> Tous les forums > Forum Sécurité
 carnet adresses piratéSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
sophana
  Posté le 30/10/2011 @ 09:42 
Aller en bas de la page 
Astucien

Bonjour à tous

Les contacts de mon carnet d'adresses sur Windows live messenger ont reçu des mails que je n'ai pas envoyés donc je conclu que j'ai été piraté. J'ai procédé en premier lieu à un changement de mot de passe. J'ai localisé l'adresse IP à Washinton aux USA. J'ai analysé mon PC avec Clean virus MSN qui n'a rien trouvé pas plus que Malwarebytes ou Superantispywares seul Spybots m'a trouvé "Chaméléon" que j'ai supprimé. J'ai terminé avec Ccleaner.

Mes actions sont-elles suffisantes ou dois-je pousser plus loin les investigations?. Si oui lesquelles. Merci pour votre aide.

Voici la copie des mails avec la traduction pour ceux qui comme moi ne maitrisent pas l'anglais..

· Fwd: Found interesting opportunity.‏

Ajouter aux contacts

À CLAUDE

De :

Cha (xxxxxxxxx@gmail.com)

Envoyé :

ven. 28/10/11 11:35

À :

CLAUDE (yyyyyyyy@live.fr)

---------- Forwarded message ----------
From: Claude <yyyyyyyyyyyy-live.fr>
Date: 2011/10/27
Subject: Fwd: Found interesting opportunity.
To: zzzzzzzzzzzhotmail-fr, wwwwwwwwwhotmail-fr, xxxxxxxxxxxxx-gmail.com

Hola...
it was time to start a new chapter I was back on my feet in no time because of this ive been crowned with success I figured I should share the wealth
hxxp://wmzpmr-org.ru/go.php?xodys&95woj=facebook.com&95zyno=twitter.com&url=hxxp://abcdaily5.net/esubmit/bizopp_main.php
talk to you later

Hola...

Il était temps de lancer un nouveau chapitre, j'ai été retour sur mes pieds en peu de temps en raison de cette ive été couronnée de succès, je me suis dit je dois partager la richesse

Hey, I finally found this opportunity!!‏

Claude

xxxxxxxxxxx@live.fr

À yyyyyyyyyy@hotmail.fr, zzzzzzzzzzz@yahoo.fr

De :

Claude (xxxxxxxxx@live.fr)

Envoyé :

jeu. 27/10/11 05:12

À :

yyyyyyyyyy-hotmail.fr; zzzzzzzz-yahoo.fr

Hey friend
it was important for me to stay positive without this my life would be miserable it didnt even take that much effort this is just between us
hxxp://vvv.music-critic.com/redirect.htm?birih&11vus=aol.com&11dixa=twitter.com&redir=hxxp://abcdaily5.net/esubmit/bizopp_main.php
bye.

Hey ami

Il était important pour moi de rester positif sans cela ma vie serait misérable, il n'a pas encore pris que beaucoup d'efforts c'est entre nous

« Liens modifiés par la modération »

Publicité
sophana
 Posté le 30/10/2011 à 17:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

UP

Le loir
 Posté le 31/10/2011 à 03:22 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour,

attention, les adresses email apparaissent lors du survol des liens avec la souris, tu devrais les rendre anonymes...

sophana
 Posté le 31/10/2011 à 09:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour Le loir

Merci pour ton conseil, la modération a fait le nécessaire. Autres idées, suggestions, commentaires ou conseils seront bienvenus.

Anonyme
 Posté le 31/10/2011 à 12:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
Message original par sophana

> ...seul Spybots m'a trouvé "Chaméléon" que j'ai supprimé.

Bonjour à tous,

> Poste le rapport.

A+

sophana
 Posté le 31/10/2011 à 13:22 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour fredericx

Je ne trouve pas de rapport de spybots pour le poster. Dis moi où le trouver. Merci

sophana
 Posté le 31/10/2011 à 14:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Re frédéricx

est cela que tu me demandes?.

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2010-09-30 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2011-03-18 Includes\Adware.sbi 2011-08-29 Includes\AdwareC.sbi 2010-08-13 Includes\Cookies.sbi 2010-12-14 Includes\Dialer.sbi 2011-03-08 Includes\DialerC.sbi 2011-02-24 Includes\HeavyDuty.sbi 2011-03-29 Includes\Hijackers.sbi 2011-10-04 Includes\HijackersC.sbi 2010-09-15 Includes\iPhone.sbi 2010-12-14 Includes\Keyloggers.sbi 2011-09-27 Includes\KeyloggersC.sbi 2004-11-29 Includes\LSP.sbi 2011-10-04 Includes\Malware.sbi 2011-10-25 Includes\MalwareC.sbi 2011-02-24 Includes\PUPS.sbi 2011-10-11 Includes\PUPSC.sbi 2010-01-25 Includes\Revision.sbi 2011-02-24 Includes\Security.sbi 2011-05-03 Includes\SecurityC.sbi 2008-06-03 Includes\Spybots.sbi 2008-06-03 Includes\SpybotsC.sbi 2011-10-18 Includes\Spyware.sbi 2011-10-18 Includes\SpywareC.sbi 2010-03-08 Includes\Tracks.uti 2011-09-28 Includes\Trojans.sbi 2011-10-25 Includes\TrojansC-02.sbi 2011-10-24 Includes\TrojansC-03.sbi 2011-10-24 Includes\TrojansC-04.sbi 2011-10-25 Includes\TrojansC-05.sbi 2011-09-27 Includes\TrojansC.sbi 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll

--- System information --- Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)

--- Startup entries list --- Located: HK_LM:Run, avast command: "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui file: C:\Program Files\AVAST Software\Avast\avastUI.exe size: 3722416 MD5: E2B4488830B9F047930BB5FE0E4FD71B

Located: HK_LM:Run, BboxUpdate command: C:\Program Files\BboxUpdate\eStantAutoRunV.exe file: C:\Program Files\BboxUpdate\eStantAutoRunV.exe size: 6144 MD5: 1FB5661287F2D3789D7CF94AFA67E828

Located: HK_LM:Run, Browser companion helper command: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 file: C:\Program Files\BrowserCompanion\BCHelper.exe size: 182576 MD5: 5160FEBEAF60D2BC722C626EB8A80DB1

Located: HK_LM:Run, DivXUpdate command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe size: 1259376 MD5: 4EB0C6C3EF4D8885CF2B5D0062F31E44

Located: HK_LM:Run, IAStorIcon command: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe file: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe size: 283160 MD5: 4A73AB8412D3AA6CFAD24051FF9DBFA7

Located: HK_LM:Run, Malwarebytes' Anti-Malware command: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray file: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe size: 449608 MD5: 026423673B8563E9975BDA97ED6273C7

Located: HK_LM:Run, NokiaMServer command: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup file: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated!

Located: HK_LM:Run, PlusService command: C:\Program Files\Messenger Plus! Live\PlusService.exe file: C:\Program Files\Messenger Plus! Live\PlusService.exe size: 801792 MD5: 24B588F915B45310229D5C3F3674D356

Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" file: C:\Program Files\Common Files\Java\Java Update\jusched.exe size: 254696 MD5: 6E3245DF783E58375B3465F03274743E

Located: HK_LM:Run, Windows Defender command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide file: C:\Program Files\Windows Defender\MSASCui.exe size: 1008184 MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, Windows Mobile-based device management command: %windir%\WindowsMobile\wmdSync.exe file: C:\Windows\WindowsMobile\wmdSync.exe size: 215552 MD5: 4AB05041D5C922B9A7A5D9059F5538CD

Located: HK_CU:Run, ehTray.exe where: S-1-5-21-2945341653-2103956161-1357373838-1000... command: C:\Windows\ehome\ehTray.exe file: C:\Windows\ehome\ehTray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, Geotag Security where: S-1-5-21-2945341653-2103956161-1357373838-1000... command: C:\Program Files\Geotag Security\GeotagSecurity.exe -hide file: C:\Program Files\Geotag Security\GeotagSecurity.exe size: 3973512 MD5: 7DEB3C6680ED3D7413B8DBD251D68BB3

Located: HK_CU:Run, msnmsgr where: S-1-5-21-2945341653-2103956161-1357373838-1000... command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe size: 3872080 MD5: 469658C190312FCCCF3569DE8722497A

Located: HK_CU:Run, Sidebar where: S-1-5-21-2945341653-2103956161-1357373838-1000... command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun file: C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, StickIt where: S-1-5-21-2945341653-2103956161-1357373838-1000... command: C:\Program Files\StickIt\StickIt3.exe file: C:\Program Files\StickIt\StickIt3.exe size: 344064 MD5: F311204A2C8B762E8A18634CD1FD75B4

Located: HK_CU:Run, SUPERAntiSpyware where: S-1-5-21-2945341653-2103956161-1357373838-1000... command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe size: 4615552 MD5: BEB69E855F92C2678AB41A73A285005C

Located: Démarrage (utilisateur), SparkAngels.lnk where: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Windows\system32\javaw.exe file: C:\Windows\system32\javaw.exe size: 145184 MD5: 9225A1067BC2858575B9787BB3ECC4FD

Located: Démarrage (désactivé), Microsoft Office (DISABLED) command: C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l file: C:\PROGRA~1\MICROS~4\Office10\OSA.EXE size: 83360 MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Démarrage (désactivé), WDDMStatus (DISABLED) command: C:\PROGRA~1\WESTER~1\WDSMAR~2\WDDRIV~1\WDDMST~1.EXE file: C:\PROGRA~1\WESTER~1\WDSMAR~2\WDDRIV~1\WDDMST~1.EXE size: 5185536 MD5: C543397E4FD71A79679B18F35FBD7FDF

Located: Démarrage (désactivé), Lanceur (DISABLED) command: C:\PROGRA~1\MICROA~1\LAUNCH~1.EXE file: C:\PROGRA~1\MICROA~1\LAUNCH~1.EXE size: 485376 MD5: F0EA603E7B91046CA48EA4B3593A007D

Located: Démarrage (désactivé), OpenOffice.org 3.2 (DISABLED) command: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE file: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE size: 1198592 MD5: F7DCE54077EE9D8A351C4B1FFA866EE7

Located: Démarrage (désactivé), OpenOffice.org 3.3 (DISABLED) command: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE file: C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE size: 1198592 MD5: F7DCE54077EE9D8A351C4B1FFA866EE7

Located: Démarrage (désactivé), SparkAngels (DISABLED) command: C:\Windows\system32\javaw.exe -jar "C:\Users\MEDION\SparkAngels\SparkAngels\launchersa.jar" file: C:\Windows\system32\javaw.exe size: 145184 MD5: 9225A1067BC2858575B9787BB3ECC4FD

Located: WinLogon, !SASWinLogon command: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL file: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL size: 551296 MD5: 2AB3A3C80C935BC6C86F3880F8F34BCC

--- Browser helper object list --- {02478D38-C3F9-4efb-9B51-7695ECA05670} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: description: Yahoo Companion! classification: Legitimate known filename: Ycomp*_*_*_*.dll info link: http://companion.yahoo.com/ info source: TonyKlein

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: AcroIEHelperStub CLSID name: Adobe PDF Link Helper Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\ Long name: AcroIEHelperShim.dll Short name: ACROIE~2.DLL Date (created): 11/06/2008 21:33:16 Date (last access): 04/06/2011 17:34:00 Date (last write): 11/06/2008 21:33:16 Filesize: 75128 Attributes: archive MD5: E96C752BBA0E22330A43258FC800200E CRC32: E5D72083 Version: 9.0.0.332

{31ad400d-1b06-4e33-a59a-90c2c140cba0} (Community Smartbar Engine) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Community Smartbar Engine Path: Long name: mscoree.dll

{326E768D-4182-46FD-9C16-1449A49795F4} (Increase performance and video formats for your HTML5) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Increase performance and video formats for your HTML5CLSID name: DivX Plus Web Player HTML5Path: C:\Program Files\DivX\DivX Plus Web Player\ Long name: npdivx32.dll Short name: Date (created): 08/02/2011 01:17:52 Date (last access): 22/05/2011 21:16:18 Date (last write): 08/02/2011 01:17:52 Filesize: 3118976 Attributes: archive MD5: B4BE4DAE164BF1C6630F0D32FED0ECA9 CRC32: B7D63A72 Version: 2.1.1.94

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Spybot-S&D IE Protection description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDHelper.dll info link: http://www.safer-networking.org/ info source: Safer-Networking Ltd. Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 30/09/2010 08:53:30 Date (last access): 30/09/2010 08:53:30 Date (last write): 26/01/2009 14:31:02 Filesize: 1879896 Attributes: archive MD5: 022C2F6DCCDFA0AD73024D254E62AFAC CRC32: 5BA24007 Version: 1.6.2.14

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} (Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites CLSID name: DivX HiQ Path: C:\Program Files\DivX\DivX Plus Web Player\ Long name: npdivx32.dll Short name: Date (created): 08/02/2011 01:17:52 Date (last access): 22/05/2011 21:16:18 Date (last write): 08/02/2011 01:17:52 Filesize: 3118976 Attributes: archive MD5: B4BE4DAE164BF1C6630F0D32FED0ECA9 CRC32: B7D63A72 Version: 2.1.1.94

{5C255C8A-E604-49b4-9D64-90988571CECB} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name:

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (avast! WebRep) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: avast! WebRep Path: C:\Program Files\AVAST Software\Avast\ Long name: aswWebRepIE.dll Short name: ASWWEB~1.DLL Date (created): 25/02/2011 22:06:42 Date (last access): 06/09/2011 21:45:26 Date (last write): 06/09/2011 21:45:26 Filesize: 806456 Attributes: archive MD5: 5BDA46ACE462AB52F79A3EA45F513CF8 CRC32: 54191F31 Version: 6.0.1289.0

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Programme d'aide de l'Assistant de connexion Windows Live Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 22/01/2009 14:41:30 Date (last access): 29/09/2010 15:34:52 Date (last write): 22/01/2009 14:41:30 Filesize: 408448 Attributes: archive MD5: B7899C3E21B299D7A3C0DA96CAE340BD CRC32: 288935F8 Version: 5.0.818.5

{963B125B-8B21-49A2-A3A8-E37092276531} (Update Timer) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Update Timer CLSID name: Browser Companion Helper Verifier Path: C:\Program Files\BrowserCompanion\ Long name: updatebhoWin32.dll Short name: UPDATE~1.DLL Date (created): 21/07/2011 11:10:54 Date (last access): 28/09/2011 18:09:52 Date (last write): 21/07/2011 11:10:54 Filesize: 141104 Attributes: archive MD5: 16D50C93F5FDA8C22F3919EB3CBAA725 CRC32: 3BE322D6 Version: 1.0.0.2

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java(tm) Plug-In 2 SSV Helper Path: C:\Program Files\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 03/10/2011 05:58:28 Date (last access): 20/10/2011 18:40:54 Date (last write): 03/10/2011 05:58:28 Filesize: 42272 Attributes: archive MD5: DC365B6E595683F67BC21A203432E336 CRC32: ADEC3F07 Version: 6.0.290.11

--- ActiveX list --- {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) DPF name: CLSID name: Microsoft Office Template and Media Control Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf Codebase: http://office.microsoft.com/sites/production/ieawsdc32.cab description: classification: Legitimate known filename: IEAWSDC.DLL info link: info source: Safer Networking Ltd. Path: C:\Windows\Downloaded Program Files\ Long name: IEAWSDC.DLL Short name: Date (created): 20/07/2010 16:04:42 Date (last access): 20/07/2010 16:04:42 Date (last write): 20/07/2010 16:04:42 Filesize: 189952 Attributes: archive MD5: C27136C396819E961147CC82E3588FFB CRC32: 3C148808 Version: 14.0.5506.0

{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) DPF name: CLSID name: Windows Live OneCare safety scanner control Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab Path: %ProgramFiles%\Windows Live Safety Center\ Long name: wlscCtrl2.dll

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) DPF name: CLSID name: DivXBrowserPlugin Object Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab description: classification: Legitimate known filename: npdivx32.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\DivX\DivX Plus Web Player\ Long name: npdivx32.dll Short name: Date (created): 08/02/2011 01:17:52 Date (last access): 22/05/2011 21:16:18 Date (last write): 08/02/2011 01:17:52 Filesize: 3118976 Attributes: archive MD5: B4BE4DAE164BF1C6630F0D32FED0ECA9 CRC32: B7D63A72 Version: 2.1.1.94

{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) DPF name: CLSID name: "Ma-Config.com control Installer: C:\Windows\Downloaded Program Files\hardwaredetection.inf Codebase: http://www.ma-config.com/plugins/MaConfig_5_1_2_1.cab description: classification: Legitimate known filename: HARDWA~1.OCX info link: info source: Safer Networking Ltd. Path: C:\Program Files\ma-config.com\ Long name: MCATLActiveX.dll Short name: MCATLA~1.DLL Date (created): 12/04/2011 09:11:48 Date (last access): 23/04/2011 16:26:46 Date (last write): 12/04/2011 09:11:48 Filesize: 586688 Attributes: archive MD5: 7057C14C7240B21DA2CE42AC336580FA CRC32: ED533F6C Version: 5.1.2.1

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) DPF name: CLSID name: Zylom Games Player Installer: C:\Windows\Downloaded Program Files\ZylomGamesPlayer.inf Codebase: http://game.zylom.com/activex/zylomgamesplayer.cab description: classification: Legitimate known filename: zylomgamesplayer.dll info link: info source: Safer Networking Ltd. Path: C:\Windows\Downloaded Program Files\ Long name: zylomgamesplayer.dll Short name: ZYLOMG~1.DLL Date (created): 29/08/2006 13:17:22 Date (last access): 29/08/2006 13:17:22 Date (last write): 29/08/2006 13:17:22 Filesize: 161976 Attributes: archive MD5: 7FAF5222EEB546E1DC0F348DCB314B0B CRC32: B03D23B2 Version: 2.0.0.1

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Path: C:\Program Files\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 17/06/2011 20:50:34 Date (last access): 03/10/2011 05:11:30 Date (last write): 03/10/2011 04:06:06 Filesize: 108320 Attributes: archive MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC CRC32: 0F37B160 Version: 6.0.290.11

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_22 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Path: C:\Program Files\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 17/06/2011 20:50:34 Date (last access): 03/10/2011 05:11:30 Date (last write): 03/10/2011 04:06:06 Filesize: 108320 Attributes: archive MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC CRC32: 0F37B160 Version: 6.0.290.11

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_29 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Path: C:\Program Files\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 17/06/2011 20:50:34 Date (last access): 03/10/2011 05:11:30 Date (last write): 03/10/2011 04:06:06 Filesize: 108320 Attributes: archive MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC CRC32: 0F37B160 Version: 6.0.290.11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_29 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_29.dll Short name: NPJPI1~1.DLL Date (created): 03/10/2011 01:37:54 Date (last access): 03/10/2011 05:11:40 Date (last write): 03/10/2011 04:06:12 Filesize: 141088 Attributes: archive MD5: A8F3D654E83D928FBBD4714D2D54AB39 CRC32: A1FB5317 Version: 6.0.290.11

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} () DPF name: CLSID name: Installer: Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

{E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) DPF name: CLSID name: Windows Live Hotmail Photo Upload Tool Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf Codebase: http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldfr-fr.cab Path: C:\Windows\Downloaded Program Files\ Long name: MsnPUpld.dll Short name: Date (created): 19/08/2009 10:53:00 Date (last access): 19/08/2009 10:53:00 Date (last write): 19/08/2009 10:53:00 Filesize: 641368 Attributes: archive MD5: 6F315BDFE7148459DE3B4B59E6DFA1D4 CRC32: AE293764 Version: 15.1.100.0

--- Process list --- PID: 1524 (1324) C:\Windows\system32\Dwm.exe size: 81920 MD5: 01DD1004181FD46ECDC3628228EB269D PID: 1948 (1216) C:\Windows\Explorer.EXE size: 2926592 MD5: D07D4C3038F3578FFCE1C0237F2A1253 PID: 2368 (1344) C:\Windows\system32\taskeng.exe size: 171520 MD5: 3D50C4B10352367D5CB20ED1F50F8DA2 PID: 4732 (1948) C:\Program Files\Windows Defender\MSASCui.exe size: 1008184 MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E PID: 4832 (1948) C:\Windows\WindowsMobile\wmdSync.exe size: 215552 MD5: 4AB05041D5C922B9A7A5D9059F5538CD PID: 4916 (1948) C:\Program Files\AVAST Software\Avast\AvastUI.exe size: 3722416 MD5: E2B4488830B9F047930BB5FE0E4FD71B PID: 4972 (1948) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe size: 283160 MD5: 4A73AB8412D3AA6CFAD24051FF9DBFA7 PID: 5196 ( 972) C:\Windows\System32\mobsync.exe size: 95744 MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827 PID: 5524 (1948) C:\Program Files\Messenger Plus! Live\PlusService.exe size: 801792 MD5: 24B588F915B45310229D5C3F3674D356 PID: 5756 (1948) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe size: 1540096 MD5: D5D5EA09EE061AFE1857B8EE2BD451DC PID: 6060 (1948) C:\Program Files\BrowserCompanion\BCHelper.exe size: 182576 MD5: 5160FEBEAF60D2BC722C626EB8A80DB1 PID: 4256 (1948) C:\Program Files\DivX\DivX Update\DivXUpdate.exe size: 1259376 MD5: 4EB0C6C3EF4D8885CF2B5D0062F31E44 PID: 1836 (1948) C:\Program Files\Common Files\Java\Java Update\jusched.exe size: 254696 MD5: 6E3245DF783E58375B3465F03274743E PID: 4060 (1948) C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: 9E35FF7F943AE0FB89192BFE058B7FD4 PID: 4504 (1948) C:\Program Files\Windows Live\Messenger\msnmsgr.exe size: 3872080 MD5: 469658C190312FCCCF3569DE8722497A PID: 3548 (1948) C:\Windows\ehome\ehtray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C PID: 4528 (1948) C:\Program Files\StickIt\StickIt3.exe size: 344064 MD5: F311204A2C8B762E8A18634CD1FD75B4 PID: 936 (1948) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE size: 4615552 MD5: BEB69E855F92C2678AB41A73A285005C PID: 5144 ( 972) C:\Windows\ehome\ehmsas.exe size: 37376 MD5: 0F4195B9B348DE5CF9B822F81704B20E PID: 5880 (5108) C:\Program Files\Java\jre6\bin\javaw.exe size: 145184 MD5: 9225A1067BC2858575B9787BB3ECC4FD PID: 3556 (1344) C:\Windows\system32\wuauclt.exe size: 53472 MD5: 62BB79160F86CD962F312C68C6239BFD PID: 5792 ( 972) C:\Program Files\Windows Live\Contacts\wlcomm.exe size: 26480 MD5: 0350B13AF3DCE139ABED6D9EE846C495 PID: 7228 (1948) C:\Program Files\Windows Live\Messenger\msnmsgr.exe size: 3872080 MD5: 469658C190312FCCCF3569DE8722497A PID: 6104 ( 972) C:\Program Files\Internet Explorer\iexplore.exe size: 748336 MD5: 904E13BA41AF2E353A32CF351CA53639 PID: 8060 (6104) C:\Program Files\Internet Explorer\iexplore.exe size: 748336 MD5: 904E13BA41AF2E353A32CF351CA53639 PID: 5080 ( 972) C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe size: 247968 MD5: B3495A2B54E28B11A3E1DFA56974144C PID: 7928 (1948) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 0 ( 0) [System Process] PID: 4 ( 0) System PID: 548 ( 4) smss.exe size: 64000 PID: 696 ( 684) csrss.exe size: 6144 PID: 748 ( 684) wininit.exe size: 96768 PID: 756 ( 740) csrss.exe size: 6144 PID: 796 ( 748) services.exe size: 279552 PID: 832 ( 748) lsass.exe size: 9728 PID: 840 ( 748) lsm.exe size: 229888 PID: 972 ( 796) svchost.exe size: 21504 PID: 1032 ( 796) nvvsvc.exe size: 612456 PID: 1044 ( 796) OmniServ.exe PID: 1084 ( 796) svchost.exe size: 21504 PID: 1152 ( 740) winlogon.exe size: 314368 PID: 1180 ( 796) svchost.exe size: 21504 PID: 1284 ( 796) svchost.exe size: 21504 PID: 1324 ( 796) svchost.exe size: 21504 PID: 1344 ( 796) svchost.exe size: 21504 PID: 1480 (1284) audiodg.exe size: 88576 PID: 1508 ( 796) svchost.exe size: 21504 PID: 1532 ( 796) SLsvc.exe size: 3408896 PID: 1568 ( 796) svchost.exe size: 21504 PID: 1692 (1032) NvXDSync.exe PID: 1712 (1032) nvvsvc.exe size: 612456 PID: 1932 ( 796) svchost.exe size: 21504 PID: 472 ( 796) AvastSvc.exe PID: 684 (1324) wlanext.exe size: 74240 PID: 2296 ( 796) spoolsv.exe size: 128000 PID: 2328 ( 796) svchost.exe size: 21504 PID: 2608 ( 796) SASCore.exe PID: 2660 ( 796) BlueSoleilCS.exe PID: 2696 ( 796) BsMobileCS.exe PID: 2728 ( 796) eSRunService.exe PID: 2836 ( 796) EvtEng.exe PID: 2864 ( 796) mdm.exe PID: 2952 ( 796) NASvc.exe PID: 2984 ( 796) NBService.exe PID: 3068 ( 796) VProSvc.exe PID: 3156 ( 796) IoctlSvc.exe size: 81920 PID: 3176 ( 796) svchost.exe size: 21504 PID: 3188 ( 796) PSIService.exe size: 177704 PID: 3220 ( 796) RegSrvc.exe PID: 3240 ( 796) RichVideo.exe PID: 3272 ( 796) SFRABCdService.exe PID: 3328 ( 796) nvSCPAPISvr.exe PID: 3352 ( 796) svchost.exe size: 21504 PID: 3364 ( 796) dllhost.exe size: 7168 PID: 3496 ( 796) WDDMService.exe PID: 3564 ( 796) WDFME.exe PID: 3636 ( 796) WDSC.exe PID: 3664 ( 796) svchost.exe size: 21504 PID: 3692 ( 796) SearchIndexer.exe size: 441344 PID: 3752 ( 796) YahooAUService.exe PID: 3780 (1324) WUDFHost.exe size: 195584 PID: 3940 ( 796) SDWinSec.exe size: 1153368 MD5: 794D4B48DFB6E999537C7C3947863463 PID: 476 (1240) opvapp.exe PID: 3060 (1344) taskeng.exe size: 171520 PID: 2176 ( 796) BsHelpCS.exe PID: 3928 ( 796) SymSnapService.exe PID: 4248 ( 972) unsecapp.exe PID: 4420 ( 972) WmiPrvSE.exe PID: 4688 ( 796) msdtc.exe size: 105984 PID: 5508 (2728) BTLiveUpdate.exe PID: 5628 ( 796) svchost.exe size: 21504 PID: 2432 ( 796) svchost.exe size: 21504 PID: 3900 ( 796) IAStorDataMgrSvc.exe PID: 1840 ( 796) mbamservice.exe PID: 5872 ( 796) daemonu.exe

--- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 31/10/2011 14:01:09

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://go.microsoft.com/fwlink/?linkid=54896 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.bouyguestelecom.fr HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar http://search.msn.com/spbasic.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://fr.msn.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\@ http://home.microsoft.com/access/autosearch.asp?p=%s

--- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*]

Protocol 6: Fournisseur de services RSVP TCPv6 GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider

Protocol 7: Fournisseur de services RSVP TCP GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider

Protocol 8: Fournisseur de services RSVP UDPv6 GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider

Protocol 9: Fournisseur de services RSVP UDP GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{09613C06-8916-4C5A-A9A3-2B5989D26137}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{09613C06-8916-4C5A-A9A3-2B5989D26137}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9D72DD2-58D1-4E49-969B-B02A413AAE08}] SEQPACKET 10 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9D72DD2-58D1-4E49-969B-B02A413AAE08}] DATAGRAM 10 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35BB893D-C0F0-4283-8161-2EC6E60D2318}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{35BB893D-C0F0-4283-8161-2EC6E60D2318}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6F9238BA-BC5B-4379-9539-A4A11D287587}] SEQPACKET 6 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6F9238BA-BC5B-4379-9539-A4A11D287587}] DATAGRAM 6 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6642ED78-825D-49B1-BC9E-B40D3B3AA037}] SEQPACKET 9 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6642ED78-825D-49B1-BC9E-B40D3B3AA037}] DATAGRAM 9 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8C3A4F58-7A20-48CA-9804-A53E51E86351}] SEQPACKET 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8C3A4F58-7A20-48CA-9804-A53E51E86351}] DATAGRAM 5 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{09613C06-8916-4C5A-A9A3-2B5989D26137}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{09613C06-8916-4C5A-A9A3-2B5989D26137}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F9D72DD2-58D1-4E49-969B-B02A413AAE08}] SEQPACKET 11 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F9D72DD2-58D1-4E49-969B-B02A413AAE08}] DATAGRAM 11 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{35BB893D-C0F0-4283-8161-2EC6E60D2318}] SEQPACKET 8 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{35BB893D-C0F0-4283-8161-2EC6E60D2318}] DATAGRAM 8 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C1CF7BB8-D2E1-4664-8E16-881AB7AEA399}] SEQPACKET 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C1CF7BB8-D2E1-4664-8E16-881AB7AEA399}] DATAGRAM 4 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6F9238BA-BC5B-4379-9539-A4A11D287587}] SEQPACKET 7 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6F9238BA-BC5B-4379-9539-A4A11D287587}] DATAGRAM 7 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Espace de noms NLAv1 (Network Location Awareness Legacy) GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace

Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Filename:

Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Filename:

Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} Filename:

Namespace Provider 4: TCP/IP GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP

Namespace Provider 5: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS



Modifié par sophana le 31/10/2011 14:07
Anonyme
 Posté le 31/10/2011 à 18:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Re,

Spybot S&D est obsolète.

+Télécharge AdwCleaner (merci Xplode) et enregistre le fichier sur ton Bureau : Ici
Double-clique dessus pour lancer l' installation
Vista/7, clic-droit>Exécuter en tant qu' Administrateur
Sur le menu principal, clique sur Recherche
Poste le rapport (C:\AdwCleaner[R].txt)

sophana
 Posté le 31/10/2011 à 18:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

voici le rapport demandé

# AdwCleaner v1.315 - Rapport créé le 31/10/2011 à 18:41:57 # Mis à jour le 27/10/11 à 14h par Xplode # Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Nom d'utilisateur : MEDION - PC-DE-MEDION (Droits Limités) # Exécuté depuis : C:\Users\MEDION\Desktop\adwcleaner0.exe # Option [Recherche]

***** [Processus] *****

***** [Services] *****

***** [Fichiers / Dossiers] *****

***** [Registre] *****

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [942 octets] - [31/10/2011 18:41:57]

########## EOF - C:\AdwCleaner[R1].txt - [1069 octets] ##########

Publicité
Anonyme
 Posté le 31/10/2011 à 18:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Relance AdwCleaner
Sur le menu principal, clique sur Suppression
Poste le rapport

sophana
 Posté le 31/10/2011 à 18:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

le voici

# AdwCleaner v1.315 - Rapport créé le 31/10/2011 à 18:46:34 # Mis à jour le 27/10/11 à 14h par Xplode # Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Nom d'utilisateur : MEDION - PC-DE-MEDION (Droits Limités) # Exécuté depuis : C:\Users\MEDION\Desktop\adwcleaner0.exe # Option [Suppression]

***** [KillNav] *****

# iexplore.exe [PID:6104] -> Tué

***** [Processus] *****

***** [Services] *****

***** [Fichiers / Dossiers] *****

***** [Registre] *****

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1070 octets] - [31/10/2011 18:41:57] AdwCleaner[S1].txt - [942 octets] - [31/10/2011 18:46:34]

*************************

Dossier Temporaire : 8 dossier(s)et 8 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S1].txt - [1160 octets] ##########

Anonyme
 Posté le 31/10/2011 à 18:54 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

¤ Télécharge Ad-Remover (merci C_XX) sur ton Bureau : Ici
- Double-clique dessus pour le démarrer (Vista/7, clic-droit>Exécuter en tant qu' Administrateur)
- Lance la recherche et poste le rapport généré

sophana
 Posté le 31/10/2011 à 18:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

scan d'Ad-remover

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:57:31 le 31/10/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) MEDION@PC-DE-MEDION (MEDION WIM2220) ============== RECHERCHE ==============

Dossier trouvé: C:\ProgramData\PopCap Games Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Dossier trouvé: C:\Program Files\PopCap Games

Clé trouvée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé trouvée: HKLM\Software\PopCap Clé trouvée: HKCU\Software\PopCap Clé trouvée: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://www.bouyguestelecom.fr HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_URLSearchHooks|{b9e20919-fa55-471f-989b-b107bf8de785} - "MessengerPlusLive France TB Toolbar" (C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll) HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?) HKLM_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?) HKCU_Toolbar\WebBrowser|{B9E20919-FA55-471F-989B-B107BF8DE785} (C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll) HKLM_Toolbar|{b9e20919-fa55-471f-989b-b107bf8de785} (C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKLM_Toolbar|{ae07101b-46d4-4a98-af68-0333ea26e113} (x) HKCU_ElevationPolicy\{2658B0CB-E2EA-453A-9A67-3E6A89FE080F} - C:\Program Files\IZArc\IZArc.exe (?) HKCU_ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} - C:\PROGRA~1\Yahoo!\companion\installs\cpn\ytbb.exe (x) HKCU_ElevationPolicy\{A1733E3A-FC77-445C-9C5A-7041D7162321} - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe (?) HKCU_ElevationPolicy\{BAFB84EB-539A-4B34-B865-BC37E7296317} - C:\Program Files\IrfanView\i_view32.exe (Irfan Skiljan) HKLM_ElevationPolicy\0c1b7e91-04bf-4942-9677-243e9e4a0176 - C:\Program Files\MessengerPlusLive_France_TB\MessengerPlusLive_France_TBToolbarHelper.exe (?) HKLM_ElevationPolicy\bc3eb0ec-e820-46d2-acff-5d3384191dbf - C:\Program Files\MessengerPlusLive_France_TB\MessengerPlusLive_France_TBToolbarHelper.exe (?) HKLM_ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E} - c:\Program Files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe (x) HKLM_ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be} - c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe (x) HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?) HKLM_ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9} - C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe (x) HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?) BHO\{31ad400d-1b06-4e33-a59a-90c2c140cba0} - "Community Smartbar Engine" (mscoree.dll) (x) BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll) BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) BHO\{963B125B-8B21-49A2-A3A8-E37092276531} - "Browser Companion Helper Verifier" (C:\Program Files\BrowserCompanion\updatebhoWin32.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 31/10/2011 18:57:48 (5126 Octet(s))

Fin à: 18:58:38, 31/10/2011 ============== E.O.F ==============

Anonyme
 Posté le 31/10/2011 à 19:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

- Double-clique sur Ad-Remover pour l' exécuter
- Lance le nettoyage et poste le rapport

sophana
 Posté le 31/10/2011 à 19:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

après nettoyage et redémarrage de l'ordi

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:06:48 le 31/10/2011, Mode normal

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) MEDION@PC-DE-MEDION (MEDION WIM2220) ============== ACTION(S) ==============

Dossier supprimé: C:\ProgramData\PopCap Games Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Dossier supprimé: C:\Program Files\PopCap Games

(!) -- Fichiers temporaires supprimés.

Clé supprimée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé supprimée: HKLM\Software\PopCap Clé supprimée: HKCU\Software\PopCap Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_URLSearchHooks|{b9e20919-fa55-471f-989b-b107bf8de785} - "MessengerPlusLive France TB Toolbar" (C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll) HKCU_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?) HKLM_SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - "?" (?) HKCU_Toolbar\WebBrowser|{B9E20919-FA55-471F-989B-B107BF8DE785} (C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll) HKLM_Toolbar|{b9e20919-fa55-471f-989b-b107bf8de785} (C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKLM_Toolbar|{ae07101b-46d4-4a98-af68-0333ea26e113} (x) HKCU_ElevationPolicy\{2658B0CB-E2EA-453A-9A67-3E6A89FE080F} - C:\Program Files\IZArc\IZArc.exe (?) HKCU_ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} - C:\PROGRA~1\Yahoo!\companion\installs\cpn\ytbb.exe (x) HKCU_ElevationPolicy\{A1733E3A-FC77-445C-9C5A-7041D7162321} - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe (?) HKCU_ElevationPolicy\{BAFB84EB-539A-4B34-B865-BC37E7296317} - C:\Program Files\IrfanView\i_view32.exe (Irfan Skiljan) HKLM_ElevationPolicy\0c1b7e91-04bf-4942-9677-243e9e4a0176 - C:\Program Files\MessengerPlusLive_France_TB\MessengerPlusLive_France_TBToolbarHelper.exe (?) HKLM_ElevationPolicy\bc3eb0ec-e820-46d2-acff-5d3384191dbf - C:\Program Files\MessengerPlusLive_France_TB\MessengerPlusLive_France_TBToolbarHelper.exe (?) HKLM_ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E} - c:\Program Files\Microsoft Silverlight\4.0.50917.0\Silverlight.Configuration.exe (x) HKLM_ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be} - c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe (x) HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files\DivX\DivX Plus Web Player\dwpBroker.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?) HKLM_ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9} - C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe (x) HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?) BHO\{31ad400d-1b06-4e33-a59a-90c2c140cba0} - "Community Smartbar Engine" (mscoree.dll) (x) BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll) BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) BHO\{963B125B-8B21-49A2-A3A8-E37092276531} - "Browser Companion Helper Verifier" (C:\Program Files\BrowserCompanion\updatebhoWin32.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 444 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 31/10/2011 19:07:03 (5186 Octet(s)) C:\Ad-Report-SCAN[1].txt - 31/10/2011 18:57:48 (5264 Octet(s))

Fin à: 19:08:04, 31/10/2011 ============== E.O.F ==============

Anonyme
 Posté le 31/10/2011 à 19:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

1) Télécharge :
Malwarebytes' Anti-Malware : Ici

2) Lance-le :
Tuto : https://forum.pcastuces.com/malwarebytes_anti_malware____scan_rapide-f31s27.htm

3) Poste le rapport.

sophana
 Posté le 31/10/2011 à 20:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

voici le rapport de MBAM

Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org

Version de la base de données: 8023

Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421

31/10/2011 20:14:40 mbam-log-2011-10-31 (20-14-40).txt

Type d'examen: Examen rapide Elément(s) analysé(s): 185277 Temps écoulé: 4 minute(s), 46 seconde(s)

Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0

Processus mémoire infecté(s): (Aucun élément nuisible détecté)

Module(s) mémoire infecté(s): (Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté)

Dossier(s) infecté(s): (Aucun élément nuisible détecté)

Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Publicité
Anonyme
 Posté le 31/10/2011 à 20:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Mets à jour MBAM, fais un scan avec et poste le raport...

sophana
 Posté le 31/10/2011 à 20:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

rapport de MBAM avec mise à jour

Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org

Version de la base de données: 8052

Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421

31/10/2011 20:42:18 mbam-log-2011-10-31 (20-42-18).txt

Type d'examen: Examen rapide Elément(s) analysé(s): 183056 Temps écoulé: 3 minute(s), 33 seconde(s)

Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0

Processus mémoire infecté(s): (Aucun élément nuisible détecté)

Module(s) mémoire infecté(s): (Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté)

Dossier(s) infecté(s): (Aucun élément nuisible détecté)

Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Anonyme
 Posté le 31/10/2011 à 22:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonsoir,

fais un scan antivirus avec Eset.
Tuto : https://forum.pcastuces.com/eset_online_scanner___nouvelle_version___tutoriel-f31s56.htm
Poste le rapport.

A+

sophana
 Posté le 01/11/2011 à 09:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour

J'ai fais le scan avec Eset qui n'a rien trouvé. Je ne trouve pas de rapport concernant ce scan, je peux juste te mettre la copie de la page de fin du scan qui dit "zéro fichier".

Voici le contenu du fichier log.txt

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK



Modifié par sophana le 01/11/2011 10:34
Anonyme
 Posté le 01/11/2011 à 11:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonjour,

*Télécharge RSIT (merci random/random) sur le Bureau : Ici ou
Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
-Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès via ton pare-feu si demandé et accepte la licence).
Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
Poste le contenu de log.txt (celui qui s' ouvre) ainsi qu' info.txt qui est dans la Barre des Tâches > Insérer un rapport, en bas de la page

Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm

NB : Ces rapports sont enregistrés dans le dossier C:\rsit

A+



Modifié par Anonyme le 01/11/2011 11:02
sophana
 Posté le 01/11/2011 à 11:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

voici log.txt

Logfile of random's system information tool 1.09 (written by random/random) Run by MEDION at 2011-11-01 11:46:08 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 193 GB (68%) free of 285 GB Total RAM: 3070 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:47:00, on 01/11/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal

Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Messenger Plus! Live\PlusService.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\BrowserCompanion\BCHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\StickIt\StickIt3.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\MEDION\Desktop\RSIT.exe C:\Program Files\trend micro\MEDION.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bouyguestelecom.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Community Smartbar Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing) O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: MessengerPlusLive France TB Toolbar - {b9e20919-fa55-471f-989b-b107bf8de785} - C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\eStantAutoRunV.exe O4 - HKLM\..\Run: [PlusService] C:\Program Files\Messenger Plus! Live\PlusService.exe O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [StickIt] C:\Program Files\StickIt\StickIt3.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Geotag Security] C:\Program Files\Geotag Security\GeotagSecurity.exe -hide O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-2945341653-2103956161-1357373838-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - Startup: SparkAngels.lnk = ? O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://www.ma-config.com/plugins/MaConfig_5_1_2_1.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldfr-fr.cab O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: eStantLaunchService - Unknown owner - C:\Program Files\BboxUpdate\eSRunService.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\rapimgr.dll,-104 (RapiMgr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Service SFR Gestionnaire Connexion (ServiceSFRABCD) - Unknown owner - C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\WindowsMobile\wcescomm.dll,-40079 (WcesComm) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

-- End of file - 25880 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] Community Smartbar Engine - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}] DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}] Browser Companion Helper Verifier - C:\Program Files\BrowserCompanion\updatebhoWin32.dll [2011-07-21 141104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {b9e20919-fa55-471f-989b-b107bf8de785} - MessengerPlusLive France TB Toolbar - C:\Program Files\MessengerPlusLive_France_TB\tbMes1.dll [2010-09-29 2735200] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456] {ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416] "IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160] "BboxUpdate"=C:\Program Files\BboxUpdate\eStantAutoRunV.exe [2008-04-14 6144] "PlusService"=C:\Program Files\Messenger Plus! Live\PlusService.exe [2011-09-20 801792] "NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608] "Browser companion helper"=C:\Program Files\BrowserCompanion\BCHelper.exe [2011-08-08 182576] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "StickIt"=C:\Program Files\StickIt\StickIt3.exe [2008-12-28 344064] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-10-23 4615552] "Geotag Security"=C:\Program Files\Geotag Security\GeotagSecurity.exe [2011-10-10 3973512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2010-08-31 319574]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtrlVol] []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] C:\PROGRA~1\Eraser\Eraser.exe [2010-11-04 980368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe [2007-09-06 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe [2007-01-08 52256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe [2007-09-01 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] C:\Program Files\Launch Manager\OSD.exe [2006-12-26 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-09-01 966712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-01-19 2245984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe [2007-11-02 2564096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL] []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2008-06-25 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc] []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-31 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-02-21 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] C:\Program Files\Launch Manager\Wbutton.exe [2007-09-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk] C:\PROGRA~1\WESTER~1\WDSMAR~2\WDDRIV~1\WDDMST~1.EXE [2010-09-08 5185536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MEDION^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lanceur.lnk] C:\PROGRA~1\MICROA~1\LAUNCH~1.EXE [2009-02-10 485376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MEDION^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MEDION^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MEDION^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SparkAngels.lnk] C:\Windows\system32\javaw.exe [2011-10-03 145184]

C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup SparkAngels.lnk - C:\Windows\system32\javaw.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "msacm.siren"=sirenacm.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "vidc.DIVX"=DivX.dll "vidc.yv12"=DivX.dll "vidc.CSCD"=camcodec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-11-01 11:46:08 ----D---- C:\rsit 2011-11-01 11:46:08 ----D---- C:\Program Files\trend micro 2011-10-31 22:51:04 ----D---- C:\Program Files\ESET 2011-10-31 19:07:03 ----A---- C:\Ad-Report-CLEAN[1].txt 2011-10-31 18:57:48 ----A---- C:\Ad-Report-SCAN[1].txt 2011-10-31 18:57:03 ----D---- C:\Program Files\Ad-Remover 2011-10-29 08:35:32 ----D---- C:\Program Files\Microsoft.NET 2011-10-26 15:48:51 ----D---- C:\Program Files\Geotag Security 2011-10-20 18:41:16 ----A---- C:\Windows\system32\javaws.exe 2011-10-20 18:41:16 ----A---- C:\Windows\system32\javaw.exe 2011-10-20 18:41:16 ----A---- C:\Windows\system32\java.exe 2011-10-12 09:47:17 ----A---- C:\Windows\system32\mshtmled.dll 2011-10-12 09:47:17 ----A---- C:\Windows\system32\iertutil.dll 2011-10-12 09:47:16 ----A---- C:\Windows\system32\wininet.dll 2011-10-12 09:47:16 ----A---- C:\Windows\system32\jscript.dll 2011-10-12 09:47:16 ----A---- C:\Windows\system32\ieui.dll 2011-10-12 09:47:15 ----A---- C:\Windows\system32\urlmon.dll 2011-10-12 09:47:15 ----A---- C:\Windows\system32\jsproxy.dll 2011-10-12 09:47:15 ----A---- C:\Windows\system32\jscript9.dll 2011-10-12 09:47:14 ----A---- C:\Windows\system32\url.dll 2011-10-12 09:47:14 ----A---- C:\Windows\system32\ieframe.dll 2011-10-12 09:47:12 ----A---- C:\Windows\system32\mshtml.dll 2011-10-12 09:45:10 ----A---- C:\Windows\system32\UIAutomationCore.dll 2011-10-12 09:45:10 ----A---- C:\Windows\system32\oleaut32.dll 2011-10-12 09:45:10 ----A---- C:\Windows\system32\oleaccrc.dll 2011-10-12 09:45:10 ----A---- C:\Windows\system32\oleacc.dll 2011-10-12 09:44:58 ----A---- C:\Windows\system32\psisdecd.dll 2011-10-12 09:44:57 ----A---- C:\Windows\system32\win32k.sys 2011-10-07 10:56:23 ----A---- C:\Windows\system32\unins000.exe 2011-10-07 10:56:23 ----A---- C:\Windows\system32\unins000.dat 2011-10-07 10:56:23 ----A---- C:\Windows\system32\camcodec.dll 2011-10-07 10:44:34 ----D---- C:\Users\MEDION\AppData\Roaming\Cocoon Software 2011-10-07 10:44:25 ----D---- C:\Program Files\QuickMediaConverter

======List of files/folders modified in the last 1 month======

2011-11-01 11:46:21 ----D---- C:\Windows\prefetch 2011-11-01 11:46:14 ----D---- C:\Windows\Temp 2011-11-01 11:46:08 ----RD---- C:\Program Files 2011-11-01 10:53:27 ----D---- C:\Windows\System32 2011-11-01 10:53:27 ----D---- C:\Windows\inf 2011-11-01 10:53:27 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-11-01 10:50:58 ----D---- C:\Windows\Microsoft.NET 2011-11-01 10:48:39 ----D---- C:\Windows\Registration 2011-11-01 10:47:05 ----D---- C:\ProgramData\NVIDIA 2011-11-01 10:47:04 ----A---- C:\Windows\system32\LOCALSERVICE.INI 2011-11-01 10:47:01 ----A---- C:\Windows\system32\bscs.ini 2011-11-01 01:44:32 ----SHD---- C:\System Volume Information 2011-10-31 22:51:05 ----SD---- C:\Windows\Downloaded Program Files 2011-10-31 20:44:38 ----D---- C:\Windows\system32\drivers 2011-10-31 19:07:44 ----HD---- C:\ProgramData 2011-10-31 14:17:02 ----D---- C:\ProgramData\Spybot - Search & Destroy 2011-10-29 08:35:35 ----SHD---- C:\Windows\Installer 2011-10-29 08:33:13 ----D---- C:\Windows\system32\catroot2 2011-10-27 11:53:52 ----D---- C:\Program Files\CCleaner 2011-10-27 11:50:33 ----D---- C:\Users\MEDION\AppData\Roaming\Skype 2011-10-27 11:47:00 ----D---- C:\Windows\Debug 2011-10-27 11:47:00 ----D---- C:\Windows 2011-10-27 09:40:59 ----D---- C:\Program Files\Foxit Software 2011-10-26 16:25:04 ----D---- C:\Windows\system32\drivers\etc 2011-10-25 14:23:40 ----D---- C:\Program Files\VDownloader 2011-10-23 20:09:49 ----D---- C:\Program Files\SUPERAntiSpyware 2011-10-20 18:42:00 ----D---- C:\Program Files\Common Files\Java 2011-10-20 18:41:15 ----D---- C:\Program Files\Java 2011-10-15 20:00:57 ----D---- C:\Windows\system32\Tasks 2011-10-15 20:00:56 ----RD---- C:\Program Files\Skype 2011-10-12 18:31:20 ----D---- C:\Redimentionnement 2011-10-12 17:54:06 ----A---- C:\Windows\NeroDigital.ini 2011-10-12 10:15:37 ----D---- C:\Windows\rescache 2011-10-12 10:10:22 ----D---- C:\Windows\winsxs 2011-10-12 10:00:10 ----D---- C:\Windows\system32\catroot 2011-10-12 09:54:09 ----D---- C:\Windows\system32\migration 2011-10-12 09:54:09 ----D---- C:\Windows\system32\fr-FR 2011-10-12 09:54:09 ----D---- C:\Program Files\Windows Mail 2011-10-12 09:54:09 ----D---- C:\Program Files\Internet Explorer 2011-10-07 10:44:58 ----A---- C:\Windows\win.ini 2011-10-05 09:09:48 ----A---- C:\Windows\system32\mrt.exe 2011-10-04 22:51:33 ----D---- C:\Users\MEDION\AppData\Roaming\DivX 2011-10-04 22:48:11 ----D---- C:\ProgramData\DivX 2011-10-04 22:48:11 ----D---- C:\Program Files\DivX 2011-10-03 12:22:52 ----D---- C:\Program Files\Glary Utilities 2011-10-03 12:21:25 ----D---- C:\Windows\Tasks 2011-10-03 04:06:03 ----A---- C:\Windows\system32\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 354840] R0 Si3531;SiI-3531 SATA Controller; C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736] R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2007-05-25 17328] R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys [2007-05-25 12464] R0 symsnap;Symantec Volume Snap Shot Driver; C:\Windows\system32\DRIVERS\symsnap.sys [2007-12-20 136416] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 34392] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 442200] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 320856] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 52568] R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 20568] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 50704] R2 v2imount;Symantec V2i Mount Driver; C:\Windows\system32\DRIVERS\v2imount.sys [2008-01-19 38112] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560] R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2009-06-17 17928] R3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys [2010-08-26 25992] R3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\Windows\System32\Drivers\btcombus.sys [2010-08-26 22024] R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2010-04-06 25864] R3 GEARAspiWDM;GearAspiWDM; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088] R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2010-04-06 23048] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-08-31 22216] R3 NETwLv32; Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows Vista 32 bits ; C:\Windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-04-08 10690024] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-12-30 309352] R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2008-01-03 59392] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-07-10 1753984] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-31 192688] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224] S0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [] S0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [] S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2009-06-17 33800] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2009-06-17 27528] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2010-06-24 36616] S3 Cam5607;Bison Webcam; C:\Windows\System32\Drivers\BisonC07.sys [2007-08-30 805416] S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2010-08-30 14336] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [] S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2008-10-29 7680] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [] S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-05-18 18176] S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\Windows\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088] S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-19 128104] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2008-10-15 104960] S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\Windows\system32\DRIVERS\ZTEusbnet.sys [2008-10-13 110080] S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2008-10-29 105344] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2008-10-15 104960] S3 ZTEusbvoice;ZTE VoUSB Port; C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [2008-10-15 104960] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768] R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2010-09-02 989184] R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2010-08-31 147563] R2 eStantLaunchService;eStantLaunchService; C:\Program Files\BboxUpdate\eSRunService.exe [2008-04-29 20480] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-11-02 936208] R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-03-29 598312] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-01-19 4388192] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-04-07 612456] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\OmniServ.exe [2007-11-02 40960] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-11-02 477456] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 ServiceSFRABCD;Service SFR Gestionnaire Connexion; C:\Program Files\SFR\Gestionnaire de Connexion SFR\SFRABCDService.exe [2009-03-20 621184] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472] R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [2006-11-02 7168] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056] R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752] R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352] R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2010-08-31 102503] R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2011-04-12 311744] S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856] S3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]

-----------------EOF-----------------

sophana
 Posté le 01/11/2011 à 11:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

voici info.txt

info.txt logfile of random's system information tool 1.09 2011-11-01 11:47:04

======Uninstall list======

-->C:\Program Files\Bbox\eSKernel.exe /Uninstall.xml -->C:\Program Files\BboxUpdate\uninstall.exe -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF} ABC Amber Nokia Converter-->C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /X{E815FB81-995F-4F33-8E25-F16712123AB7} avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup BlueSoleil 8.0.338.0-->MsiExec.exe /X{56631A83-D38B-416A-A3B3-9807E8AAB4F8} Boulders I-->C:\TLK\lb1\unstall.exe Boulders II-->C:\TLK\lb2\unstall.exe BrowserCompanion-->C:\Program Files\BrowserCompanion\uninstall.exe Calendrier-->C:\Program Files\Micro Application\Calendrier\Uninstall.exe CamStudio Lossless Codec v1.4-->"C:\Windows\system32\unins000.exe" CamStudio-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EB371786-9449-4ED8-B47A-032467A58CAD} anything\anything CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{D9DAF1AF-D9B7-4397-A3B6-AFA27D329DAB} Configuration DivX-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3} CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat dBpoweramp Windows Media Audio 10 Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat dBpowerAMP WMA V9 Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat Defraggler-->"C:\Program Files\Defraggler\uninst.exe" Double Solitaire-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Double Solitaire\ST6UNST.LOG" e-Carte Bleue Banque Populaire-->"C:\Program Files\InstallShield Installation Information\{B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}\setup.exe" -runfromtemp -l0x040c -removeonly Eraser 6.0.8.2273-->MsiExec.exe /I{392A74D0-4DFE-49F7-87C3-8A61708F8856} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Foxit Creator-->C:\Program Files\Foxit Software\PDF Creator\uninstall.exe Foxit PDF IFilter-->MsiExec.exe /I{74E78471-E122-4101-8744-CEB6C5C027A0} Foxit Reader 5.1-->"C:\Program Files\Foxit Software\Foxit Reader\unins000.exe" FoxTarot version 4.2.1-->"C:\Program Files\FoxTarot4\unins000.exe" Geotag Security 1.0-->"C:\Program Files\Geotag Security\unins000.exe" Gestionnaire de Connexion SFR 2009.03-->"C:\Program Files\SFR\Gestionnaire de Connexion SFR\unins000.exe" Glary Utilities 2.38.0.1288-->"C:\Program Files\Glary Utilities\unins000.exe" Google Earth-->MsiExec.exe /X{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E} High-Definition Video Playback-->MsiExec.exe /X{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Inst5657-->MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{133742BA-6F46-4D3E-85AF-78631D9AD8B8} Intel(R) Control Center-->C:\Program Files\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm Intel(R) Rapid Storage Technology-->C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe IZArc 4.1.2-->"C:\Program Files\IZArc\unins000.exe" Java DB 10.6.2.1-->MsiExec.exe /X{73EC658D-A1C6-40CA-8E86-E05821BAACE7} Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0} Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF} Java(TM) SE Development Kit 6 Update 24-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160240} Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619} Kyodai Mahjongg 2006 v1.42-->"C:\Program Files\Kyodai Mahjongg 2006\unins000.exe" Launch Manager V1.4.9-->C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x040c -removeonly LauncherMA-->MsiExec.exe /X{C06EFB22-B5DB-46C5-9215-BCB5C19C0858} LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe Logiciel Intel(R) PROSet/Wireless WiFi-->MsiExec.exe /I{2800649E-1426-4514-ADEA-701629E87B08} Ma-Config.com-->MsiExec.exe /X{3CAC9760-14F6-4539-A75F-F240EC55FEE9} MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe" -uninstall Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe" MediaShow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\Setup.exe" -uninstall Medion GoPal Assistant 4.00.0047-->C:\Program Files\Medion GoPal Assistant\Uninstall.exe Memory Card File Rescue-->MsiExec.exe /X{627EAB2D-F5AE-4815-AD8E-79129D7959E9} Messenger Plus! 5-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Messenger Plus! Community Smartbar-->MsiExec.exe /X{07519F0E-972A-4C8B-96F9-774E8D557000} MessengerPlusLive France TB Toolbar-->C:\PROGRA~1\MESSEN~2\UNWISE.EXE /U C:\PROGRA~1\MESSEN~2\INSTALL.LOG Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft AutoRoute 2006-->MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Fix it Center-->MsiExec.exe /X{B7588D45-AFDC-4C93-9E2E-A100F3554B64} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mises à jour NVIDIA 1.1.34-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MyPDFConverter-->MsiExec.exe /X{1D76557F-04F5-4CF9-AB20-6A621B0D52D7} Nero 10 Movie ThemePack Basic-->MsiExec.exe /X{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7} Nero 8 Essentials-->MsiExec.exe /X{47948554-90C6-4AAC-8CFA-D23CE11C1036} Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F} Nero Dolby Files 10-->MsiExec.exe /X{C3580AC4-C827-4332-B935-9A282ED5BB97} Nero Kwik Media-->MsiExec.exe /X{1F7D9F37-C39C-486C-BDF8-8F440FFB3352} Nero Kwik Media-->MsiExec.exe /X{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935} Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} NeroKwikMedia Help (CHM)-->MsiExec.exe /X{02FCAA8F-59D3-4198-822E-135C61EE4F0B} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /I{2D99A593-C841-43A7-B7C9-D6F3AE70B756} Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0} Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe Nokia Ovi Suite-->MsiExec.exe /X{07D77970-B205-460C-84E4-263F30455597} Nokia PC Suite-->C:\ProgramData\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Nokia_PC_Suite_fre_web[1].exe Nokia PC Suite-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093} Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014} NVIDIA 3D Vision Controller Driver 270.61-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB NVIDIA 3D Vision Controller Driver-->"C:\Program Files\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly NVIDIA Logiciel système PhysX 9.10.0514-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF} NVIDIA Pilote 3D Vision 270.61-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision NVIDIA Pilote graphique 270.61-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask ODF Add-in for Microsoft Office-->MsiExec.exe /I{2BC21CD2-8053-406A-80F6-9AB61717B49D} OmniPass 5.00.91-->C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe -runfromtemp -l0x040c -removeonly OpenOffice.org 3.3-->MsiExec.exe /I{05653DE1-6567-40C6-B930-39D399B64369} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Ovi Desktop Sync Engine-->MsiExec.exe /X{2CC53A53-44F4-4667-8584-2FFC9ACB2242} OviMPlatform-->MsiExec.exe /I{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE} Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{C373F7C4-05D2-4047-96D1-6AF30661C6AA} PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Quicksys RegDefrag 2.9-->"C:\Program Files\Quicksys\RegDefrag\unins000.exe" RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly Remove Boulder1-->C:\TLK\lb1\unstall.exe Remove Boulder2-->C:\TLK\lb2\unstall.exe Revo Uninstaller 1.92-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe save2pc Light 4.16-->"C:\Program Files\FDRLab\save2pc\unins000.exe" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Sélecteur d'installation de Microsoft Works 2006-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP F:\ Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" StickIt-->"C:\Program Files\StickIt\unins000.exe" SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Suyin Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x40c Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F} VDownloader 3.6.943-->"C:\Program Files\VDownloader\unins000.exe" VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe WD SmartWare-->MsiExec.exe /X{98D451C4-4ACA-4273-BB47-57CFE46B048E} WD Software Upgrader-->MsiExec.exe /X{5A7A96D2-B123-470F-BE6D-2C6570FC4FF0} Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live Call-->MsiExec.exe /I{B3B487E7-6171-4376-9074-B28082CEB504} Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{445B183D-F4F1-45C8-B9DB-F11355CA657B} WinPcap 4.1.1-->"C:\Program Files\WinPcap\uninstall.exe" Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE Zuma's Revenge! - Aventure-->C:\Program Files\PopCap Games\Zuma's Revenge - Adventure\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma's Revenge - Adventure\Install.log"

======Hosts File======

127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled) AS: Windows Defender AS: SUPERAntiSpyware

======System event log======

Computer Name: PC-de-MEDION Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00215C259F4D. Il s'est produit l'erreur suivante : Le délai de temporisation de sémaphore a expiré.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 168153 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20110622181511.000000-000 Event Type: Avertissement User:

Computer Name: PC-de-MEDION Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {332CB938-0713-45D0-A714-08C456B29194} Utilisateur : PC-de-MEDION\MEDION Nom : Unknown ID : ID de gravité : ID de catégorie : Chemin d’accès trouvé : regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PlusService;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PlusService;file:C:\Program Files\Messenger Plus! Live\PlusService.exe Type d’alerte : Logiciel non classifié Type de détection : Record Number: 168137 Source Name: Microsoft-Windows-Windows Defender Time Written: 20110622170959.000000-000 Event Type: Avertissement User:

Computer Name: PC-de-MEDION Event Code: 20 Message: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x80070643 : Microsoft .NET Framework 4 Client Profile pour Windows Vista x86 (KB982670). Record Number: 168083 Source Name: Microsoft-Windows-WindowsUpdateClient Time Written: 20110622062816.962970-000 Event Type: Erreur User: AUTORITE NT\SYSTEM

Computer Name: PC-de-MEDION Event Code: 7026 Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : BTHidMgr SASKUTIL Record Number: 168021 Source Name: Service Control Manager Time Written: 20110622061550.000000-000 Event Type: Erreur User:

Computer Name: PC-de-MEDION Event Code: 7000 Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 167970 Source Name: Service Control Manager Time Written: 20110622061422.000000-000 Event Type: Erreur User:

=====Application event log=====

Computer Name: PC-de-MEDION Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 13962 Source Name: Microsoft-Windows-WMI Time Written: 20110305063914.000000-000 Event Type: Erreur User:

Computer Name: PC-de-MEDION Event Code: 6005 Message: Le traitement de l’événement de notification (Logoff) par l’abonné aux notifications Winlogon <Sens> dure longtemps. Record Number: 13940 Source Name: Microsoft-Windows-Winlogon Time Written: 20110304225402.000000-000 Event Type: Avertissement User:

Computer Name: PC-de-MEDION Event Code: 4879 Message: MS DTC a rencontré une erreur (HR=0x80000171) lors d’une tentative d’établissement d’une connexion sécurisée avec le système PC-DE-MEDION. Record Number: 13922 Source Name: Microsoft-Windows-MSDTC Client 2 Time Written: 20110304082618.000000-000 Event Type: Avertissement User:

Computer Name: PC-de-MEDION Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 13908 Source Name: Microsoft-Windows-WMI Time Written: 20110304081839.000000-000 Event Type: Erreur User:

Computer Name: PC-de-MEDION Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 13862 Source Name: Microsoft-Windows-WMI Time Written: 20110303081236.000000-000 Event Type: Erreur User:

=====Security event log=====

Computer Name: PC-de-MEDION Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MEDION$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus : ID du processus : 0x318 Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : -

Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 39905 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110619155001.624161-000 Event Type: Succès de l'audit User:

Computer Name: PC-de-MEDION Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MEDION$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost

Informations sur le processus : ID du processus : 0x318 Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau : Adresse du réseau : - Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 39904 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110619155001.624161-000 Event Type: Succès de l'audit User:

Computer Name: PC-de-MEDION Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 39903 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110619155001.249761-000 Event Type: Succès de l'audit User:

Computer Name: PC-de-MEDION Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MEDION$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus : ID du processus : 0x318 Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : -

Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 39902 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110619155001.249761-000 Event Type: Succès de l'audit User:

Computer Name: PC-de-MEDION Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-MEDION$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost

Informations sur le processus : ID du processus : 0x318 Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau : Adresse du réseau : - Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 39901 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110619155001.249761-000 Event Type: Succès de l'audit User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Softex\OmniPass;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\IVT Corporation\BlueSoleil\Mobile;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Linkury\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

Anonyme
 Posté le 01/11/2011 à 13:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Re,

¤Télécharge Lop S&D2 (merci Eric_71) : Ici
Lance-le puis clique sur Start scan
Poste le rapport généré

sophana
 Posté le 01/11/2011 à 13:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Lop S&D by Eric_71

SeDebugPrivilege granted successfully ...

Windows Vista Home Edition (6.0.6002) Service Pack 2 x86 Family 6 Model 15 Stepping 13, GenuineIntel

[wscsvc] (Security Center) RUNNING (state:4) [MpsSvc] RUNNING (state:4) Windows Firewall -> Enabled Windows Defender -> Enabled User Account Control (UAC) -> Enabled Internet Explorer 9.0.8112.16421

C:\ [Fixed-NTFS] .. ( Total:277 Go - Free:187 Go ) D:\ [Fixed-FAT32] .. ( Total:20 Go - Free:10 Go ) F:\ [CD_Rom] G:\ [Removable]

Selected -> C:\D:\G:\

Path : C:\? User : MEDION ( Administrator -> YES )

--------------------\\ Scan

(Processes) C:\Program Files\Internet Explorer\iexplore.exe (Processes) C:\Program Files\Internet Explorer\iexplore.exe (Processes) C:\Program Files\Internet Explorer\iexplore.exe

--------------------\\ Other

[Locked Process] audiodg.exe (1472) [Locked Process] Idle Process (0) [Locked Process] System (4)

--------------------\\ EOF

Report : C:\LopSD$\LopSD_1.txt - (01/11/2011 | 13:31.07)

Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
Carnet d'adresses yahoo sur iphone piraté?
Détournement de mon carnet d'adresses hotmail
Carnet d'adresse piraté
Protéger le carnet d' adresses
SAFARI:une faille pioche dans le carnet d'adresses
carnet d'adresses Unyk
carnet d'adresses synchronisé
Virus par carnet d'adresses
adresses inconnues dans carnet résolu
Outlook Express Protection du carnet d'adresses
Plus de sujets relatifs à carnet adresses piraté
 > Tous les forums > Forum Sécurité