier.dll
2009-06-21 13:14:22 ----A---- C:\Windows\system32\mscories.dll
2009-06-21 12:57:15 ----D---- C:\ProgramData\Kaspersky Lab
2009-06-21 12:57:15 ----D---- C:\Program Files\Kaspersky Lab
2009-06-14 15:35:48 ----A---- C:\Windows\system32\EncDec.dll
2009-06-14 15:35:47 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-13 22:41:19 ----A---- C:\Windows\system32\localspl.dll
2009-06-13 22:41:15 ----A---- C:\Windows\system32\rpcrt4.dll

======List of files/folders modified in the last 1 months======

2009-06-21 22:13:28 ----D---- C:\Windows\Prefetch
2009-06-21 22:13:27 ----RD---- C:\Program Files
2009-06-21 22:10:44 ----D---- C:\Windows\Temp
2009-06-21 22:10:34 ----D---- C:\Windows\System32
2009-06-21 22:10:34 ----D---- C:\Windows\inf
2009-06-21 22:10:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-21 22:07:05 ----HD---- C:\ProgramData
2009-06-21 20:51:56 ----D---- C:\Program Files\Internet Explorer
2009-06-21 17:02:32 ----SD---- C:\Users\Shamilah\AppData\Roaming\Microsoft
2009-06-21 16:45:09 ----D---- C:\Windows\Microsoft.NET
2009-06-21 16:44:49 ----RSD---- C:\Windows\assembly
2009-06-21 15:07:00 ----SHD---- C:\System Volume Information
2009-06-21 15:05:43 ----SHD---- C:\Windows\Installer
2009-06-21 15:05:43 ----D---- C:\Windows
2009-06-21 15:05:29 ----D---- C:\Program Files\Symantec
2009-06-21 15:05:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-21 14:03:32 ----D---- C:\Windows\rescache
2009-06-21 13:42:21 ----D---- C:\Windows\system32\migration
2009-06-21 13:42:20 ----D---- C:\Windows\system32\fr-FR
2009-06-21 13:42:19 ----D---- C:\Windows\system32\en-US
2009-06-21 13:42:19 ----D---- C:\Windows\PolicyDefinitions
2009-06-21 13:42:11 ----D---- C:\Windows\system32\XPSViewer
2009-06-21 13:42:11 ----D---- C:\Windows\system32\wbem
2009-06-21 13:40:35 ----D---- C:\Windows\winsxs
2009-06-21 13:40:26 ----D---- C:\Windows\system32\catroot2
2009-06-21 13:40:26 ----D---- C:\Windows\system32\catroot
2009-06-21 13:12:39 ----D---- C:\Windows\Debug
2009-06-21 12:58:30 ----D---- C:\Windows\system32\drivers
2009-06-21 11:48:22 ----D---- C:\ProgramData\Symantec
2009-06-21 11:47:34 ----D---- C:\Program Files\Common Files
2009-06-21 11:43:23 ----D---- C:\Windows\Tasks
2009-06-15 20:44:45 ----D---- C:\Windows\ehome
2009-06-15 16:37:27 ----D---- C:\ProgramData\Microsoft Help
2009-06-01 09:51:14 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-06-21 239632]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-02-19 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-21 1790976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-11 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-02-05 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSIRCOMM;Pilote de communications IR Microsoft; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-21 24064]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/sans fil 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-29 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-29 27072]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

Info:
info.txt logfile of random's system information tool 1.06 2009-06-21 22:13:32

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Ad-remover-->C:\Program Files\Ad-remover\Uninstall ADR.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Driver v4.170.25.19_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{88410D8F-8529-492B-B556-2394A29B811B}\setup.exe -runfromtemp -l0x0009 -removeonly
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Gestionnaire de contacts professionnels pour Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}
Gestionnaire de contacts professionnels pour Outlook 2007 SP2-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{1F24E48F-7692-4E89-8784-68DD4D2712A0}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{A30179B7-997A-4D47-AA43-57AE59A9C78B}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x040c
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly
NTI Shadow-->C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x040c
Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Super Mario: Blue Twilight DX (v1.04.1)-->C:\Program Files\Super Mario Blue Twilight DX\Uninstal.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x040c
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Kaspersky Anti-Virus (outdated)
AS: Windows Defender
AS: Kaspersky Anti-Virus

======System event log======

Computer Name: PC-de-Shamilah
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 96818
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090519180846.885400-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Shamilah
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 96825
Source Name: b57nd60x
Time Written: 20090520085417.254507-000
Event Type: Avertissement
User:

Computer Name: PC-de-Shamilah
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 96830
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090520085432.933381-000
Event Type: Erreur
User:

Computer Name: PC-de-Shamilah
Event Code: 7000
Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 96874
Source Name: Service Control Manager
Time Written: 20090520085509.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Shamilah
Event Code: 6008
Message: L'arrêt système précédant à 15:39:24 le 20/05/2009 n'était pas prévu.
Record Number: 96999
Source Name: EventLog
Time Written: 20090520142626.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Shamilah
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-535121939-2027292061-3925157221-1003:
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-535121939-2027292061-3925157221-1003

Record Number: 45886
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090621180417.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Shamilah
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-535121939-2027292061-3925157221-1003_Classes:
Process 924 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-535121939-2027292061-3925157221-1003_CLASSES

Record Number: 45887
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090621180418.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Shamilah
Event Code: 3
Message: La configuration du protocole AdminConnection\TCP n'est pas valide dans l'instance SQL MSSMLBIZ.
Record Number: 45902
Source Name: SQLBrowser
Time Written: 20090621180537.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Shamilah
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 45915
Source Name: Microsoft-Windows-WMI
Time Written: 20090621180545.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Shamilah
Event Code: 1000
Message: Application défaillante SystrayApp.exe, version 1.0.39.739, horodatage 0x46f94eba, module défaillant SystrayApp.exe, version 1.0.39.739, horodatage 0x46f94eba, code d’exception 0xc0000005, décalage d’erreur 0x00001c1c, ID du processus 0x984, heure de début de l’application 0x01c9f29adefdbd5a.
Record Number: 45920
Source Name: Application Error
Time Written: 20090621180557.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Shamilah
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SHAMILAH$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x828
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x223be52
Record Number: 19372
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090405153638.076600-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Shamilah
Event Code: 4905
Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-SHAMILAH$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x828
Nom du processus : C:\Windows\System32\VSSVC.exe

Répondre à sulli974

plopus, le 21 jun 2009 à 21:02:44

Tu as pas mal d'infection USB, branche bien tes clefs USb, appareil photo etc...

* Telecharge et installe UsbFix de C_XX & Chiquitine29

http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

* Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi "Exécuter en tant qu'administrateur" .

* Choisi l'option 1 ( Recherche )

* Laisse travailler l'outil.

* Ensuite post le rapport UsbFix.txt qui apparaîtra.

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Répondre à plopus

sulli974, le 21 jun 2009 à 21:23:27

USBfix:

############################## [ UsbFix V3.032 ]

# User : Shamilah (Administrateurs) # PC-DE-SHAMILAH
# Update on 15/06/09 by Chiquitine29
# Start at: 23:11:47 | 21/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Disabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | (!) Outdated ]

# C:\ # Disque fixe local # 69,65 Go (6,89 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 69,64 Go (69,55 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,46 Go (7,41 Go free) [FALHAD] # FAT32
# G:\ # Disque amovible # 1,91 Go (807,5 Mo free) [FALHAD] # FAT

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Shamilah\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\WUDFHost.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
HKCU_Main: "Start page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""

HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: SynTPStart=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM_Run: Adobe Reader Speed Launcher="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
HKLM_Run: RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM_Run: LanguageShortcut="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
HKLM_Run: LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
HKLM_Run: eRecoveryService=
HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
HKLM_Run: SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
HKLM_Run: ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: AVP="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## [ Fichiers # Dossiers infectieux ]

G:\autorun.inf # -> fichier appelé : "G:\uhoxajc.cmd" ( Absent ! )
Présent ! G:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Présent ! HKLM\software\microsoft\security center "UacDisableNotify" ( 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{07b84eb7-e2e2-11dd-803d-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{07b84eb7-e2e2-11dd-803d-000000000000}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{07b84eb7-e2e2-11dd-803d-000000000000}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{4156d958-9d36-11dd-918c-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4156d958-9d36-11dd-918c-000000000000}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{4156d958-9d36-11dd-918c-000000000000}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{a74b0f3b-e3be-11dd-af24-000000000000}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{a74b0f3b-e3be-11dd-af24-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c2a0fda3-07fd-11de-bb12-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c2a0fda3-07fd-11de-bb12-000000000000}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{c2a0fda3-07fd-11de-bb12-000000000000}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{cc8d7d33-9c17-11dd-9691-000000000000}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{cc8d7d33-9c17-11dd-9691-000000000000}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.032 ! ]

Répondre à sulli974

plopus, le 21 jun 2009 à 21:35:19

Toujours avec UAC desactiver et en clic droit et execute en admin :

laisse TOUT tes sources de données branchées et relance USBfix en option 2 et poste le rapport

ensuite si ton kaspsersky n'est pas une version cracké (piraté) fait une mise a jour et lance un scan complet , supprime tout ce qu'il trouve et poste le rapport sinon fait le scan ici http://www.kaspersky.com/fr/virusscanner et poste le rapport

puis

* Télécharge Malwarebytes
http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware
* Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
* Lance une analyse complète en cliquant sur "Exécuter un examen complet"
* Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée

Répondre à plopus

sulli974, le 21 jun 2009 à 21:41:01

Je ne peux pas faire de mise à jour avec mon Kapersky. en effet, il me demande d'activier mon logiciel pour 30 jours (version gratuite) et je n'arrive pas à l'activer vu que mon IE ne fonctionne plus et me met: "Impossible de connecter au serveur".

Répondre à sulli974

sulli974, le 21 jun 2009 à 21:48:13

Lorsque j'ai cliqué sur 2 il a redémarré et je n'ai pas eu de fichier texte mis à part celui la BOOTEX:
Vérification du système de fichiers sur G:
Le type du système de fichiers est FAT.

L'intégrité de l'un de vos disques doit être vérifiée.
Vous pouvez annuler cette vérification, mais son exécution est
fortement recommandée.
Windows va maintenant vérifier le disque.
Le numéro de série du volume est 1530-BB61
Suppression de l'entrée de nom de dossier long non valide de \M2 CCA...
Windows a effectué des corrections sur le système de fichiers.

2050686976 octets d'espace disque au total.
720896 octets dans 15 fichiers cachés.
2785280 octets dans 85 dossiers.
1200455680 octets dans 802 fichiers.
846725120 octets disponibles sur le disque.

32768 octets dans chaque unité d'allocation.
62582 unités d'allocation au total sur le disque.
25840 unités d'allocation disponibles sur le disque.

Répondre à sulli974

sulli974, le 21 jun 2009 à 22:55:10

Voici le rapport:

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 6.0.6001 Service Pack 1

22/06/2009 00:53:43
mbam-log-2009-06-22 (00-53-43).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 153757
Temps écoulé: 58 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\ad-remover\quarantine\PROGRA~1\INTERN~1\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\PROGRA~1\WI1F86~1\MESSEN~1\riched20.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\Users\Shamilah\AppData\Local\Temp\MWSSRCSP.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\ad-remover\quarantine\Windows\System32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Répondre à sulli974

sulli974, le 21 jun 2009 à 22:58:30

IE ne fonctionne pas.

Répondre à sulli974

plopus, le 22 jun 2009 à 08:35:40

Salut

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

essaye le scan en ligne ici http://www.eset.eu/eset-online-scanner sachant qu'il faut que tu clic droit suir ton navigateur internet et que tu choisise executer en tant qu'administrateur et poste le rapport

puis si sa marche toujours pas IE :

essaye ceci et dot moi le message que tu as (sa peut durer quelque temps...
va dans demarrer puis en bas dans la barre de recherche tape "CMD" sans les " puis dans la fenetre qui s'ouvre tu tape "sfc /scannow" puis entrée et patiente le temps du scan et donne moi le message que tu as puis réessaye de lancer IE

si sa marche toujours pas

depuis quand IE ne fonctionne pas ? depuis que tu as installé IE 8 ? essaye de desinstallé IE 8 et de le reinstaller

Répondre à plopus

sulli974, le 22 jun 2009 à 09:21:03

Salut,

UsbFix:

############################## [ UsbFix V3.032 ]

# User : Shamilah (Administrateurs) # PC-DE-SHAMILAH
# Update on 15/06/09 by Chiquitine29
# Start at: 23:11:47 | 21/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Disabled
# AV : Kaspersky Anti-Virus 8.0.0.506 [ Enabled | (!) Outdated ]

# C:\ # Disque fixe local # 69,65 Go (6,89 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 69,64 Go (69,55 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 7,46 Go (7,41 Go free) [FALHAD] # FAT32
# G:\ # Disque amovible # 1,91 Go (807,5 Mo free) [FALHAD] # FAT

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Shamilah\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Shamilah\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\WUDFHost.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
HKCU_Main: "Start page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""

HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: SynTPStart=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM_Run: Adobe Reader Speed Launcher="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
HKLM_Run: RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM_Run: LanguageShortcut="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
HKLM_Run: LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
HKLM_Run: eRecoveryService=
HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
HKLM_Run: SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
HKLM_Run: ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: AVP="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## [ Fichiers # Dossiers infectieux ]

G:\autorun.inf # -> fichier appelé : "G:\uhoxajc.cmd" ( Absent ! )
Présent ! G:\autorun.inf

Répondre à sulli974

sulli974, le 22 jun 2009 à 09:23:06

Je ne peux pas ouvrir IE. Je suis sur un autre poste en ce moment. Mais celui infecté refuse d'ouvrir quoi que ce soit.

Répondre à sulli974

sulli974, le 22 jun 2009 à 09:25:25

Concernant le sfc/scannow, on me dit: "pour pouvoir utiliser l'utilitaire sfc, vous devez etre un administrateur executant une session de controle".

Répondre à sulli974

44 réponses 12 3 Suivant

Posez votre question Répondre