Probleme cherche.us
Fermé
vielou
Messages postés
35
Date d'inscription
jeudi 19 mars 2009
Statut
Membre
Dernière intervention
12 mai 2010
-
4 janv. 2010 à 23:08
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 - 6 janv. 2010 à 04:50
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 - 6 janv. 2010 à 04:50
10 réponses
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
4 janv. 2010 à 23:09
4 janv. 2010 à 23:09
Salut vielou
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Vincent at 2010-01-04 23:11:10
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 8 GB (6%) free of 145 GB
Total RAM: 2037 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:44, on 04/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Vincent\winternet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Vincent\Downloads\RSIT.exe
C:\Program Files\trend micro\Vincent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winternet] C:\Users\Vincent\winternet.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Users\Vincent\AppData\Local\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Vincent\scriptjava.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Run by Vincent at 2010-01-04 23:11:10
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 8 GB (6%) free of 145 GB
Total RAM: 2037 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:44, on 04/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Vincent\winternet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Vincent\Downloads\RSIT.exe
C:\Program Files\trend micro\Vincent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winternet] C:\Users\Vincent\winternet.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Users\Vincent\AppData\Local\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Vincent\scriptjava.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
4 janv. 2010 à 23:43
4 janv. 2010 à 23:43
Salut vielou
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
vielou
Messages postés
35
Date d'inscription
jeudi 19 mars 2009
Statut
Membre
Dernière intervention
12 mai 2010
5 janv. 2010 à 00:19
5 janv. 2010 à 00:19
ComboFix 10-01-04.01 - Vincent 04/01/2010 23:54:36.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.968 [GMT 1:00]
Lancé depuis: c:\users\Vincent\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Spyware *enabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe
c:\users\Vincent\winternet.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 ))))))))))))))))))))))))))))))))))))
.
2010-01-04 22:11 . 2010-01-04 22:11 -------- dc----w- C:\rsit
2009-12-09 20:10 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 20:10 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 20:10 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 19:46 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 19:46 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 19:46 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 19:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 12:30 . 2009-12-06 12:30 -------- d-----w- c:\users\Vincent\AppData\Roaming\AccurateRip
2009-12-06 12:30 . 2009-12-06 12:29 5052280 ----a-w- c:\windows\system32\SpoonUninstall.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 22:59 . 2006-11-02 15:48 713542 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 22:59 . 2006-11-02 15:48 143542 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-04 22:47 . 2009-03-21 13:59 -------- d-----w- c:\program files\NOS
2010-01-04 22:11 . 2009-03-19 20:49 -------- d-----w- c:\program files\trend micro
2010-01-03 20:43 . 2010-01-03 20:26 0 ----a-w- c:\users\Vincent\errorlog.tmp
2009-12-11 09:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-25 17:29 . 2009-03-21 13:57 -------- d-----w- c:\program files\Java
2009-11-24 20:17 . 2008-02-14 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-21 14:22 . 2009-11-21 13:32 -------- d-----w- c:\users\Vincent\AppData\Roaming\Facebook
2009-11-16 23:00 . 2009-11-16 23:00 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-16 23:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-16 23:00 . 2009-11-16 23:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-16 22:58 . 2009-11-16 22:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-02 19:42 . 2009-10-02 18:02 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-24 19:45 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 03:17 . 2009-01-08 17:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-16 20:00 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-16 20:00 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-16 20:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2007-09-16 10:15 . 2007-09-16 10:15 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-02-03 240544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2007-03-19 218664]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e8,f1,d8,46,cd,42,ca,01
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.sys [31/12/2008 20:19 47104]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [04/06/2008 01:49 21504]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJAsioK.sys [31/12/2008 20:19 130432]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\System32\drivers\HDJMidi.sys [31/12/2008 20:19 41984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uDefault_search_url = hxxp://www.google.fr
uStart Page = hxxp://www.cherche.us
uSearchMigratedDefaultURL = www.google.fr
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = www.google.fr
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Recherche avec cherche.us - c:\users\Vincent\scriptjava.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: chat-land.org
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-winternet - c:\users\Vincent\winternet.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 00:10
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85936D20]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x883c9d24
\Driver\ACPI -> acpi.sys @ 0x8309cd68
\Driver\atapi -> 0x85936d20
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3a49b50f-48d7-421c-ab05-387bffc718d2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001b24
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3caba9fa-a853-4c3a-9cc7-f558aef753ce}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{497a68f2-f535-4bb7-b365-eab44ff47354}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0016d3
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{59280994-5aba-4e9f-ac1a-8cd496bd66a1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b001a73
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6ca51cea-db0d-466f-a928-08452b496627}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10001a73
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7378d600-bf8e-4414-8f72-b6b55ef8ddbf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e13cdee6-925a-447a-b31c-dba59f1cd235}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a73
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Heure de fin: 2010-01-05 00:18:00
ComboFix-quarantined-files.txt 2010-01-04 23:17
Avant-CF: 8 634 851 328 octets libres
Après-CF: 8 597 139 456 octets libres
- - End Of File - - FDE5D499752897ED802A1E697E97D1FA
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.968 [GMT 1:00]
Lancé depuis: c:\users\Vincent\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Spyware *enabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe
c:\users\Vincent\winternet.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-04 au 2010-01-04 ))))))))))))))))))))))))))))))))))))
.
2010-01-04 22:11 . 2010-01-04 22:11 -------- dc----w- C:\rsit
2009-12-09 20:10 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 20:10 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 20:10 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 19:46 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 19:46 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 19:46 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 19:44 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 12:30 . 2009-12-06 12:30 -------- d-----w- c:\users\Vincent\AppData\Roaming\AccurateRip
2009-12-06 12:30 . 2009-12-06 12:29 5052280 ----a-w- c:\windows\system32\SpoonUninstall.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 22:59 . 2006-11-02 15:48 713542 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-04 22:59 . 2006-11-02 15:48 143542 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-04 22:47 . 2009-03-21 13:59 -------- d-----w- c:\program files\NOS
2010-01-04 22:11 . 2009-03-19 20:49 -------- d-----w- c:\program files\trend micro
2010-01-03 20:43 . 2010-01-03 20:26 0 ----a-w- c:\users\Vincent\errorlog.tmp
2009-12-11 09:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-25 17:29 . 2009-03-21 13:57 -------- d-----w- c:\program files\Java
2009-11-24 20:17 . 2008-02-14 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-21 14:22 . 2009-11-21 13:32 -------- d-----w- c:\users\Vincent\AppData\Roaming\Facebook
2009-11-16 23:00 . 2009-11-16 23:00 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-16 23:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-16 23:00 . 2009-11-16 23:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-16 22:58 . 2009-11-16 22:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-02 19:42 . 2009-10-02 18:02 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-24 19:45 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 03:17 . 2009-01-08 17:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-16 20:00 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-16 20:00 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-16 20:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2007-09-16 10:15 . 2007-09-16 10:15 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-02-03 240544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2007-03-19 218664]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e8,f1,d8,46,cd,42,ca,01
S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.sys [31/12/2008 20:19 47104]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [04/06/2008 01:49 21504]
S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJAsioK.sys [31/12/2008 20:19 130432]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\System32\drivers\HDJMidi.sys [31/12/2008 20:19 41984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uDefault_search_url = hxxp://www.google.fr
uStart Page = hxxp://www.cherche.us
uSearchMigratedDefaultURL = www.google.fr
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = www.google.fr
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Recherche avec cherche.us - c:\users\Vincent\scriptjava.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: chat-land.org
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-winternet - c:\users\Vincent\winternet.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 00:10
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85936D20]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x883c9d24
\Driver\ACPI -> acpi.sys @ 0x8309cd68
\Driver\atapi -> 0x85936d20
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3a49b50f-48d7-421c-ab05-387bffc718d2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001b24
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3caba9fa-a853-4c3a-9cc7-f558aef753ce}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{497a68f2-f535-4bb7-b365-eab44ff47354}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0016d3
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{59280994-5aba-4e9f-ac1a-8cd496bd66a1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b001a73
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6ca51cea-db0d-466f-a928-08452b496627}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10001a73
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7378d600-bf8e-4414-8f72-b6b55ef8ddbf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e13cdee6-925a-447a-b31c-dba59f1cd235}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a73
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Heure de fin: 2010-01-05 00:18:00
ComboFix-quarantined-files.txt 2010-01-04 23:17
Avant-CF: 8 634 851 328 octets libres
Après-CF: 8 597 139 456 octets libres
- - End Of File - - FDE5D499752897ED802A1E697E97D1FA
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
5 janv. 2010 à 00:30
5 janv. 2010 à 00:30
Salut vielou
Télécharge load_tdsskiller de Loup Blanc sur ton Bureau :
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe
Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.
- Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
- A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
- Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
- Fais redémarrer ton PC
@++ :)
Télécharge load_tdsskiller de Loup Blanc sur ton Bureau :
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe
Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.
- Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
- A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
- Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
- Fais redémarrer ton PC
@++ :)
vielou
Messages postés
35
Date d'inscription
jeudi 19 mars 2009
Statut
Membre
Dernière intervention
12 mai 2010
5 janv. 2010 à 00:33
5 janv. 2010 à 00:33
00:33:30:762 3320 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
00:33:30:762 3320 ================================================================================
00:33:30:762 3320 SystemInfo:
00:33:30:762 3320 OS Version: 6.0.6002 ServicePack: 2.0
00:33:30:762 3320 Product type: Workstation
00:33:30:763 3320 ComputerName: PC-VINCENT
00:33:30:764 3320 UserName: Vincent
00:33:30:764 3320 Windows directory: C:\Windows
00:33:30:765 3320 Processor architecture: Intel x86
00:33:30:765 3320 Number of processors: 2
00:33:30:765 3320 Page size: 0x1000
00:33:30:768 3320 Boot type: Normal boot
00:33:30:768 3320 ================================================================================
00:33:30:774 3320 ForceUnloadDriver: NtUnloadDriver error 2
00:33:30:775 3320 ForceUnloadDriver: NtUnloadDriver error 2
00:33:30:776 3320 ForceUnloadDriver: NtUnloadDriver error 2
00:33:30:777 3320 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0
00:33:30:778 3320 main: Driver KLMD successfully dropped
00:33:31:043 3320 main: Driver KLMD successfully loaded
00:33:31:043 3320
Scanning Registry ...
00:33:31:080 3320 ScanServices: Searching service UACd.sys
00:33:31:080 3320 ScanServices: Open/Create key error 2
00:33:31:080 3320 ScanServices: Searching service TDSSserv.sys
00:33:31:080 3320 ScanServices: Open/Create key error 2
00:33:31:080 3320 ScanServices: Searching service gaopdxserv.sys
00:33:31:081 3320 ScanServices: Open/Create key error 2
00:33:31:081 3320 ScanServices: Searching service gxvxcserv.sys
00:33:31:081 3320 ScanServices: Open/Create key error 2
00:33:31:081 3320 ScanServices: Searching service MSIVXserv.sys
00:33:31:081 3320 ScanServices: Open/Create key error 2
00:33:31:086 3320 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82249000
00:33:31:100 3320 UnhookRegistry: Kernel local addr: 1BA0000
00:33:31:110 3320 UnhookRegistry: KeServiceDescriptorTable addr: 1CD7B00
00:33:31:268 3320 UnhookRegistry: KiServiceTable addr: 1C4C82C
00:33:31:269 3320 UnhookRegistry: NtEnumerateKey service number (local): 85
00:33:31:269 3320 UnhookRegistry: NtEnumerateKey local addr: 1D9D0BA
00:33:31:283 3320 KLMD_OpenDevice: Trying to open KLMD device
00:33:31:283 3320 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
00:33:31:283 3320 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
00:33:31:284 3320 KLMD_ReadMem: Trying to ReadMemory 0x82291D19[0x4]
00:33:31:284 3320 UnhookRegistry: NtEnumerateKey service number (kernel): 85
00:33:31:284 3320 KLMD_ReadMem: Trying to ReadMemory 0x822F5A40[0x4]
00:33:31:284 3320 UnhookRegistry: NtEnumerateKey real addr: 824460BA
00:33:31:284 3320 UnhookRegistry: NtEnumerateKey calc addr: 824460BA
00:33:31:284 3320 UnhookRegistry: No SDT hooks found on NtEnumerateKey
00:33:31:284 3320 KLMD_ReadMem: Trying to ReadMemory 0x824460BA[0xA]
00:33:31:284 3320 UnhookRegistry: No splicing found on NtEnumerateKey
00:33:31:291 3320
Scanning Kernel memory ...
00:33:31:292 3320 KLMD_OpenDevice: Trying to open KLMD device
00:33:31:292 3320 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
00:33:31:292 3320 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
00:33:31:292 3320 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85420238
00:33:31:292 3320 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
00:33:31:293 3320 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85939558
00:33:31:293 3320 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85939558
00:33:31:293 3320 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8522BB98
00:33:31:293 3320 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8522BB98
00:33:31:293 3320 KLMD_ReadMem: Trying to ReadMemory 0x8522BB98[0x38]
00:33:31:293 3320 DetectCureTDL3: DRIVER_OBJECT addr: 851ECAC0
00:33:31:293 3320 KLMD_ReadMem: Trying to ReadMemory 0x851ECAC0[0xA8]
00:33:31:294 3320 KLMD_ReadMem: Trying to ReadMemory 0x851ECC80[0x208]
00:33:31:294 3320 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
00:33:31:294 3320 DetectCureTDL3: IrpHandler (0) addr: 831DD140
00:33:31:294 3320 DetectCureTDL3: IrpHandler (1) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (2) addr: 831DD140
00:33:31:294 3320 DetectCureTDL3: IrpHandler (3) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (4) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (5) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (6) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (7) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (8) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (9) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (10) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (11) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (12) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (13) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (14) addr: 831CBA5A
00:33:31:296 3320 DetectCureTDL3: IrpHandler (15) addr: 85936D20
00:33:31:296 3320 DetectCureTDL3: IrpHandler (16) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (17) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (18) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (19) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (20) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (21) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (22) addr: 831CBA88
00:33:31:296 3320 DetectCureTDL3: IrpHandler (23) addr: 831D8B70
00:33:31:297 3320 DetectCureTDL3: IrpHandler (24) addr: 822719D2
00:33:31:297 3320 DetectCureTDL3: IrpHandler (25) addr: 822719D2
00:33:31:297 3320 DetectCureTDL3: IrpHandler (26) addr: 822719D2
00:33:31:297 3320 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
00:33:31:297 3320 KLMD_ReadMem: DeviceIoControl error 1
00:33:31:297 3320 TDL3_StartIoHookDetect: Unable to get StartIo handler code
00:33:31:297 3320 TDL3_FileDetect: Processing driver: atapi
00:33:31:298 3320 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
00:33:31:298 3320 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
00:33:31:298 3320 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
00:33:31:319 3320
Completed
Results:
00:33:31:320 3320 Infected objects in memory: 0
00:33:31:321 3320 Cured objects in memory: 0
00:33:31:321 3320 Infected objects on disk: 0
00:33:31:322 3320 Objects on disk cured on reboot: 0
00:33:31:323 3320 Objects on disk deleted on reboot: 0
00:33:31:323 3320 Registry nodes deleted on reboot: 0
00:33:31:324 3320
00:33:30:762 3320 ================================================================================
00:33:30:762 3320 SystemInfo:
00:33:30:762 3320 OS Version: 6.0.6002 ServicePack: 2.0
00:33:30:762 3320 Product type: Workstation
00:33:30:763 3320 ComputerName: PC-VINCENT
00:33:30:764 3320 UserName: Vincent
00:33:30:764 3320 Windows directory: C:\Windows
00:33:30:765 3320 Processor architecture: Intel x86
00:33:30:765 3320 Number of processors: 2
00:33:30:765 3320 Page size: 0x1000
00:33:30:768 3320 Boot type: Normal boot
00:33:30:768 3320 ================================================================================
00:33:30:774 3320 ForceUnloadDriver: NtUnloadDriver error 2
00:33:30:775 3320 ForceUnloadDriver: NtUnloadDriver error 2
00:33:30:776 3320 ForceUnloadDriver: NtUnloadDriver error 2
00:33:30:777 3320 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0
00:33:30:778 3320 main: Driver KLMD successfully dropped
00:33:31:043 3320 main: Driver KLMD successfully loaded
00:33:31:043 3320
Scanning Registry ...
00:33:31:080 3320 ScanServices: Searching service UACd.sys
00:33:31:080 3320 ScanServices: Open/Create key error 2
00:33:31:080 3320 ScanServices: Searching service TDSSserv.sys
00:33:31:080 3320 ScanServices: Open/Create key error 2
00:33:31:080 3320 ScanServices: Searching service gaopdxserv.sys
00:33:31:081 3320 ScanServices: Open/Create key error 2
00:33:31:081 3320 ScanServices: Searching service gxvxcserv.sys
00:33:31:081 3320 ScanServices: Open/Create key error 2
00:33:31:081 3320 ScanServices: Searching service MSIVXserv.sys
00:33:31:081 3320 ScanServices: Open/Create key error 2
00:33:31:086 3320 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82249000
00:33:31:100 3320 UnhookRegistry: Kernel local addr: 1BA0000
00:33:31:110 3320 UnhookRegistry: KeServiceDescriptorTable addr: 1CD7B00
00:33:31:268 3320 UnhookRegistry: KiServiceTable addr: 1C4C82C
00:33:31:269 3320 UnhookRegistry: NtEnumerateKey service number (local): 85
00:33:31:269 3320 UnhookRegistry: NtEnumerateKey local addr: 1D9D0BA
00:33:31:283 3320 KLMD_OpenDevice: Trying to open KLMD device
00:33:31:283 3320 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
00:33:31:283 3320 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
00:33:31:284 3320 KLMD_ReadMem: Trying to ReadMemory 0x82291D19[0x4]
00:33:31:284 3320 UnhookRegistry: NtEnumerateKey service number (kernel): 85
00:33:31:284 3320 KLMD_ReadMem: Trying to ReadMemory 0x822F5A40[0x4]
00:33:31:284 3320 UnhookRegistry: NtEnumerateKey real addr: 824460BA
00:33:31:284 3320 UnhookRegistry: NtEnumerateKey calc addr: 824460BA
00:33:31:284 3320 UnhookRegistry: No SDT hooks found on NtEnumerateKey
00:33:31:284 3320 KLMD_ReadMem: Trying to ReadMemory 0x824460BA[0xA]
00:33:31:284 3320 UnhookRegistry: No splicing found on NtEnumerateKey
00:33:31:291 3320
Scanning Kernel memory ...
00:33:31:292 3320 KLMD_OpenDevice: Trying to open KLMD device
00:33:31:292 3320 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
00:33:31:292 3320 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
00:33:31:292 3320 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85420238
00:33:31:292 3320 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
00:33:31:293 3320 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85939558
00:33:31:293 3320 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85939558
00:33:31:293 3320 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8522BB98
00:33:31:293 3320 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8522BB98
00:33:31:293 3320 KLMD_ReadMem: Trying to ReadMemory 0x8522BB98[0x38]
00:33:31:293 3320 DetectCureTDL3: DRIVER_OBJECT addr: 851ECAC0
00:33:31:293 3320 KLMD_ReadMem: Trying to ReadMemory 0x851ECAC0[0xA8]
00:33:31:294 3320 KLMD_ReadMem: Trying to ReadMemory 0x851ECC80[0x208]
00:33:31:294 3320 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
00:33:31:294 3320 DetectCureTDL3: IrpHandler (0) addr: 831DD140
00:33:31:294 3320 DetectCureTDL3: IrpHandler (1) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (2) addr: 831DD140
00:33:31:294 3320 DetectCureTDL3: IrpHandler (3) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (4) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (5) addr: 822719D2
00:33:31:294 3320 DetectCureTDL3: IrpHandler (6) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (7) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (8) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (9) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (10) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (11) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (12) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (13) addr: 822719D2
00:33:31:295 3320 DetectCureTDL3: IrpHandler (14) addr: 831CBA5A
00:33:31:296 3320 DetectCureTDL3: IrpHandler (15) addr: 85936D20
00:33:31:296 3320 DetectCureTDL3: IrpHandler (16) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (17) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (18) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (19) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (20) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (21) addr: 822719D2
00:33:31:296 3320 DetectCureTDL3: IrpHandler (22) addr: 831CBA88
00:33:31:296 3320 DetectCureTDL3: IrpHandler (23) addr: 831D8B70
00:33:31:297 3320 DetectCureTDL3: IrpHandler (24) addr: 822719D2
00:33:31:297 3320 DetectCureTDL3: IrpHandler (25) addr: 822719D2
00:33:31:297 3320 DetectCureTDL3: IrpHandler (26) addr: 822719D2
00:33:31:297 3320 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
00:33:31:297 3320 KLMD_ReadMem: DeviceIoControl error 1
00:33:31:297 3320 TDL3_StartIoHookDetect: Unable to get StartIo handler code
00:33:31:297 3320 TDL3_FileDetect: Processing driver: atapi
00:33:31:298 3320 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
00:33:31:298 3320 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
00:33:31:298 3320 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
00:33:31:319 3320
Completed
Results:
00:33:31:320 3320 Infected objects in memory: 0
00:33:31:321 3320 Cured objects in memory: 0
00:33:31:321 3320 Infected objects on disk: 0
00:33:31:322 3320 Objects on disk cured on reboot: 0
00:33:31:323 3320 Objects on disk deleted on reboot: 0
00:33:31:323 3320 Registry nodes deleted on reboot: 0
00:33:31:324 3320
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
5 janv. 2010 à 00:51
5 janv. 2010 à 00:51
Salut vielou
Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
- Quitte les applications en cours afin de ne pas interrompre le scan.
- Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".
- Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :
netsvcs
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
/md5stop
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).
- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.
@++ :)
Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
- Quitte les applications en cours afin de ne pas interrompre le scan.
- Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".
- Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :
netsvcs
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
/md5stop
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).
- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.
@++ :)
vielou
Messages postés
35
Date d'inscription
jeudi 19 mars 2009
Statut
Membre
Dernière intervention
12 mai 2010
5 janv. 2010 à 20:42
5 janv. 2010 à 20:42
OTL Extras logfile created on: 05/01/2010 20:21:35 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Vincent\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,63 Gb Total Space | 9,80 Gb Free Space | 6,92% Space Free | Partition Type: NTFS
Drive D: | 7,42 Gb Total Space | 2,19 Gb Free Space | 29,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-VINCENT
Current User Name: Vincent
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DDE6A24-C900-456B-86EC-8C844236750E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3701E516-F61C-4459-9E7B-8A2757140D8D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4222422B-0735-43AC-BEF2-CAC0596AC649}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager |
"{42FA5C05-6F31-4148-8373-CD546755F169}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66164D60-AAEE-4FB8-8D3C-65FB6DD75E8B}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager |
"{69524610-1BD7-4A37-9A09-31E33E8FCB75}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FF363FB-9775-4F47-B7D2-F9C96CAEB516}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{839D8C68-3CC6-42F9-A693-8122C766D58F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABE286F9-F192-4E7D-B216-359547A68A92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF7E05DA-5D08-43CB-A3C6-071444ADECD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B37C5CD0-7C69-4E03-AD8B-E8CC6BA0EA16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEE90D9E-618E-4A33-A984-162B0367F23E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E007B31A-2840-443A-9D19-CC36C0BC8B87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F48D0D0E-0593-4D16-86F7-8578D8278439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C430B1-1460-4AA4-90D1-3E45E1D4F0B1}" = protocol=17 | dir=in | app=c:\users\vincent\appdata\roaming\facebook\facebook.exe |
"{1E1FE5F0-5A56-4A3E-B565-40076D6FF747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27B9EEA6-7A88-43DD-B6CF-59D06D524101}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{29C0724B-4383-49E0-A73B-E9D91BD9B0AC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3DCF66D4-B9BF-4913-9D3B-F1AAF6BB8A74}" = protocol=17 | dir=in | app=c:\program files\aeriagames\projecttorque\projecttorque.bin |
"{5C8BD0DF-7EA9-4C14-8DB2-8F07A20636AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC2C109-C1B6-49AD-A68F-46D100D6B4CD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{600A1491-9AF3-475A-8FEE-E3B4141A1A26}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6B61529B-70C9-41B9-B494-F82306C23C7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{760434C8-7702-4CD8-8284-C26367633734}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76720984-1FC2-48FB-82B2-F3D26C1808C3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7AFA4623-49F1-4211-A6FF-977C62F34FD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ED84A6E-6042-422E-A4CC-0CB62125C1E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{803C6AE4-BD61-4211-91C6-7E36AA89DA8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8890AAEA-6265-4CB1-8365-FED25F455988}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88CAC299-04F1-4C72-909F-EA9F14BCE056}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{8A8391EA-619A-4C11-AA3F-348BD6338780}" = protocol=6 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{8DF41FA1-EE8A-49A0-A0BB-E7398819232A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{90AA00DB-FDE4-4F1D-9AB2-C5D654119AD9}" = protocol=17 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{9AE1E41A-E2FD-4C35-BCA5-0F6A40308921}" = protocol=6 | dir=in | app=c:\users\vincent\appdata\roaming\facebook\facebook.exe |
"{A5B73849-C21A-4762-998D-3B57EF9FDBF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7C14E09-681E-4940-B909-C009DC9EABD4}" = protocol=6 | dir=out | app=system |
"{AD9CB7ED-46BC-473E-B8B1-E78A3975365F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AEA524A1-92B4-4755-91B9-2E1AC4A3E4F9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B7EDB7D0-8056-486B-B6E7-B1307A36E0C7}" = protocol=6 | dir=in | app=c:\program files\aeriagames\projecttorque\projecttorque.bin |
"{BA880B14-E474-40FA-A440-DABD832B947E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4E34B4A-8447-4151-824A-D6807C81C873}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C6A3006E-7539-4A22-883C-BF59C08B1B25}" = protocol=17 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{EDC99B86-74B4-456D-8904-60CDE3867F4B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EE2DC5CE-D947-4FFE-BA0B-79767AF28DBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEEC92E3-0C55-4C7F-8EBA-D6BBC8DB6C7D}" = protocol=6 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{F0A3431F-49E6-4F8F-9830-72B6CA3069BC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{04592CBB-A596-4F98-8313-47D954504649}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{1A303065-67E4-46BF-BCF9-A3E98E6D1A59}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1F8A9F33-5CCB-4FFF-980C-6D73170F2B99}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1FF806F5-8E8C-4D8B-ABC8-F3B8E956DB03}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{2C39C13D-6F72-40AA-B978-734971309181}C:\program files\valve\cs source version lan\lll\srcds.exe" = protocol=6 | dir=in | app=c:\program files\valve\cs source version lan\lll\srcds.exe |
"TCP Query User{337A525C-72C1-4421-BC58-4AFB6C4E8E12}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{46B81F35-A68C-4CF4-9DF3-90F9AEDADD1E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{51F2B2A2-C199-49E2-8AFE-42540F368BB8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{63BD7322-216A-405A-BE0A-681EA811193C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{67DB955B-3EC7-41D1-BD66-027B8FB95FB6}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe |
"TCP Query User{735BEE5A-9311-40E3-A681-A4C3106EF958}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{81A34B9C-92D0-4370-9860-26AC9F21779B}F:\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=f:\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{9A1F373A-B272-4D7B-BF3D-5AB8958BB016}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{9BCD04F3-9855-46D6-9B88-A6E716DD2BE9}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{ABA762BF-7388-4CE6-84ED-DD7935E67471}C:\program files\valve\cs source version lan\lll\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\cs source version lan\lll\hl2.exe |
"TCP Query User{D7B0092D-B994-43A1-9F6D-3AA8CED99EE0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{DD62734A-1BD4-4CB1-9089-7BA736DD12DF}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{026015FC-D0EE-4013-987F-6F9BAF329C93}C:\program files\valve\cs source version lan\lll\srcds.exe" = protocol=17 | dir=in | app=c:\program files\valve\cs source version lan\lll\srcds.exe |
"UDP Query User{144ACF5F-4C59-4033-9CF1-81E881E5D59C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2D3F7638-E524-4255-9595-2473A86F20EE}C:\program files\valve\cs source version lan\lll\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\cs source version lan\lll\hl2.exe |
"UDP Query User{303F2A3E-33CA-4698-89FC-63674EADE5BE}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{60E9599D-EB0D-4653-954D-8FAB2B5D77DD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{757EC483-F706-4EC1-8287-94E75467AC1C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7D365A1B-544E-498E-BAF3-DF7B617B38C8}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe |
"UDP Query User{7F40BDF1-0A78-4D09-95B4-ABE926BAE062}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B65CB98D-B06C-48C4-A20B-442D92477913}F:\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=f:\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{B6EF36DF-28EA-41EA-980D-0F43F2C5C1A9}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C005DFCA-F24B-4E45-BB6F-44A2EB76BACF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D96C95F0-74BB-4F5A-BF62-94E06DA7A2C1}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{DAB3E182-243C-429A-921E-1A3AFF14ADC7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{E7F55818-155B-4CC1-9A6B-1C65B24283DC}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{F1E92333-F072-4434-BEB2-762B00A1362D}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{F956573E-3EA2-41F9-AE9C-5A3366303C1A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{FB7847AB-0671-42CF-9894-69467B2BDEAA}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{336A609A-6ECC-4E05-B320-CCC085BF7EA7}" = MSCU for Microsoft Vista
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6213C1BC-E239-4C9A-B101-887550B82E30}" = NiGraphInstaller
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{903B040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}" = Hercules DJ Console Series drivers
"{EBC457A4-1587-4893-8DCD-7A8ACB4E3C7F}" = Ecodial 3.3 Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FCCC555E-166C-426A-A98C-39C80AE7C081}" = HP User Guides 0082
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"eMule" = eMule
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"KaraFun_is1" = KaraFun 1.18
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc10-FR_FTV_MAIN" = Ski Challenge 2010 (FTV)
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 03/10/2009 04:34:56 | Computer Name = PC-Vincent | Source = VSS | ID = 8194
Description =
Error - 03/10/2009 04:35:27 | Computer Name = PC-Vincent | Source = System Restore | ID = 8193
Description =
Error - 09/10/2009 18:30:52 | Computer Name = PC-Vincent | Source = System Restore | ID = 8193
Description =
Error - 09/10/2009 18:30:52 | Computer Name = PC-Vincent | Source = System Restore | ID = 8210
Description =
Error - 16/10/2009 18:05:08 | Computer Name = PC-Vincent | Source = Application Error | ID = 1000
Description = Application défaillante DllHost.exe, version 6.0.6000.16386, horodatage
0x4549b14e, module défaillant ole32.dll, version 6.0.6002.18005, horodatage 0x49e037d7,
code d’exception 0xc0000005, décalage d’erreur 0x000472da, ID du processus 0xe98,
heure de début de l’application 0x01ca4eab273e4554.
Error - 28/10/2009 08:57:50 | Computer Name = PC-Vincent | Source = Application Hang | ID = 1002
Description = Le programme wmplayer.exe version 11.0.6002.18065 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 1148 Heure
de début : 01ca57cdfe1a2940 Heure de fin : 63
Error - 23/11/2009 15:10:10 | Computer Name = PC-Vincent | Source = ESENT | ID = 215
Description = wlmail (6236) C:\Users\Vincent\AppData\Local\Microsoft\Windows Live
Mail\Calendars\vielou@live.fr\: La sauvegarde a été arrêtée car elle a été interrompue
par le client ou la connexion avec le client a échoué.
Error - 01/12/2009 14:59:36 | Computer Name = PC-Vincent | Source = Application Error | ID = 1000
Description = Application défaillante Explorer.EXE, version 6.0.6002.18005, horodatage
0x49e01da5, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x00000014, ID du processus 0xac0,
heure de début de l’application 0x01ca6d64c8ad6c11.
Error - 01/12/2009 15:00:10 | Computer Name = PC-Vincent | Source = Application Error | ID = 1000
Description = Application défaillante Explorer.EXE, version 6.0.6002.18005, horodatage
0x49e01da5, module défaillant ntdll.dll, version 6.0.6002.18005, horodatage 0x49e03821,
code d’exception 0xc0000374, décalage d’erreur 0x000afaf8, ID du processus 0xac0,
heure de début de l’application 0x01ca6d64c8ad6c11.
Error - 22/12/2009 15:07:19 | Computer Name = PC-Vincent | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 03/10/2007 15:49:58 | Computer Name = PC-Vincent | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide
Error - 05/10/2007 13:17:11 | Computer Name = PC-Vincent | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide
Error - 07/05/2008 03:31:20 | Computer Name = PC-Vincent | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide
[ System Events ]
Error - 04/01/2010 18:48:48 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7034
Description =
Error - 04/01/2010 18:49:11 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7030
Description =
Error - 04/01/2010 18:53:25 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 18:53:25 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 18:53:37 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7034
Description =
Error - 04/01/2010 18:53:50 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7030
Description =
Error - 04/01/2010 19:10:33 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7030
Description =
Error - 04/01/2010 19:37:31 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 19:37:31 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 20:13:41 | Computer Name = PC-Vincent | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.
< End of report >
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Vincent\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,63 Gb Total Space | 9,80 Gb Free Space | 6,92% Space Free | Partition Type: NTFS
Drive D: | 7,42 Gb Total Space | 2,19 Gb Free Space | 29,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-VINCENT
Current User Name: Vincent
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DDE6A24-C900-456B-86EC-8C844236750E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3701E516-F61C-4459-9E7B-8A2757140D8D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4222422B-0735-43AC-BEF2-CAC0596AC649}" = lport=5000 | protocol=17 | dir=in | name=akamai network manager |
"{42FA5C05-6F31-4148-8373-CD546755F169}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66164D60-AAEE-4FB8-8D3C-65FB6DD75E8B}" = lport=9420 | protocol=6 | dir=in | name=akamai network manager |
"{69524610-1BD7-4A37-9A09-31E33E8FCB75}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FF363FB-9775-4F47-B7D2-F9C96CAEB516}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{839D8C68-3CC6-42F9-A693-8122C766D58F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABE286F9-F192-4E7D-B216-359547A68A92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF7E05DA-5D08-43CB-A3C6-071444ADECD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B37C5CD0-7C69-4E03-AD8B-E8CC6BA0EA16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEE90D9E-618E-4A33-A984-162B0367F23E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E007B31A-2840-443A-9D19-CC36C0BC8B87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F48D0D0E-0593-4D16-86F7-8578D8278439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C430B1-1460-4AA4-90D1-3E45E1D4F0B1}" = protocol=17 | dir=in | app=c:\users\vincent\appdata\roaming\facebook\facebook.exe |
"{1E1FE5F0-5A56-4A3E-B565-40076D6FF747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27B9EEA6-7A88-43DD-B6CF-59D06D524101}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{29C0724B-4383-49E0-A73B-E9D91BD9B0AC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3DCF66D4-B9BF-4913-9D3B-F1AAF6BB8A74}" = protocol=17 | dir=in | app=c:\program files\aeriagames\projecttorque\projecttorque.bin |
"{5C8BD0DF-7EA9-4C14-8DB2-8F07A20636AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC2C109-C1B6-49AD-A68F-46D100D6B4CD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{600A1491-9AF3-475A-8FEE-E3B4141A1A26}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6B61529B-70C9-41B9-B494-F82306C23C7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{760434C8-7702-4CD8-8284-C26367633734}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76720984-1FC2-48FB-82B2-F3D26C1808C3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7AFA4623-49F1-4211-A6FF-977C62F34FD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ED84A6E-6042-422E-A4CC-0CB62125C1E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{803C6AE4-BD61-4211-91C6-7E36AA89DA8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8890AAEA-6265-4CB1-8365-FED25F455988}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88CAC299-04F1-4C72-909F-EA9F14BCE056}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{8A8391EA-619A-4C11-AA3F-348BD6338780}" = protocol=6 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{8DF41FA1-EE8A-49A0-A0BB-E7398819232A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{90AA00DB-FDE4-4F1D-9AB2-C5D654119AD9}" = protocol=17 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{9AE1E41A-E2FD-4C35-BCA5-0F6A40308921}" = protocol=6 | dir=in | app=c:\users\vincent\appdata\roaming\facebook\facebook.exe |
"{A5B73849-C21A-4762-998D-3B57EF9FDBF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7C14E09-681E-4940-B909-C009DC9EABD4}" = protocol=6 | dir=out | app=system |
"{AD9CB7ED-46BC-473E-B8B1-E78A3975365F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AEA524A1-92B4-4755-91B9-2E1AC4A3E4F9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B7EDB7D0-8056-486B-B6E7-B1307A36E0C7}" = protocol=6 | dir=in | app=c:\program files\aeriagames\projecttorque\projecttorque.bin |
"{BA880B14-E474-40FA-A440-DABD832B947E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4E34B4A-8447-4151-824A-D6807C81C873}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C6A3006E-7539-4A22-883C-BF59C08B1B25}" = protocol=17 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{EDC99B86-74B4-456D-8904-60CDE3867F4B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EE2DC5CE-D947-4FFE-BA0B-79767AF28DBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEEC92E3-0C55-4C7F-8EBA-D6BBC8DB6C7D}" = protocol=6 | dir=in | app=c:\users\vincent\desktop\pro.evolution.soccer.2009.full-rip.skullptura\pes 2009\pes2009.exe |
"{F0A3431F-49E6-4F8F-9830-72B6CA3069BC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{04592CBB-A596-4F98-8313-47D954504649}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{1A303065-67E4-46BF-BCF9-A3E98E6D1A59}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1F8A9F33-5CCB-4FFF-980C-6D73170F2B99}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{1FF806F5-8E8C-4D8B-ABC8-F3B8E956DB03}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{2C39C13D-6F72-40AA-B978-734971309181}C:\program files\valve\cs source version lan\lll\srcds.exe" = protocol=6 | dir=in | app=c:\program files\valve\cs source version lan\lll\srcds.exe |
"TCP Query User{337A525C-72C1-4421-BC58-4AFB6C4E8E12}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{46B81F35-A68C-4CF4-9DF3-90F9AEDADD1E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{51F2B2A2-C199-49E2-8AFE-42540F368BB8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{63BD7322-216A-405A-BE0A-681EA811193C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{67DB955B-3EC7-41D1-BD66-027B8FB95FB6}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe |
"TCP Query User{735BEE5A-9311-40E3-A681-A4C3106EF958}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{81A34B9C-92D0-4370-9860-26AC9F21779B}F:\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=f:\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{9A1F373A-B272-4D7B-BF3D-5AB8958BB016}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{9BCD04F3-9855-46D6-9B88-A6E716DD2BE9}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{ABA762BF-7388-4CE6-84ED-DD7935E67471}C:\program files\valve\cs source version lan\lll\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\cs source version lan\lll\hl2.exe |
"TCP Query User{D7B0092D-B994-43A1-9F6D-3AA8CED99EE0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{DD62734A-1BD4-4CB1-9089-7BA736DD12DF}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{026015FC-D0EE-4013-987F-6F9BAF329C93}C:\program files\valve\cs source version lan\lll\srcds.exe" = protocol=17 | dir=in | app=c:\program files\valve\cs source version lan\lll\srcds.exe |
"UDP Query User{144ACF5F-4C59-4033-9CF1-81E881E5D59C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2D3F7638-E524-4255-9595-2473A86F20EE}C:\program files\valve\cs source version lan\lll\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\cs source version lan\lll\hl2.exe |
"UDP Query User{303F2A3E-33CA-4698-89FC-63674EADE5BE}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{60E9599D-EB0D-4653-954D-8FAB2B5D77DD}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{757EC483-F706-4EC1-8287-94E75467AC1C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{7D365A1B-544E-498E-BAF3-DF7B617B38C8}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe |
"UDP Query User{7F40BDF1-0A78-4D09-95B4-ABE926BAE062}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B65CB98D-B06C-48C4-A20B-442D92477913}F:\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=f:\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{B6EF36DF-28EA-41EA-980D-0F43F2C5C1A9}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C005DFCA-F24B-4E45-BB6F-44A2EB76BACF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{D96C95F0-74BB-4F5A-BF62-94E06DA7A2C1}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{DAB3E182-243C-429A-921E-1A3AFF14ADC7}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{E7F55818-155B-4CC1-9A6B-1C65B24283DC}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{F1E92333-F072-4434-BEB2-762B00A1362D}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{F956573E-3EA2-41F9-AE9C-5A3366303C1A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{FB7847AB-0671-42CF-9894-69467B2BDEAA}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{336A609A-6ECC-4E05-B320-CCC085BF7EA7}" = MSCU for Microsoft Vista
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6213C1BC-E239-4C9A-B101-887550B82E30}" = NiGraphInstaller
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{903B040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}" = Hercules DJ Console Series drivers
"{EBC457A4-1587-4893-8DCD-7A8ACB4E3C7F}" = Ecodial 3.3 Package
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FCCC555E-166C-426A-A98C-39C80AE7C081}" = HP User Guides 0082
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"eMule" = eMule
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"KaraFun_is1" = KaraFun 1.18
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc10-FR_FTV_MAIN" = Ski Challenge 2010 (FTV)
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 03/10/2009 04:34:56 | Computer Name = PC-Vincent | Source = VSS | ID = 8194
Description =
Error - 03/10/2009 04:35:27 | Computer Name = PC-Vincent | Source = System Restore | ID = 8193
Description =
Error - 09/10/2009 18:30:52 | Computer Name = PC-Vincent | Source = System Restore | ID = 8193
Description =
Error - 09/10/2009 18:30:52 | Computer Name = PC-Vincent | Source = System Restore | ID = 8210
Description =
Error - 16/10/2009 18:05:08 | Computer Name = PC-Vincent | Source = Application Error | ID = 1000
Description = Application défaillante DllHost.exe, version 6.0.6000.16386, horodatage
0x4549b14e, module défaillant ole32.dll, version 6.0.6002.18005, horodatage 0x49e037d7,
code d’exception 0xc0000005, décalage d’erreur 0x000472da, ID du processus 0xe98,
heure de début de l’application 0x01ca4eab273e4554.
Error - 28/10/2009 08:57:50 | Computer Name = PC-Vincent | Source = Application Hang | ID = 1002
Description = Le programme wmplayer.exe version 11.0.6002.18065 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 1148 Heure
de début : 01ca57cdfe1a2940 Heure de fin : 63
Error - 23/11/2009 15:10:10 | Computer Name = PC-Vincent | Source = ESENT | ID = 215
Description = wlmail (6236) C:\Users\Vincent\AppData\Local\Microsoft\Windows Live
Mail\Calendars\vielou@live.fr\: La sauvegarde a été arrêtée car elle a été interrompue
par le client ou la connexion avec le client a échoué.
Error - 01/12/2009 14:59:36 | Computer Name = PC-Vincent | Source = Application Error | ID = 1000
Description = Application défaillante Explorer.EXE, version 6.0.6002.18005, horodatage
0x49e01da5, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000,
code d’exception 0xc0000005, décalage d’erreur 0x00000014, ID du processus 0xac0,
heure de début de l’application 0x01ca6d64c8ad6c11.
Error - 01/12/2009 15:00:10 | Computer Name = PC-Vincent | Source = Application Error | ID = 1000
Description = Application défaillante Explorer.EXE, version 6.0.6002.18005, horodatage
0x49e01da5, module défaillant ntdll.dll, version 6.0.6002.18005, horodatage 0x49e03821,
code d’exception 0xc0000374, décalage d’erreur 0x000afaf8, ID du processus 0xac0,
heure de début de l’application 0x01ca6d64c8ad6c11.
Error - 22/12/2009 15:07:19 | Computer Name = PC-Vincent | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 03/10/2007 15:49:58 | Computer Name = PC-Vincent | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide
Error - 05/10/2007 13:17:11 | Computer Name = PC-Vincent | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide
Error - 07/05/2008 03:31:20 | Computer Name = PC-Vincent | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide
[ System Events ]
Error - 04/01/2010 18:48:48 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7034
Description =
Error - 04/01/2010 18:49:11 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7030
Description =
Error - 04/01/2010 18:53:25 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 18:53:25 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 18:53:37 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7034
Description =
Error - 04/01/2010 18:53:50 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7030
Description =
Error - 04/01/2010 19:10:33 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7030
Description =
Error - 04/01/2010 19:37:31 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 19:37:31 | Computer Name = PC-Vincent | Source = Service Control Manager | ID = 7000
Description =
Error - 04/01/2010 20:13:41 | Computer Name = PC-Vincent | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.
< End of report >
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
5 janv. 2010 à 23:13
5 janv. 2010 à 23:13
Salut vielou
Tu n'as pas posté le rapport OTL.txt, il se trouve sur le bureau.
@++ :)
Tu n'as pas posté le rapport OTL.txt, il se trouve sur le bureau.
@++ :)
vielou
Messages postés
35
Date d'inscription
jeudi 19 mars 2009
Statut
Membre
Dernière intervention
12 mai 2010
5 janv. 2010 à 23:18
5 janv. 2010 à 23:18
je n'arrive pas a le poster!!
:$
:$
vielou
Messages postés
35
Date d'inscription
jeudi 19 mars 2009
Statut
Membre
Dernière intervention
12 mai 2010
5 janv. 2010 à 23:29
5 janv. 2010 à 23:29
il me met erreur vous avez déja posté ce message!!
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
5 janv. 2010 à 23:39
5 janv. 2010 à 23:39
Salut vielou
Moi aussi cela arrive, poste le moi en MP
@++ :)
Moi aussi cela arrive, poste le moi en MP
@++ :)
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
6 janv. 2010 à 04:50
6 janv. 2010 à 04:50
Salut vielou
Faire un scan de ce fichier qcfybfj.bat ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
C:\Users\Vincent\AppData\Local\qcfybfj.bat
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire aussi un scan de ces fichiers :
C:\Windows\System32\netwbix32.dll
C:\Users\Vincent\AppData\Local\ffvum.bat
-----
Télécharge MBR par (GMER) sur ton Bureau :
http://www2.gmer.net/mbr/mbr.exe
- Désactive tous les programmes de protection (antivirus, antispyware etc.)
https://forum.pcastuces.com/default.asp
- Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
- Poste le rapport mbr.log qui apparaît.
@++ :)
Faire un scan de ce fichier qcfybfj.bat ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
C:\Users\Vincent\AppData\Local\qcfybfj.bat
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire aussi un scan de ces fichiers :
C:\Windows\System32\netwbix32.dll
C:\Users\Vincent\AppData\Local\ffvum.bat
-----
Télécharge MBR par (GMER) sur ton Bureau :
http://www2.gmer.net/mbr/mbr.exe
- Désactive tous les programmes de protection (antivirus, antispyware etc.)
https://forum.pcastuces.com/default.asp
- Double-clique sur mbr.exe > une fenêtre noire va s'ouvrir et se refermer.
- Poste le rapport mbr.log qui apparaît.
@++ :)
4 janv. 2010 à 23:33
Run by Vincent at 2010-01-04 23:11:10
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 8 GB (6%) free of 145 GB
Total RAM: 2037 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:44, on 04/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Vincent\winternet.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Vincent\Downloads\RSIT.exe
C:\Program Files\trend micro\Vincent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winternet] C:\Users\Vincent\winternet.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Users\Vincent\AppData\Local\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Vincent\scriptjava.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8724 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Maintenance en 1 clic.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"DJ Console Mk2"=C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe [2007-03-19 218664]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"winternet"=C:\Users\Vincent\winternet.exe [2010-01-03 99328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]
"Uninstall getPlus(R) for Adobe"=C:\Users\Vincent\AppData\Local\Temp\nos_uninstall_Adobe.exe [2010-01-04 33176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-11 218032]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-02-03 240544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Moteur du Planificateur de tâches SolidWorks.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2602196e-2047-11de-a4f2-001b246acfaa}]
shell\AutoRun\command - G:\Memorybar.exe
======File associations======
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
======List of files/folders created in the last 1 months======
2010-01-04 23:11:10 ----DC---- C:\rsit
2009-12-09 21:10:12 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 21:10:08 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 20:46:54 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 20:46:46 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 20:46:45 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 20:46:43 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 20:46:38 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 20:46:36 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 20:46:34 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 20:46:30 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 20:44:25 ----A---- C:\Windows\system32\rastls.dll
2009-12-06 13:30:34 ----A---- C:\Windows\system32\SpoonUninstall.exe
======List of files/folders modified in the last 1 months======
2010-01-04 23:11:26 ----D---- C:\Program Files\trend micro
2010-01-04 23:11:19 ----D---- C:\Windows\Temp
2010-01-04 21:19:50 ----D---- C:\Windows\Prefetch
2010-01-04 20:43:32 ----D---- C:\Program Files\Mozilla Firefox
2010-01-04 20:32:09 ----RD---- C:\Program Files
2010-01-04 20:32:09 ----D---- C:\Windows\System32
2010-01-04 17:57:02 ----SHD---- C:\System Volume Information
2010-01-01 19:08:56 ----D---- C:\Windows\inf
2009-12-22 22:51:11 ----SD---- C:\Windows\Downloaded Program Files
2009-12-20 19:30:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-20 19:28:29 ----D---- C:\Windows
2009-12-11 10:38:42 ----D---- C:\Windows\rescache
2009-12-11 10:34:03 ----D---- C:\Windows\winsxs
2009-12-11 10:24:01 ----D---- C:\Windows\SMINST
2009-12-11 10:23:50 ----D---- C:\Windows\system32\catroot
2009-12-11 10:23:48 ----D---- C:\Windows\system32\catroot2
2009-12-11 10:20:03 ----D---- C:\Windows\system32\fr-FR
2009-12-11 10:20:03 ----D---- C:\Windows\system32\drivers
2009-12-11 10:20:02 ----D---- C:\Program Files\Windows Mail
2009-12-09 21:16:54 ----SHD---- C:\Windows\Installer
2009-12-09 21:09:59 ----RSD---- C:\Windows\assembly
2009-12-09 21:02:03 ----D---- C:\Windows\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-06-02 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-06-02 75096]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-04-16 112144]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-06-02 52056]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]
S3 Bulk;HDJBulk; C:\Windows\System32\Drivers\HDJBulk.sys [2007-03-19 47104]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 Duntlw;UNTLW device; C:\Windows\System32\Drivers\DuntlwNT.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]
S3 HDJAsioK;HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [2007-02-09 130432]
S3 HDJMidi;Hercules DJ Console MIDI; C:\Windows\system32\DRIVERS\HDJMidi.sys [2007-02-08 41984]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Nokia USB Generic;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-03-28 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-03-28 118877]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-11 66872]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-03-13 79360]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-01-04 23:11:54
======Uninstall list======
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
Ecodial 3.3 Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBC457A4-1587-4893-8DCD-7A8ACB4E3C7F}\setup.exe" Add_Remove prog
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESU for Microsoft Vista-->MsiExec.exe /X{39523EA4-F914-4447-A551-2513766095F5}
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hercules DJ Console Series drivers-->C:\Program Files\InstallShield Installation Information\{E4BC9EE4-67F8-4335-BF46-BDACE314BCF6}\setup.exe -runfromtemp -l0x040c -removeonly
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0082-->MsiExec.exe /I{FCCC555E-166C-426A-A98C-39C80AE7C081}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KaraFun 1.18-->"C:\Program Files\KaraFun\unins000.exe"
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{336A609A-6ECC-4E05-B320-CCC085BF7EA7}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x040c -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
=====HijackThis Backups=====
F3 - REG:win.ini: load=C:\Users\Vincent\LOCALS~1\APPLIC~1\cmstp.exe [2009-03-21]
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\Windows\logman.exe /waitservice [2009-03-21]
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\Users\Vincent\AppData\Roaming\ieudinit.exe /waitservice [2009-03-21]
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: Avira AntiVir PersonalEdition Classic
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Avira AntiVir PersonalEdition (outdated)
AS: AVG Anti-Spyware
AS: Windows Defender (disabled)
AS: Norton Internet Security (outdated)
======System event log======
Computer Name: PC-Vincent
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB970238(Security Update) à l’état Installation demandée(Install Requested)
Record Number: 132181
Source Name: Microsoft-Windows-Servicing
Time Written: 20090610190141.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-Vincent
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB970238(Security Update) n’est pas applicable à ce système.
Record Number: 132160
Source Name: Microsoft-Windows-Servicing
Time Written: 20090610190134.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-Vincent
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB970238(Security Update) n’est pas applicable à ce système.
Record Number: 132159
Source Name: Microsoft-Windows-Servicing
Time Written: 20090610190134.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-Vincent
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB970238(Security Update) n’est pas applicable à ce système.
Record Number: 132158
Source Name: Microsoft-Windows-Servicing
Time Written: 20090610190134.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-Vincent
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB970238(Security Update) n’est pas applicable à ce système.
Record Number: 132150
Source Name: Microsoft-Windows-Servicing
Time Written: 20090610190131.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: PC-Vincent
Event Code: 0
Message:
Record Number: 414
Source Name: AtBroker
Time Written: 20070916165552.000000-000
Event Type: Avertissement
User:
Computer Name: PC-Vincent
Event Code: 0
Message:
Record Number: 413
Source Name: AtBroker
Time Written: 20070916165552.000000-000
Event Type: Avertissement
User:
Computer Name: PC-Vincent
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.
Opération :
Données du rédacteur en cours de collecte
Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {4fbf98ce-1246-4d75-a4aa-f36aef03e114}
Record Number: 235
Source Name: VSS
Time Written: 20070915203528.000000-000
Event Type: Erreur
User:
Computer Name: PC-Vincent
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.
DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1977934685-2367681690-2432242783-1000:
Process 740 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1977934685-2367681690-2432242783-1000
Record Number: 52
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20070915170936.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-Vincent
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.
DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1977934685-2367681690-2432242783-1000:
Process 540 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1977934685-2367681690-2432242783-1000
Record Number: 12
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20070915165207.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
=====Security event log=====
Computer Name: PC-Vincent
Event Code: 4616
Message: L’heure du système a été modifiée.
Sujet :
ID de sécurité : S-1-5-19
Nom du compte : SERVICE LOCAL
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e5
Informations sur le processus :
ID du processus : 0x4f0
Nom : C:\Windows\System32\svchost.exe
Heure précédente : 17:59:30 20/11/2008
Nouvelle heure : 17:59:30 20/11/2008
Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
Record Number: 37406
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081120165930.454000-000
Event Type: Succès de l'audit
User:
Computer Name: PC-Vincent
Event Code: 4616
Message: L’heure du système a été modifiée.
Sujet :
ID de sécurité : S-1-5-19
Nom du compte : SERVICE LOCAL
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e5
Informations sur le processus :
ID du processus : 0x4f0
Nom : C:\Windows\System32\svchost.exe
Heure précédente : 17:59:27 20/11/2008
Nouvelle heure : 17:59:30 20/11/2008
Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
Record Number: 37405
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081120165930.463567-000
Event Type: Succès de l'audit
User:
Computer Name: PC-Vincent
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 37404
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081120123136.540000-000
Event Type: Échec de l'audit
User:
Computer Name: PC-Vincent
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 37403
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081120122900.557000-000
Event Type: Échec de l'audit
User:
Computer Name: PC-Vincent
Event Code: 4634
Message: Fermeture de session d’un compte.
Sujet :
ID de sécurité : S-1-5-21-1977934685-2367681690-2432242783-1000
Nom du compte : Vincent
Domaine du compte : PC-Vincent
ID du compte : 0xe0d30e
Type d’ouverture de session : 7
Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 37402
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081120122850.236000-000
Event Type: Succès de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=E:
-----------------EOF-----------------