Forum Clubic

Autorun.inf, newspedia et nissan.exe

Bonjour à tous,

j’ai tenté de desinfecter mon pc pour les pb suivants :

  • ouverture intempestive de fenêtre sous firefox sur site newspedia
  • présence de fichier autorun.inf sur mon pc
  • détection du virus nissan.exe vai le logiciel malwarebytes

Sur les conseils de cricri58, j’ai téléchargé RSIT et voici ci-dessous les rapports. Merci de votre analyse :slight_smile:

voici le fichier log :

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-12-25 12:47:17
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 3 GB (17%) free of 20 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:55, on 25/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM…\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM…\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM…\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WINDOWSsystem32GPhotos.scr…
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


End of file - 9768 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d’Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AGRSMMSG”=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
“BMMLREF”=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2004-02-05 20480]
“BMMMONWND”=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2004-02-05 395264]
“QCWLICON”=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016]
“TPHOTKEY”=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-03-03 94208]
“ATIModeChange”=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
“ccApp”=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2004-08-06 66680]
“vptray”=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-08-06 124112]
“NBKeyScan”=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]
“”= []
“SynTPLpr”=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-06-24 126976]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-06-24 561152]
“QCTRAY”=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [2005-03-18 745472]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-11-20 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-08-06 83160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
@xpsp3res.dll,-20000"
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe:*Bonjour”
“C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe”=“C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*Adobe Version Cue CS3 Server”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\KLIZAVI/sapun.exe
shell\explore\command - F:\KLIZAVI/sapun.exe
shell\open\command - F:\KLIZAVI/sapun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b1ecc441-bdb6-11de-9590-00054e477c9f}]
shell\AutoRun\command - F:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e4982250-955b-11de-9581-ce9066584105}]
shell\AutoRun\command - F:\ime/moje.exe
shell\explore\command - F:\ime/moje.exe
shell\open\command - F:\ime/moje.exe

======List of files/folders created in the last 1 months======

2009-12-25 12:47:17 ----D---- C:\rsit
2009-12-25 12:47:17 ----D---- C:\Program Files\trend micro
2009-12-25 12:45:21 ----HDC---- C:\WINDOWS$NtUninstallKB970430$
2009-12-25 12:45:04 ----HDC---- C:\WINDOWS$NtUninstallKB971737$
2009-12-25 12:42:48 ----D---- C:\WINDOWS\LastGood
2009-12-24 21:54:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2009-12-24 21:44:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2009-12-24 17:06:24 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-12-24 17:01:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-24 16:56:12 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-12-24 16:56:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-24 16:55:03 ----HDC---- C:\WINDOWS$NtUninstallKB958869$
2009-12-24 16:54:57 ----HDC---- C:\WINDOWS$NtUninstallKB976098-v2$
2009-12-24 16:54:52 ----HDC---- C:\WINDOWS$NtUninstallKB974318$
2009-12-24 16:54:46 ----HDC---- C:\WINDOWS$NtUninstallKB969059$
2009-12-24 16:54:40 ----HDC---- C:\WINDOWS$NtUninstallKB954155_WM9$
2009-12-24 16:54:36 ----HDC---- C:\WINDOWS$NtUninstallKB974112$
2009-12-24 16:54:30 ----HDC---- C:\WINDOWS$NtUninstallKB975025$
2009-12-24 16:54:24 ----HDC---- C:\WINDOWS$NtUninstallKB974571$
2009-12-24 16:54:17 ----HDC---- C:\WINDOWS$NtUninstallKB973687$
2009-12-24 16:54:08 ----HDC---- C:\WINDOWS$NtUninstallKB973904$
2009-12-24 16:54:00 ----HDC---- C:\WINDOWS$NtUninstallKB974392$
2009-12-24 16:53:50 ----HDC---- C:\WINDOWS$NtUninstallKB971486$
2009-12-24 16:53:41 ----HDC---- C:\WINDOWS$NtUninstallKB973525$
2009-12-24 16:53:28 ----HDC---- C:\WINDOWS$NtUninstallKB975467$
2009-12-24 16:53:18 ----HDC---- C:\WINDOWS$NtUninstallKB968389$
2009-12-24 16:53:04 ----HDC---- C:\WINDOWS$NtUninstallKB969947$
2009-12-24 16:04:59 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-12-24 16:04:23 ----D---- C:\Program Files\GrabIt
2009-12-24 16:00:53 ----A---- C:\WINDOWS\VPC32.INI
2009-12-24 15:56:29 ----D---- C:\WINDOWS\ie7updates
2009-12-24 15:56:04 ----D---- C:\WINDOWS\WBEM
2009-12-24 15:54:50 ----HDC---- C:\WINDOWS\ie7
2009-12-24 15:54:39 ----HDC---- C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
2009-12-24 15:54:13 ----HDC---- C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
2009-12-12 21:58:10 ----SHD---- C:\RECYCLER
2009-12-10 22:27:49 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-27 20:45:10 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

======List of files/folders modified in the last 1 months======

2009-12-25 12:47:17 ----RD---- C:\Program Files
2009-12-25 12:45:24 ----HD---- C:\WINDOWS\inf
2009-12-25 12:45:24 ----D---- C:\WINDOWS
2009-12-25 12:45:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 12:45:23 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 12:45:23 ----D---- C:\WINDOWS\system32
2009-12-25 12:45:18 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 12:45:14 ----HD---- C:\WINDOWS$hf_mig$
2009-12-25 12:42:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 12:42:10 ----D---- C:\WINDOWS\Prefetch
2009-12-25 12:42:09 ----D---- C:\WINDOWS\Temp
2009-12-25 11:35:04 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 11:33:53 ----D---- C:\Program Files\Symantec AntiVirus
2009-12-25 00:48:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 00:46:46 ----HDC---- C:\WINDOWS$NtUninstallKB929399$
2009-12-24 16:56:18 ----SHD---- C:\WINDOWS\Installer
2009-12-24 16:55:03 ----D---- C:\WINDOWS\WinSxS
2009-12-24 16:13:40 ----D---- C:\WINDOWS\Help
2009-12-24 16:13:40 ----D---- C:\Program Files\Internet Explorer
2009-12-24 15:56:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-12-24 15:56:07 ----D---- C:\WINDOWS\system32\config
2009-12-24 15:55:56 ----D---- C:\WINDOWS\Media
2009-12-24 15:44:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-17 21:28:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 SAVRT;SAVRT; ??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2003-10-24 14848]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-08-06 263736]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2003-10-24 8831]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2004-02-05 15360]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-30 17801]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PMEM;PMEM; ??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 SAVRTPEL;SAVRTPEL; ??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-28 449856]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-11-20 597504]
R3 CmBatt;Pilote d’adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-06-13 104448]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2004-11-05 12944]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NAVENG;NAVENG; ??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20091224.002\naveng.sys []
R3 NAVEX15;NAVEX15; ??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20091224.002\navex15.sys []
R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-27 578432]
R3 SymEvent;SymEvent; ??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-08-06 16280]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-24 265744]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-11-20 323584]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-01-20 135168]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2004-08-06 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2004-08-06 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-08-06 29912]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2004-11-05 57344]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-24 1028432]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-08-06 1258712]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-30 603904]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-01-24 36864]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2004-08-06 87160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-30 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-08-06 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2004-08-06 201944]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-30 362240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Et voici le fichier info :

info.txt logfile of random’s system information tool 1.06 2009-12-25 12:47:56

======Uninstall list======

–>C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
–>C:\Program Files\Nero\Nero8\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
–>C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
–>C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
–>C:\WINDOWS\UNRecode.exe /UNINSTALL
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Tools–>C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Access IBM–>MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Ad-Aware–>“C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe” REMOVE=TRUE MODIFY=FALSE
Ad-Aware–>C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe After Effects CS3 Presets–>MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3–>MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3–>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3–>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3–>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting–>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3–>MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0–>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps–>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific–>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings–>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings–>MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings–>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings–>MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Contribute CS3–>MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251}
Adobe Creative Suite 3 Master Collection–>MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
Adobe Default Language CS3–>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3–>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3–>MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe Encore CS3 Codecs–>MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3–>MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2–>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3–>MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3–>MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}
Adobe Flash CS3–>MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX–>MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin–>MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder–>MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All–>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3–>MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3–>MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 Icon Handler–>MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3–>MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
Adobe Linguistics CS3–>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files–>MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files–>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3–>MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Premiere Pro CS3 Functional Content–>MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content–>MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3–>MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup–>MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
Adobe SING CS3–>MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs–>MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3–>MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3–>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support–>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3–>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client–>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server–>MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles–>MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3–>MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin–>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3–>MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3–>MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Agere Systems AC’97 Modem–>agrsmdel
AHV content for Acrobat and Flash–>MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection–>C:\Program Files\Fichiers communs\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
Apple Software Update–>MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
ATI - Utilitaire de désinstallation du logiciel–>C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver–>rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bluetooth Software–>MsiExec.exe /X{E98D6792-FC51-4187-9448-CA9BF893384E}
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
Correctif pour Lecteur Windows Media 11 (KB939683)–>“C:\WINDOWS$NtUninstallKB939683$\spuninst\spuninst.exe”
Correctif pour Windows XP (KB952287)–>“C:\WINDOWS$NtUninstallKB952287$\spuninst\spuninst.exe”
Correctif pour Windows XP (KB970653-v3)–>“C:\WINDOWS$NtUninstallKB970653-v3$\spuninst\spuninst.exe”
Correctif pour Windows XP (KB976098-v2)–>“C:\WINDOWS$NtUninstallKB976098-v2$\spuninst\spuninst.exe”
DVD Shrink 3.2–>“C:\Program Files\DVD Shrink\unins000.exe”
Folder Size for Windows–>MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
GrabIt 1.6.2 Beta (build 940)–>“C:\Program Files\GrabIt\unins000.exe”
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)–>“C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
IBM Access Connections–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{22B71A00-4DED-11D4-A5E5-0004AC564F43}\setup.exe” -l0x40c anything
IBM ThinkPad Battery MaxiMiser and Power Management Features–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration–>C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad Power Management Driver–>RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad UltraNav Driver–>rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\SETUP.EXE” -l0x40c UNINSTALLFROMSYS
Intel® PRO Network Adapters and Drivers–>Prounstl.exe
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
LiveUpdate 2.0 (Symantec Corporation)–>C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Office XP Professional avec FrontPage–>MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)–>“C:\WINDOWS$NtUninstallKB952069_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)–>“C:\WINDOWS$NtUninstallKB954155_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)–>“C:\WINDOWS$NtUninstallKB968816_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)–>“C:\WINDOWS$NtUninstallKB973540_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)–>“C:\WINDOWS$NtUninstallKB954154_WM11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)–>“C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)–>“C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB923561)–>“C:\WINDOWS$NtUninstallKB923561$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB938464-v2)–>“C:\WINDOWS$NtUninstallKB938464-v2$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB941569)–>“C:\WINDOWS$NtUninstallKB941569$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB94664–>“C:\WINDOWS$NtUninstallKB946648$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950762)–>“C:\WINDOWS$NtUninstallKB950762$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950974)–>“C:\WINDOWS$NtUninstallKB950974$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951066)–>“C:\WINDOWS$NtUninstallKB951066$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951376-v2)–>“C:\WINDOWS$NtUninstallKB951376-v2$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB95174–>“C:\WINDOWS$NtUninstallKB951748$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB952004)–>“C:\WINDOWS$NtUninstallKB952004$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB952954)–>“C:\WINDOWS$NtUninstallKB952954$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB954459)–>“C:\WINDOWS$NtUninstallKB954459$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB954600)–>“C:\WINDOWS$NtUninstallKB954600$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB955069)–>“C:\WINDOWS$NtUninstallKB955069$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956572)–>“C:\WINDOWS$NtUninstallKB956572$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956744)–>“C:\WINDOWS$NtUninstallKB956744$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956802)–>“C:\WINDOWS$NtUninstallKB956802$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956803)–>“C:\WINDOWS$NtUninstallKB956803$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956844)–>“C:\WINDOWS$NtUninstallKB956844$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB957097)–>“C:\WINDOWS$NtUninstallKB957097$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB958644)–>“C:\WINDOWS$NtUninstallKB958644$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB958687)–>“C:\WINDOWS$NtUninstallKB958687$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB958869)–>“C:\WINDOWS$NtUninstallKB958869$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB959426)–>“C:\WINDOWS$NtUninstallKB959426$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB960225)–>“C:\WINDOWS$NtUninstallKB960225$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB960803)–>“C:\WINDOWS$NtUninstallKB960803$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB960859)–>“C:\WINDOWS$NtUninstallKB960859$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB961371-v2)–>“C:\WINDOWS$NtUninstallKB961371-v2$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB961501)–>“C:\WINDOWS$NtUninstallKB961501$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB968537)–>“C:\WINDOWS$NtUninstallKB968537$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB969059)–>“C:\WINDOWS$NtUninstallKB969059$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB969947)–>“C:\WINDOWS$NtUninstallKB969947$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB97023–>“C:\WINDOWS$NtUninstallKB970238$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB970430)–>“C:\WINDOWS$NtUninstallKB970430$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB971486)–>“C:\WINDOWS$NtUninstallKB971486$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB971557)–>“C:\WINDOWS$NtUninstallKB971557$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB971633)–>“C:\WINDOWS$NtUninstallKB971633$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB971657)–>“C:\WINDOWS$NtUninstallKB971657$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB971961)–>“C:\WINDOWS$NtUninstallKB971961$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB972260)–>“C:\WINDOWS$NtUninstallKB972260$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB973346)–>“C:\WINDOWS$NtUninstallKB973346$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB973354)–>“C:\WINDOWS$NtUninstallKB973354$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB973507)–>“C:\WINDOWS$NtUninstallKB973507$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB973525)–>“C:\WINDOWS$NtUninstallKB973525$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB973869)–>“C:\WINDOWS$NtUninstallKB973869$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB973904)–>“C:\WINDOWS$NtUninstallKB973904$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB974112)–>“C:\WINDOWS$NtUninstallKB974112$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB974318)–>“C:\WINDOWS$NtUninstallKB974318$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB974392)–>“C:\WINDOWS$NtUninstallKB974392$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB974571)–>“C:\WINDOWS$NtUninstallKB974571$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB975025)–>“C:\WINDOWS$NtUninstallKB975025$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB975467)–>“C:\WINDOWS$NtUninstallKB975467$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB898461)–>“C:\WINDOWS$NtUninstallKB898461$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB95197–>“C:\WINDOWS$NtUninstallKB951978$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB967715)–>“C:\WINDOWS$NtUninstallKB967715$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB968389)–>“C:\WINDOWS$NtUninstallKB968389$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB971737)–>“C:\WINDOWS$NtUninstallKB971737$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB973687)–>“C:\WINDOWS$NtUninstallKB973687$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB973815)–>“C:\WINDOWS$NtUninstallKB973815$\spuninst\spuninst.exe”
Mozilla Firefox (3.5.2)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB97368–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8–>MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}
PDF Settings–>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3–>“C:\Program Files\Google\Picasa3\Uninstall.exe”
PL-2303 USB-to-Serial–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe” -l0x9 Installed
QuickTime–>MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer–>C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Shockwave–>C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoundMAX–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE”
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Symantec AntiVirus–>MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
TeraCopy 2.01–>“C:\Program Files\TeraCopy\unins000.exe”
TuneUp Utilities 2009–>MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Visual C++ 2008 x86 Runtime - (v9.0.30729)–>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01–>C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.0–>C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7–>“C:\WINDOWS\ie7\spuninst\spuninst.exe”
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows XP Service Pack 3–>“C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe”

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======System event log======

Computer Name: XP-0C10B5DE7477
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d’une opération de pagination.

Record Number: 957
Source Name: Disk
Time Written: 20091020223633.000000+120
Event Type: Avertissement
User:

Computer Name: XP-0C10B5DE7477
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d’une opération de pagination.

Record Number: 956
Source Name: Disk
Time Written: 20091020223624.000000+120
Event Type: Avertissement
User:

Computer Name: XP-0C10B5DE7477
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d’une opération de pagination.

Record Number: 955
Source Name: Disk
Time Written: 20091020223621.000000+120
Event Type: Avertissement
User:

Computer Name: XP-0C10B5DE7477
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d’une opération de pagination.

Record Number: 954
Source Name: Disk
Time Written: 20091020223618.000000+120
Event Type: Avertissement
User:

Computer Name: XP-0C10B5DE7477
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\D au cours d’une opération de pagination.

Record Number: 953
Source Name: Disk
Time Written: 20091020223615.000000+120
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: XP-0C10B5DE7477
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090830125509.000000+120
Event Type: Informations
User:

Computer Name: XP-0C10B5DE7477
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090830125506.000000+120
Event Type: Informations
User:

Computer Name: XP-0C10B5DE7477
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090830125400.000000+120
Event Type: Informations
User:

Computer Name: XP-0C10B5DE7477
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090830125341.000000+120
Event Type: Informations
User:

Computer Name: XP-0C10B5DE7477
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090830125329.000000+120
Event Type: Informations
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem
“windir”=%SystemRoot%
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 9 Stepping 5, GenuineIntel
“PROCESSOR_REVISION”=0905
“NUMBER_OF_PROCESSORS”=1
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“CLASSPATH”=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
“QTJAVA”=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Re

alors comme dis avant

surtout lis bien,fais dans l ordre et poste moi tous les rapports ==> Tous sans excéption

  1. Lances Hijackthis

Cliques sur ==> Do a System Scan Only

coches ces Lignes

Fermes tes autres applications sauf ==> hijackthis ( bien sûr )

et Cliques sur ==> Fix Checked

ensuite

  1. Désactives ton antivirus

Télécharge OTM de OldTimer sur le bureau :

==>OTM de OldTimer

Double-clique sur OTM.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

    http://i36.tinypic.com/oud1k4.png

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:_OTM\MovedFiles.

Réactives ton antivirus

aussi

  1. télécharges --> Malwarebytes’ (mbam)

==> Malwarebytes’ (mbam)

installes + mise a jour

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”

==> Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport

Important ==>Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection

=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

aprés et toute ton attention !!

  1. Désactives ton antivirus

Telecharge et install UsbFix (de C_XX & Chiquitine29)

==>UsbFix (de C_XX & Chiquitine29)

Déconnectes toi et fermes toutes applications en cours

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir

Double clic sur le raccourci UsbFix présent sur ton bureau .

Choisi ==> ==> l option 2 (Suppression)

Laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Réactives ton antivirus

@+ cricri58
Edité le 25/12/2009 à 16:18

Voici le rapport de UsbFix car tout le reste indique aucune infections.

############################## | UsbFix V6.067 |

User : Administrateur (Administrateurs) # XP-0C10B5DE7477
Update on 24/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:00:48 | 25/12/2009
Website : pagesperso-orange.fr…
Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) M processor 1700MHz

Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Symantec AntiVirus Corporate Edition 9.0.0.1400 [ Enabled | Updated ]

C:\ -> Disque fixe local # 19,53 Go (2,67 Go free) # NTFS
D:\ -> Disque fixe local # 36,36 Go (7,8 Go free) # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 298,09 Go (20,06 Go free) [WD 300GO] # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 676
C:\WINDOWS\system32\csrss.exe 740
C:\WINDOWS\system32\winlogon.exe 764
C:\WINDOWS\system32\services.exe 808
C:\WINDOWS\system32\lsass.exe 820
C:\WINDOWS\system32\ibmpmsvc.exe 972
C:\WINDOWS\system32\Ati2evxx.exe 996
C:\WINDOWS\system32\svchost.exe 1016
C:\WINDOWS\system32\svchost.exe 1084
C:\WINDOWS\System32\svchost.exe 1124
C:\WINDOWS\system32\svchost.exe 1208
C:\WINDOWS\system32\logonui.exe 1276
C:\WINDOWS\system32\svchost.exe 1364
C:\WINDOWS\system32\Ati2evxx.exe 1568
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe 1780
C:\WINDOWS\Explorer.EXE 1816
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe 1820
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1916
C:\WINDOWS\system32\spoolsv.exe 2032
C:\WINDOWS\system32\svchost.exe 1564
C:\Program Files\Bonjour\mDNSResponder.exe 1688
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe 1744
C:\Program Files\Symantec AntiVirus\DefWatch.exe 1940
C:\Program Files\FolderSize\FolderSizeSvc.exe 248
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 352
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 492
C:\WINDOWS\System32\QCONSVC.EXE 1176
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 1556
C:\Program Files\Symantec AntiVirus\Rtvscan.exe 1400
C:\WINDOWS\System32\TUProgSt.exe 1620
C:\WINDOWS\system32\wbem\wmiprvse.exe 2236
C:\WINDOWS\system32\wuauclt.exe 2268
C:\WINDOWS\system32\acs.exe 2336
C:\WINDOWS\system32\wbem\unsecapp.exe 2380
C:\WINDOWS\System32\alg.exe 2464
C:\WINDOWS\system32\wbem\wmiprvse.exe 2524

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-2323504299-1372885852-512829593-0463
Supprimé ! C:\Recycler\S-1-5-21-3377515684-7851649560-104235807-0128
Supprimé ! C:\Recycler\S-1-5-21-4964045621-5864204106-990644174-6682
Supprimé ! C:\Recycler\S-1-5-21-5084553734-5205918674-341629622-3097
Supprimé ! C:\Recycler\S-1-5-21-5668537423-9747708058-879781428-0628
Supprimé ! C:\Recycler\S-1-5-21-682003330-688789844-1343024091-500
Supprimé ! C:\Recycler\S-1-5-21-7372407027-8022882651-067107688-4710
Supprimé ! C:\Recycler\S-1-5-21-9883612811-2472616405-103358818-4839
Supprimé ! D:\Recycler\S-1-5-21-1935655697-507921405-1060284298-1003
Supprimé ! D:\Recycler\S-1-5-21-1993962763-920026266-854245398-1003
Supprimé ! D:\Recycler\S-1-5-21-682003330-688789844-1343024091-500
Supprimé ! F:\ime
Supprimé ! F:$Recycle.Bin\S-1-5-21-892376506-3414338807-427674668-1000
Supprimé ! F:\Recycler\S-1-5-21-1993962763-920026266-854245398-1003
Supprimé ! F:\Recycler\S-1-5-21-2722541344-471262096-402298533-1005
Supprimé ! F:\Recycler\S-1-5-21-682003330-688789844-1343024091-500

################## | Registre |

Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

################## | Mountpoints2 |

Supprimé ! HKCU…\Explorer\MountPoints2{3dc213f4-f177-11de-95aa-00054e477c9f}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{b1ecc441-bdb6-11de-9590-00054e477c9f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[30/08/2009 11:58|–a------|0] C:\AUTOEXEC.BAT
[30/08/2009 11:53|—hs----|212] C:\boot.ini
[24/08/2001 13:00|-rahs----|4952] C:\Bootfont.bin
[30/08/2009 11:58|–a------|0] C:\CONFIG.SYS
[30/08/2009 11:58|-rahs----|0] C:\IO.SYS
[30/08/2009 11:58|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[30/08/2009 12:35|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[25/12/2009 20:05|–a------|4422] C:\UsbFix.txt
[26/10/2008 09:33|–a------|98] D:.syncfiles
[05/09/2001 21:00|–a------|1700352] D:\gdiplus.dll
[01/11/2008 16:04|–a------|371434896] D:\naxette.iso
[05/09/2001 20:00|–a------|1700352] F:\gdiplus.dll
[08/04/2009 13:20|–a------|127067] F:\header_vierge.png
[08/04/2009 13:20|–a------|65952] F:\header_vierge_2.png
[03/03/2009 18:49|–a------|4699979776] F:\MarioTennisGC(Wii Version).iso
[03/11/2009 07:55|–ahs----|11776] F:\Thumbs.db
[14/07/2009 22:14|–a------|4699979776] F:\Tuto_Flash.iso
[05/11/2009 01:06|–a------|2610311215] F:\ZENAQ_data.zip

################## | Vaccination |

C:\autorun.inf -> Dossier créé par UsbFix.

D:\autorun.inf -> Dossier créé par UsbFix.

F:\autorun.inf -> Dossier créé par UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\ADMINI~1\Bureau\UsbFix_Upload_Me_XP-0C10B5DE7477.zip : chiquitine.changelog.fr…
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.067 ! |

UsbFix à fait son Travail !!

j aurai aimé voir le rapport d OTM

aprés

télécharges et installes Ccleaner

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet Nettoyeur puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

Poste un nouveau log RSIT

cricri58
Edité le 25/12/2009 à 20:23

Voilà le nouveau rapport

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-12-25 20:47:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 3 GB (14%) free of 20 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:41, on 25/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM…\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM…\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM…\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr…
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


End of file - 8844 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d’Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“AGRSMMSG”=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
“BMMLREF”=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2004-02-05 20480]
“BMMMONWND”=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2004-02-05 395264]
“QCWLICON”=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016]
“TPHOTKEY”=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-03-03 94208]
“ATIModeChange”=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
“ccApp”=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2004-08-06 66680]
“vptray”=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-08-06 124112]
“NBKeyScan”=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]
“”= []
“SynTPLpr”=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-06-24 126976]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-06-24 561152]
“QCTRAY”=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [2005-03-18 745472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-11-20 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-08-06 83160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=128
“NoDriveAutoRun”=128
“HonorAutoRunSetting”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour"
“C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe”="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:
:Enabled:Adobe Version Cue CS3 Server”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:
:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-12-25 20:14:36 ----D---- C:\Program Files\QuickPar
2009-12-25 20:05:21 ----RASHD---- C:\autorun.inf
2009-12-25 20:00:27 ----A---- C:\UsbFix.txt
2009-12-25 19:58:03 ----D---- C:\UsbFix
2009-12-25 18:25:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-25 17:54:26 ----D---- C:_OTM
2009-12-25 15:32:03 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR
2009-12-25 12:47:17 ----D---- C:\rsit
2009-12-25 12:47:17 ----D---- C:\Program Files\trend micro
2009-12-25 12:45:21 ----HDC---- C:\WINDOWS$NtUninstallKB970430$
2009-12-25 12:45:04 ----HDC---- C:\WINDOWS$NtUninstallKB971737$
2009-12-24 21:54:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2009-12-24 21:44:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2009-12-24 17:06:24 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-12-24 16:56:12 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-12-24 16:56:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-24 16:55:03 ----HDC---- C:\WINDOWS$NtUninstallKB958869$
2009-12-24 16:54:57 ----HDC---- C:\WINDOWS$NtUninstallKB976098-v2$
2009-12-24 16:54:52 ----HDC---- C:\WINDOWS$NtUninstallKB974318$
2009-12-24 16:54:46 ----HDC---- C:\WINDOWS$NtUninstallKB969059$
2009-12-24 16:54:40 ----HDC---- C:\WINDOWS$NtUninstallKB954155_WM9$
2009-12-24 16:54:36 ----HDC---- C:\WINDOWS$NtUninstallKB974112$
2009-12-24 16:54:30 ----HDC---- C:\WINDOWS$NtUninstallKB975025$
2009-12-24 16:54:24 ----HDC---- C:\WINDOWS$NtUninstallKB974571$
2009-12-24 16:54:17 ----HDC---- C:\WINDOWS$NtUninstallKB973687$
2009-12-24 16:54:08 ----HDC---- C:\WINDOWS$NtUninstallKB973904$
2009-12-24 16:54:00 ----HDC---- C:\WINDOWS$NtUninstallKB974392$
2009-12-24 16:53:50 ----HDC---- C:\WINDOWS$NtUninstallKB971486$
2009-12-24 16:53:41 ----HDC---- C:\WINDOWS$NtUninstallKB973525$
2009-12-24 16:53:28 ----HDC---- C:\WINDOWS$NtUninstallKB975467$
2009-12-24 16:53:18 ----HDC---- C:\WINDOWS$NtUninstallKB968389$
2009-12-24 16:53:04 ----HDC---- C:\WINDOWS$NtUninstallKB969947$
2009-12-24 16:04:59 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-12-24 16:04:23 ----D---- C:\Program Files\GrabIt
2009-12-24 16:00:53 ----A---- C:\WINDOWS\VPC32.INI
2009-12-24 15:56:29 ----D---- C:\WINDOWS\ie7updates
2009-12-24 15:56:04 ----D---- C:\WINDOWS\WBEM
2009-12-24 15:54:50 ----HDC---- C:\WINDOWS\ie7
2009-12-24 15:54:39 ----HDC---- C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
2009-12-24 15:54:13 ----HDC---- C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
2009-12-12 21:58:10 ----SHD---- C:\RECYCLER
2009-12-10 22:27:49 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-27 20:45:10 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

======List of files/folders modified in the last 3 months======

2009-12-25 20:46:22 ----D---- C:\Program Files\Symantec AntiVirus
2009-12-25 20:46:06 ----D---- C:\WINDOWS\Temp
2009-12-25 20:45:36 ----D---- C:\WINDOWS
2009-12-25 20:44:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 20:42:52 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 20:41:55 ----D---- C:\WINDOWS\Debug
2009-12-25 20:14:36 ----RD---- C:\Program Files
2009-12-25 20:05:43 ----D---- C:\WINDOWS\Prefetch
2009-12-25 19:26:35 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-12-25 18:43:40 ----HD---- C:\WINDOWS\inf
2009-12-25 18:43:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 15:26:18 ----HDC---- C:\WINDOWS$NtUninstallKB946648$
2009-12-25 15:26:18 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 13:09:21 ----D---- C:\WINDOWS\system32
2009-12-25 13:09:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 12:45:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 12:45:14 ----HD---- C:\WINDOWS$hf_mig$
2009-12-25 00:46:46 ----HDC---- C:\WINDOWS$NtUninstallKB929399$
2009-12-24 16:56:18 ----SHD---- C:\WINDOWS\Installer
2009-12-24 16:55:03 ----D---- C:\WINDOWS\WinSxS
2009-12-24 16:13:40 ----D---- C:\WINDOWS\Help
2009-12-24 16:13:40 ----D---- C:\Program Files\Internet Explorer
2009-12-24 15:56:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-12-24 15:56:07 ----D---- C:\WINDOWS\system32\config
2009-12-24 15:55:56 ----D---- C:\WINDOWS\Media
2009-12-24 15:44:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-29 13:14:20 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 08:44:19 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 08:44:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-10-29 08:44:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\pngfilt.dll
2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-10-29 08:44:18 ----N---- C:\WINDOWS\system32\mshtmled.dll
2009-10-29 08:44:18 ----A---- C:\WINDOWS\system32\url.dll
2009-10-29 08:44:17 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 08:44:17 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\dxtrans.dll
2009-10-29 08:44:15 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-10-29 08:44:15 ----A---- C:\WINDOWS\system32\icardie.dll
2009-10-29 08:44:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-10-29 08:44:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-10-28 16:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 15:36:52 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-28 15:36:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-10-28 07:52:46 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-10-21 06:39:43 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:39:43 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-13 11:33:37 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 14:39:22 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 14:39:22 ----A---- C:\WINDOWS\system32\raschap.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 SAVRT;SAVRT; ??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2003-10-24 14848]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-08-06 263736]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2003-10-24 8831]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2004-02-05 15360]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-30 17801]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PMEM;PMEM; ??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 SAVRTPEL;SAVRTPEL; ??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-28 449856]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-11-20 597504]
R3 CmBatt;Pilote d’adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-06-13 104448]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2004-11-05 12944]
R3 NAVENG;NAVENG; ??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20091225.002\naveng.sys []
R3 NAVEX15;NAVEX15; ??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20091225.002\navex15.sys []
R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-27 578432]
R3 SymEvent;SymEvent; ??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-08-06 16280]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-24 265744]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-11-20 323584]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-01-20 135168]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2004-08-06 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2004-08-06 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-08-06 29912]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2004-11-05 57344]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-24 1028432]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-08-06 1258712]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-30 603904]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-01-24 36864]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2004-08-06 87160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-30 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-08-06 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2004-08-06 201944]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-30 362240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

tu n as pas fait OTM que j avais demandé de faire,plus haut

fais alors OTM ,poste le rapport et un nouveau RSIT

le problème c’est que je n’ai pas de case à cocher… version 3.1.4.0

et pas de citation…
Edité le 25/12/2009 à 21:21

Re

en effet il n y a plus la case ==> l Unregister Dll’s and Ocx’s à cocher

mais la citation c est ceci que je t avais préparé

Copie/colle le texte dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

fermes tes autres applications

  • Clique sur ==>MoveIt! pour lancer la suppression.
  • Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:_OTM\MovedFiles.

Bonjour cricri58,

Voici le rapport otm

All processes killed
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
C:\Program Files\Google\Common\Google Updater folder moved successfully.
File/Folder C:\Program Files\Google\Update not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 72515354 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: pat
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 61399674 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3614208 bytes
Windows Temp folder emptied: 511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 133,00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12262009_161021

Files moved on Reboot…

Registry entries deleted on Reboot…

Salut

1)Télécharge OTL (de OldTimer) sur ton Bureau.

OTL de OLDTimer

  1. Télécharge Winsockxpfix

sur ton bureau ==> sans l executer au cas tu en aurai besoin aprés

==>Winsockxpfix

ensuite
Désactives ton antivirus et antispyware

  1. Télécharge Combofix

==>Combofix

==>sur ton Bureau ==> et pas ailleurs et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>untempo.com
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”
Fermez toutes les fenêtres ouvertes

Double clique==> untempo.com ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

Réactives ton antivirus et antispyware

PS
si ta connexion internet n’est plus active après le redémarrage

Windows XP ==>Fais un double clic sur le fichier de WinsockXPFix
clique sur “Fix”

au cas faudra faire une réparation manuelle

une fois le rapport posté

  1. Télécharge DllCompare

==>DllCompare

Ouvres DllCompare, vérifie que *.DLL ==> sélectionner en haut à droite.

Appuye sur [Run Locate] et ensuite [Compare] pour:

C:\WINDOWS\system32 et C:\WINDOWS

et refais cela en changeant *.DLL pour *.EXE =>en haut à droite

que le scan est fini, clique sur le bouton “Make a Log of what was found”

et réponds " oui"

==> Copie les rapports obtenus

cricri58
Edité le 26/12/2009 à 23:11

waouw encore tout ça à faire ! juste pour ma culture perso, mon pc n’est toujours pas propre ?
Merci de ton aide !!!

Le scan OTL bloque sur un truc du genre ntsvcs settings… et ne se termine pas…
Edité le 26/12/2009 à 18:50

Re

supprime OTL.exe que tu as téléchargé, et télécharge en un un nouveau

et enregistre-le sur ton Bureau.

Double-clique sur OTL.exe pour le lancer. Fermes tes autres applications afin de ne pas interrompre le scan.

  • Quitte les applications en cours afin de ne pas interrompre le scan.
  • Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche “Minimal Output”. Fais de même avec “Scan All Users”.
  • Coche également les cases à côté de “LOP Check” et “Purity Check”.
  • Dans la zone Extra Registry, coche “Use Safelist”.

Ne modifie pas les autres paramètres !

  • Clique sur le bouton Run Scan.

  • Une fois l’analyse terminée, deux fenêtres vont s’ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

  • Copie/colle ici le contenu des deux fichiers. Utilise rapport par message

ensuite passe à la suite
Edité le 26/12/2009 à 23:12

Font de la pub pour les voitures maintenant les virus : Nissan.exe :yeux1:

voici le otl.txt

OTL logfile created on: 27/12/2009 20:52:54 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 2,70 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive D: | 36,36 Gb Total Space | 6,30 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,45 Gb Total Space | 1,48 Gb Free Space | 19,88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-0C10B5DE7477
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe ()
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) – C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) – C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) – C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) – C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) – C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Irmon) – C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (FolderSize) – C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (Nero BackItUp Scheduler 3) – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService) – C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Adobe Version Cue CS3) – C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QCONSVC) – C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
SRV - (ACS) – C:\WINDOWS\system32\acs.exe ()
SRV - (IBMPMSVC) – C:\WINDOWS\system32\ibmpmsvc.exe ()
SRV - (ccSetMgr) – C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) – C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) – C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SavRoam) – C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) – C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) – C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) – C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (btwdins) – C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
SRV - (Ati HotKey Poller) – C:\WINDOWS\system32\ati2evxx.exe ()
SRV - (SoundMAX Agent Service (default)) – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (MDM) – C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) – C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20091225.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) – C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20091225.002\NAVENG.SYS (Symantec Corporation)
DRV - (Lbd) – C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) – C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (PxHelp20) – C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (NSCIRDA) – C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (Secdrv) – C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (QCNDISIF) – C:\WINDOWS\system32\drivers\qcndisif.sys (IBM Corporation.)
DRV - (ANC) – C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMTPCHK) – C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (AR5211) – C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (IBMPMDRV) – C:\WINDOWS\system32\drivers\ibmpmdrv.sys (IBM Corp.)
DRV - (TPHKDRV) – C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (SymEvent) – C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) – C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) – C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) – C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) – C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (TPPWR) – C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (BTKRNL) – C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (ati2mtag) – C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (smwdm) – C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Smapint) – C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) – C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (aeaudio) – C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (PMEM) – C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (AgereSoftModem) – C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SynTP) – C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (E1000) Intel® – C:\WINDOWS\system32\drivers\e1000325.sys (Intel Corporation)
DRV - (Ptilink) – C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…

IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
IE - HKU.DEFAULT.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-682003330-688789844-1343024091-500\S-1-5-21-682003330-688789844-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 16:13:26 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 16:13:26 | 00,000,000 | —D | M]

[2009/12/24 16:05:07 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2009/12/24 16:05:07 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1deaxdsh.default\extensions
[2009/08/30 13:31:51 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2007/02/20 15:04:02 | 02,463,976 | ---- | M] () – C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2009/12/26 16:13:20 | 00,001,516 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/26 16:13:20 | 00,001,822 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/26 16:13:20 | 00,000,757 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/26 16:13:20 | 00,001,426 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/26 16:13:20 | 00,000,652 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (790 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d’Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM…\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM…\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-682003330-688789844-1343024091-500…\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM…\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM…\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM…\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM…\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM…\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM…\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM…\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM…\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM…\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM…\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-688789844-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU\S-1-5-21-682003330-688789844-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O7 - HKU\S-1-5-21-682003330-688789844-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKU\S-1-5-21-682003330-688789844-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Ma page d’accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/30 11:58:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O32 - AutoRun File - [2009/12/25 20:05:21 | 00,000,000 | RHSD | M] - C:\autorun.inf – [ NTFS ]
O32 - AutoRun File - [2009/12/25 20:05:21 | 00,000,000 | RHSD | M] - D:\autorun.inf – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O35 - comfile [open] – “%1” %

O35 - exefile [open] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/27 20:50:18 | 00,513,536 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009/12/26 16:55:49 | 00,000,000 | —D | C] – C:\Program Files\FreeCommander
[2009/12/26 15:46:36 | 00,305,664 | ---- | C] (Inekman) – C:\Documents and Settings\Administrateur\Bureau\xtremsplit_xtremsplit_1.2_francais_14862.exe
[2009/12/26 14:11:50 | 00,000,000 | —D | C] – C:\Program Files\yEnc32
[2009/12/25 20:41:55 | 00,000,000 | RH-D | C] – C:\Documents and Settings\Administrateur\Recent
[2009/12/25 20:14:36 | 00,000,000 | —D | C] – C:\Program Files\QuickPar
[2009/12/25 20:05:21 | 00,000,000 | RHSD | C] – C:\autorun.inf
[2009/12/25 19:58:03 | 00,000,000 | —D | C] – C:\UsbFix
[2009/12/25 18:25:33 | 00,000,000 | R–D | C] – C:\Documents and Settings\Administrateur\Mes documents\Mes vidéos
[2009/12/25 18:25:28 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/25 17:54:26 | 00,000,000 | —D | C] – C:_OTM
[2009/12/25 17:52:03 | 00,452,096 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Administrateur\Bureau\OTM.exe
[2009/12/25 15:43:25 | 02,406,400 | ---- | C] (EVOSLA) – C:\Documents and Settings\Administrateur\Bureau\rav.exe
[2009/12/25 15:32:03 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Application Data\WinRAR
[2009/12/25 12:47:17 | 00,000,000 | —D | C] – C:\Program Files\trend micro
[2009/12/25 12:47:17 | 00,000,000 | —D | C] – C:\rsit
[2009/12/25 12:17:13 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Mes documents\Téléchargements
[2009/12/24 21:54:44 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Application Data\Macromedia
[2009/12/24 21:44:42 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
[2009/12/24 17:06:24 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2009/12/24 16:56:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/24 16:56:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/24 16:56:12 | 00,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2009/12/24 16:56:12 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/24 16:04:59 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla
[2009/12/24 16:04:59 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2009/12/24 16:04:23 | 00,000,000 | —D | C] – C:\Program Files\GrabIt
[2009/12/24 15:56:29 | 00,000,000 | —D | C] – C:\WINDOWS\ie7updates
[2009/12/24 15:56:13 | 06,067,200 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/24 15:56:13 | 02,452,872 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/12/24 15:56:13 | 01,048,576 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/12/24 15:56:13 | 00,459,264 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/24 15:56:13 | 00,380,928 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/12/24 15:56:13 | 00,268,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/24 15:56:13 | 00,052,224 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/24 15:56:13 | 00,013,824 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/12/24 15:56:12 | 00,063,488 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\icardie.dll
[2009/12/24 15:56:04 | 00,000,000 | —D | C] – C:\WINDOWS\WBEM
[2009/12/24 15:54:50 | 00,000,000 | -H-D | C] – C:\WINDOWS\ie7
[2009/12/24 15:54:39 | 00,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
[2009/12/24 15:54:13 | 00,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
[2009/12/23 23:35:24 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrateur\Bureau\Terminator Renaissance4.French.DVDRip
[2009/12/12 21:58:10 | 00,000,000 | -HSD | C] – C:\RECYCLER
[2009/12/10 22:27:49 | 00,021,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/12/10 22:27:28 | 00,014,720 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbdhid.sys
[2009/12/10 22:27:11 | 00,032,128 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/08/30 12:52:49 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/30 12:01:53 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/30 12:01:52 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/12/27 20:50:22 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009/12/27 20:26:04 | 00,000,504 | ---- | M] () – C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2009/12/27 18:07:45 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2009/12/27 18:07:31 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2009/12/27 18:07:26 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2009/12/26 20:32:58 | 01,835,008 | -H-- | M] () – C:\Documents and Settings\Administrateur\NTUSER.DAT
[2009/12/26 20:32:58 | 00,000,184 | -HS- | M] () – C:\Documents and Settings\Administrateur\ntuser.ini
[2009/12/26 16:55:53 | 00,000,680 | ---- | M] () – C:\Documents and Settings\Administrateur\Bureau\FreeCommander.lnk
[2009/12/26 15:46:43 | 00,305,664 | ---- | M] (Inekman) – C:\Documents and Settings\Administrateur\Bureau\xtremsplit_xtremsplit_1.2_francais_14862.exe
[2009/12/25 20:42:35 | 00,008,546 | ---- | M] () – C:\Documents and Settings\Administrateur\Mes documents\cc_20091225_204221.reg
[2009/12/25 20:39:42 | 00,001,548 | ---- | M] () – C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2009/12/25 20:14:37 | 00,000,682 | ---- | M] () – C:\Documents and Settings\Administrateur\Bureau\QuickPar.lnk
[2009/12/25 20:05:52 | 00,004,195 | ---- | M] () – C:\Documents and Settings\Administrateur\Bureau\UsbFix_Upload_Me_XP-0C10B5DE7477.zip
[2009/12/25 18:25:34 | 00,000,049 | ---- | M] () – C:\WINDOWS\NeroDigital.ini
[2009/12/25 17:50:23 | 00,452,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Administrateur\Bureau\OTM.exe
[2009/12/25 15:32:02 | 00,927,415 | R— | M] () – C:\Documents and Settings\Administrateur\Bureau\rav.zip
[2009/12/25 13:09:21 | 00,775,210 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/25 13:09:21 | 00,368,314 | ---- | M] () – C:\WINDOWS\System32\perfh00C.dat
[2009/12/25 13:09:21 | 00,311,938 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2009/12/25 13:09:21 | 00,049,054 | ---- | M] () – C:\WINDOWS\System32\perfc00C.dat
[2009/12/25 13:09:21 | 00,040,326 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2009/12/25 12:45:04 | 00,781,909 | ---- | M] () – C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
[2009/12/24 21:47:12 | 00,021,192 | ---- | M] () – C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/24 17:03:07 | 01,432,184 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/24 16:56:17 | 00,000,696 | ---- | M] () – C:\Documents and Settings\All Users\Bureau\Malwarebytes’ Anti-Malware.lnk
[2009/12/24 16:04:25 | 00,000,606 | ---- | M] () – C:\Documents and Settings\Administrateur\Bureau\GrabIt.lnk
[2009/12/24 16:00:53 | 00,000,000 | ---- | M] () – C:\WINDOWS\VPC32.INI
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2009/12/26 16:55:53 | 00,000,680 | ---- | C] () – C:\Documents and Settings\Administrateur\Bureau\FreeCommander.lnk
[2009/12/25 20:42:25 | 00,008,546 | ---- | C] () – C:\Documents and Settings\Administrateur\Mes documents\cc_20091225_204221.reg
[2009/12/25 20:39:42 | 00,001,548 | ---- | C] () – C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2009/12/25 20:14:37 | 00,000,682 | ---- | C] () – C:\Documents and Settings\Administrateur\Bureau\QuickPar.lnk
[2009/12/25 20:05:52 | 00,004,195 | ---- | C] () – C:\Documents and Settings\Administrateur\Bureau\UsbFix_Upload_Me_XP-0C10B5DE7477.zip
[2009/12/25 18:25:11 | 00,000,049 | ---- | C] () – C:\WINDOWS\NeroDigital.ini
[2009/12/25 15:32:02 | 00,927,415 | R— | C] () – C:\Documents and Settings\Administrateur\Bureau\rav.zip
[2009/12/25 12:45:39 | 00,781,909 | ---- | C] () – C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
[2009/12/24 16:56:17 | 00,000,696 | ---- | C] () – C:\Documents and Settings\All Users\Bureau\Malwarebytes’ Anti-Malware.lnk
[2009/12/24 16:04:25 | 00,000,606 | ---- | C] () – C:\Documents and Settings\Administrateur\Bureau\GrabIt.lnk
[2009/12/24 16:00:53 | 00,000,000 | ---- | C] () – C:\WINDOWS\VPC32.INI
[2009/08/30 18:19:10 | 02,463,976 | ---- | C] () – C:\WINDOWS\System32\NPSWF32.dll
[2009/08/30 14:10:55 | 00,001,755 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/08/30 13:13:00 | 00,651,264 | ---- | C] () – C:\WINDOWS\System32\libeay32.dll
[2009/08/30 13:13:00 | 00,147,456 | ---- | C] () – C:\WINDOWS\System32\ssleay32.dll
[2009/08/30 13:11:22 | 00,002,432 | ---- | C] () – C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2009/08/30 13:07:53 | 00,008,831 | ---- | C] () – C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2009/08/30 12:27:17 | 00,000,385 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2004/11/05 00:30:00 | 00,049,152 | ---- | C] () – C:\WINDOWS\System32\tpinspm.dll
[2004/08/12 19:11:26 | 00,024,576 | ---- | C] () – C:\WINDOWS\System32\tphklock.dll
[2004/01/20 18:44:36 | 00,022,183 | ---- | C] () – C:\WINDOWS\System32\drivers\btserial.sys
[2004/01/20 18:16:56 | 00,122,880 | ---- | C] () – C:\WINDOWS\System32\btbip.dll
[2004/01/20 18:03:24 | 00,073,728 | ---- | C] () – C:\WINDOWS\System32\btsendto_ie.dll
[2004/01/20 18:02:40 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\btsendto_wab.dll
[2004/01/20 17:57:32 | 00,086,016 | ---- | C] () – C:\WINDOWS\System32\btprn2k.dll
[2003/11/20 21:22:30 | 00,086,016 | ---- | C] () – C:\WINDOWS\System32\ati2evxx.dll
[2003/06/24 13:43:48 | 00,077,824 | ---- | C] () – C:\WINDOWS\System32\SynTPCoI.dll
[2002/10/07 15:48:06 | 00,122,880 | ---- | C] () – C:\WINDOWS\System32\e1000msg.dll
[2002/05/15 21:29:04 | 00,000,607 | ---- | C] () – C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 16:18:00 | 00,000,597 | ---- | C] () – C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () – C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/12/24 21:44:42 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
[2009/08/30 14:13:20 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/30 14:12:59 | 00,000,000 | -HSD | M] – C:\Documents and Settings\All Users\Application Data{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/30 14:30:24 | 00,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/12/24 00:29:19 | 00,000,000 | —D | M] – C:\Documents and Settings\pat\Application Data\IBM
[2009/08/30 17:30:17 | 00,000,000 | —D | M] – C:\Documents and Settings\pat\Application Data\TeraCopy
[2009/08/30 14:13:38 | 00,000,000 | —D | M] – C:\Documents and Settings\pat\Application Data\TuneUp Software
[2009/08/30 14:32:56 | 00,000,512 | ---- | M] () – C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/08/30 13:04:55 | 00,000,294 | ---- | M] () – C:\WINDOWS\Tasks\BMMTask.job
[2009/12/27 20:26:04 | 00,000,504 | ---- | M] () – C:\WINDOWS\Tasks\Maintenance en 1 clic.job

========== Purity Check ==========

< End of report >


et voicu le rapport extras.txt

OTL Extras logfile created on: 27/12/2009 20:52:55 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 2,70 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive D: | 36,36 Gb Total Space | 6,30 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,45 Gb Total Space | 1,48 Gb Free Space | 19,88% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-0C10B5DE7477
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.html [@ = htmlfile] – C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-682003330-688789844-1343024091-500\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
htmlfile [edit] – “C:\Program Files\Microsoft Office\Office10\msohtmed.exe” %1 (Microsoft Corporation)
htmlfile [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)
htmlfile [opennew] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)
http [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)
https [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --playlist-enqueue “%1” ()
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --no-playlist-enqueue “%1” ()
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)
CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – “C:\Program Files\Internet Explorer\iexplore.exe” (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“3703:TCP” = 3703:TCP::Enabled:Adobe Version Cue CS3 Server
“3704:TCP” = 3704:TCP:
:Enabled:Adobe Version Cue CS3 Server
“50900:TCP” = 50900:TCP::Enabled:Adobe Version Cue CS3 Server
“50901:TCP” = 50901:TCP:
:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\Bonjour\mDNSResponder.exe” = C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour – (Apple Computer, Inc.)
“C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe” = C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:
:Enabled:Adobe Version Cue CS3 Server – (Adobe Systems Incorporated)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{0224CACC-994D-45F8-B973-D65056EA9C2F}” = Adobe XMP DVA Panels CS3
“{0327FA9D-975C-448C-A086-577D57BB25B8}” = Adobe Soundbooth CS3 Codecs
“{08B32819-6EEF-4057-AEDA-5AB681A36A23}” = Adobe Bridge Start Meeting
“{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}” = Adobe Setup
“{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}” = Adobe WinSoft Linguistics Plugin
“{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}” = Adobe After Effects CS3 Presets
“{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}” = Adobe Flash Video Encoder
“{1D58229F-C505-45CA-8223-F35F3A34B963}” = Adobe Version Cue CS3 Server
“{21C4D775-368A-46C4-8DC3-4207165B7115}” = Adobe Fireworks CS3
“{22B71A00-4DED-11D4-A5E5-0004AC564F43}” = IBM Access Connections
“{29E5EA97-5F74-4A57-B8B2-D4F169117183}” = Adobe Stock Photos CS3
“{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{485ACF57-F364-440A-8496-E1E81C8FA1AA}” = Adobe Premiere Pro CS3 Third Party Content
“{4BDB76C6-902E-41D5-9064-68768E02886B}” = Adobe Dreamweaver CS3
“{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}” = Adobe Premiere Pro CS3 Functional Content
“{54793AA1-5001-42F4-ABB6-C364617C6078}” = Adobe Linguistics CS3
“{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}” = Adobe Encore CS3
“{55A29068-F2CE-456C-9148-C869879E2357}” = TuneUp Utilities 2009
“{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}” = Adobe Premiere Pro CS3
“{5D2398DF-3022-4820-93BA-F1175FBEA9CA}” = Adobe Creative Suite 3 Master Collection
“{6ABE0BEE-D572-4FE8-B434-9E72A289431B}” = Adobe Fonts All
“{6B708481-748A-4EB4-97C1-CD386244FF77}” = Adobe MotionPicture Color Files
“{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}” = AHV content for Acrobat and Flash
“{6E08CE13-C2AB-4749-9335-5900B958929E}” = Adobe Illustrator CS3
“{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}” = Adobe Asset Services CS3
“{73B5D990-04EA-4751-B10F-5534770B91F2}” = Adobe Color EU Recommended Settings
“{74EC78BC-B379-4E29-9006-8F161DCAABA6}” = Apple Software Update
“{7ACFB90E-8FD0-4397-AD3A-5195412623A3}” = Adobe Help Viewer CS3
“{80FD3971-8482-49C8-BA8C-B6464A15882F}” = Adobe Flash CS3
“{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}” = Adobe Video Profiles
“{848AC794-8B81-440A-81AE-6474337DB527}” = Symantec AntiVirus
“{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}” = Adobe Flash Player 9 Plugin
“{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}” = Nero 8
“{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}” = Adobe Device Central CS3
“{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}” = Adobe Type Support
“{90176341-0A8B-4CCC-A78D-F862228A6B95}” = Adobe Anchor Service CS3
“{9028040C-6000-11D3-8CFE-0050048383C9}” = Microsoft Office XP Professional avec FrontPage
“{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}” = QuickTime
“{9C9824D9-9000-4373-A6A5-D0E5D4831394}” = Adobe Bridge CS3
“{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}” = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
“{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}” = Adobe CMaps
“{A2D81E70-2A98-4A08-A628-94388B063C5E}” = Adobe Color - Photoshop Specific
“{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}” = Adobe Soundbooth CS3
“{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}” = PDF Settings
“{AC76BA86-1033-F400-7760-000000000003}” = Adobe Acrobat 8 Professional - English, Français, Deutsch
“{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}” = Adobe Camera Raw 4.0
“{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1” = Spybot - Search & Destroy
“{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}” = Access IBM
“{B671CBFD-4109-4D35-9252-3062D3CCB7B2}” = Adobe SING CS3
“{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}” = Adobe BridgeTalk Plugin CS3
“{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}” = Adobe Encore CS3 Codecs
“{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}” = Adobe Default Language CS3
“{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}” = Adobe Flash Player 9 ActiveX
“{BE5F3842-8309-4754-92D5-83E02E6077A3}” = Adobe Extension Manager CS3
“{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}” = Adobe Photoshop CS3
“{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}” = Adobe ExtendScript Toolkit 2
“{C5BD220A-EFE8-48A5-B70E-9503D535FACE}” = Adobe WAS CS3
“{D0DFF92A-492E-4C40-B862-A74A173C25C5}” = Adobe Version Cue CS3 Client
“{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}” = Adobe PDF Library Files
“{D5A31AB1-345D-47C7-A87B-036A669F6DF1}” = Adobe XMP Panels CS3
“{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}” = Adobe Color Common Settings
“{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}” = Adobe Color JA Extra Settings
“{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}” = Ad-Aware
“{E69AE897-9E0B-485C-8552-7841F48D42D8}” = Adobe Update Manager CS3
“{E98D6792-FC51-4187-9448-CA9BF893384E}” = Bluetooth Software
“{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}” = Adobe InDesign CS3 Icon Handler
“{EB0202F7-016A-410C-ADE4-40F848CCC661}” = Adobe After Effects CS3
“{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}” = PL-2303 USB-to-Serial
“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX
“{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime - (v9.0.30729)
“{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime - v9.0.30729.01
“{F84ADE4E-9220-4324-994D-801EDD9DD251}” = Adobe Contribute CS3
“{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}” = Folder Size for Windows
“{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}” = Adobe InDesign CS3
“{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}” = Adobe Color NA Extra Settings
“Access IBM Tools” = Access IBM Tools
“Ad-Aware” = Ad-Aware
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“Adobe_b5d5789539ea1f004a4defceea74312” = Ajouter ou supprimer Adobe Creative Suite 3 Master Collection
“Agere Systems Soft Modem” = Agere Systems AC’97 Modem
“All ATI Software” = ATI - Utilitaire de désinstallation du logiciel
“ATI Display Driver” = ATI Display Driver
“CCleaner” = CCleaner
“DVD Shrink_is1” = DVD Shrink 3.2
“FreeCommander_is1” = FreeCommander 2009.02a
“GrabIt_is1” = GrabIt 1.6.2 Beta (build 940)
“HijackThis” = HijackThis 2.0.2
“IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs
“ie7” = Windows Internet Explorer 7
“LiveUpdate” = LiveUpdate 2.0 (Symantec Corporation)
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware
“Mozilla Firefox (3.5.6)” = Mozilla Firefox (3.5.6)
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs
“Picasa 3” = Picasa 3
“Power Features” = IBM ThinkPad Battery MaxiMiser and Power Management Features
“Power Management Driver” = IBM ThinkPad Power Management Driver
“PROSet” = Intel® PRO Network Adapters and Drivers
“QuickPar” = QuickPar 0.9
“RealPlayer 6.0” = RealPlayer
“Shockwave” = Shockwave
“SynTPDeinstKey” = IBM ThinkPad UltraNav Driver
“TeraCopy_is1” = TeraCopy 2.01
“ThinkPad Configuration” = IBM ThinkPad Configuration
“VLC media player” = VLC media player 1.0.0
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Lecteur Windows Media 11
“Windows XP Service” = Windows XP Service Pack 3
“WinRAR archiver” = Archiveur WinRAR
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“yEnc32” = yEnc32 (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/08/2009 14:13:07 | Computer Name = XP-0C10B5DE7477 | Source = FolderSize | ID = 0
Description =

Error - 24/12/2009 10:44:35 | Computer Name = XP-0C10B5DE7477 | Source = Application Error | ID = 1000
Description = Application défaillante 268.exe, version 0.0.0.0, module défaillant
268.exe, version 0.0.0.0, adresse de défaillance 0x00001c47.

Error - 24/12/2009 14:53:06 | Computer Name = XP-0C10B5DE7477 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: D:\PATRICE\Install_PC\Slysoft.AnyDVD.v5.9.6.3.incl.patch-SND.by.ChingLiu\Patch-SND\patch.exe
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Threat Found!Threat: Trojan Horse in File: D:\PATRICE\Install_PC\win-dvd6\WinDVD6
keygen.exe by: Manual scan. Action: Quarantine succeeded. Action Description:
The file was quarantined successfully. Threat Found!Threat: Trojan Horse in File:
F:\ime\moje.exe by: Manual scan. Action: Quarantine succeeded. Action Description:
The file was quarantined successfully. Threat Found!Threat: Trojan Horse in File:
F:\PC_bureau\Patrice\PortableApps\WinMediaConverter.exe by: Manual scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.

Error - 25/12/2009 08:38:40 | Computer Name = XP-0C10B5DE7477 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: F:\System Volume Information_restore{EAC16D60-C760-4D11-B097-5ED011C4A246}\RP27\A0006357.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 25/12/2009 08:38:41 | Computer Name = XP-0C10B5DE7477 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan Horse in File: F:\System Volume Information_restore{EAC16D60-C760-4D11-B097-5ED011C4A246}\RP27\A0006358.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 26/12/2009 13:13:09 | Computer Name = XP-0C10B5DE7477 | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.1.20.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/12/2009 13:45:46 | Computer Name = XP-0C10B5DE7477 | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.1.20.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/12/2009 13:47:10 | Computer Name = XP-0C10B5DE7477 | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.1.20.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/12/2009 13:49:19 | Computer Name = XP-0C10B5DE7477 | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.1.20.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/12/2009 14:17:33 | Computer Name = XP-0C10B5DE7477 | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.1.20.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ TuneUp Events ]
Error - 24/12/2009 11:56:19 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-24 16:56:18’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3184’,0)

Error - 24/12/2009 11:56:29 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-24 16:56:29’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3916’,0)

Error - 24/12/2009 14:06:47 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-24 19:06:47’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3796’,0)

Error - 24/12/2009 19:02:57 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-25 00:02:57’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3456’,0)

Error - 24/12/2009 19:47:50 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-25 00:47:48’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘2992’,0)

Error - 25/12/2009 06:42:31 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-25 11:42:31’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘1692’,0)

Error - 25/12/2009 08:21:06 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-25 13:21:06’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3516’,0)

Error - 25/12/2009 08:43:41 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-25 13:43:41’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3976’,0)

Error - 25/12/2009 10:27:36 | Computer Name = XP-0C10B5DE7477 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near “anti”: syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES (‘2009-12-25 15:27:35’, ‘\device\harddiskvolume1\program
files\malwarebytes’ anti-malware\mbam.exe’,‘3976’,0)

< End of report >

Salut

fais la suite

étapes 2,3 et 4 comme d écris

Salut cricri58,

désolé de la réponse tardive mais je suis en plein déménagement et donc un peu débordé ! je m’occupe de la suite demain si je peux ;-))

Merci encore de ton aide.