Impossible de supprimer www.cherche.us

Logiciel & apps Logiciel Général
1

Bonjour à tous cher clubiciens, j’ai été récemment sur un site de chat en ligne et depuis que j’y suis allé j’ai www.cherche.us qui s’est mis comme page de démarrage par défaut par firefox. Je sais vraiment pas comment le supprimer, est ce que quelqu’un saurait comment se débarrasser de ça ?

2

Salut

1) • Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

AD-Remover

/!\ Déconnecte-toi d’internet et ferme toutes applications en cours /!\

• Double-clique sur l’icône Ad-remover située sur ton Bureau.
• Sur la page, clique sur le bouton « Nettoyer »
• Confirme lancement du scan
• Laisse travailler l’outil.
• Poste le rapport qui apparaît à la fin.

  • (Le rapport est sauvegardé aussi sous C:\Ad-report.)
  • (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

poste le rapport ,ensuite

2) * Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

=> Random’s System Information Tool (RSIT)

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Sous ==> Windows7/ Vista.
  • Clic droit sur l’icône RSIT.exe , puis sur Exécuter en tant qu’administrateur dans le menu déroulant,afin de lancer RSIT.* Clique sur Continue à l’écran Disclaimer.
  • Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.
  • Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).
  • Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Pour les rapports

  • rends toi sur >> cijoint.fr
  • clic sur Parcourir
  • trouve >> le rapport que tu viens d’enregistrer qui doit par exemple être sur ton bureau
  • et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
  • un lien de ce genre [http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt] te sera généré,
  • il te suffit de le poster
    Edité le 17/07/2010 à 08:40
3

Ok merci je vais faire ça

VOila le rapport de ad remover :

======= RAPPORT D’AD-REMOVER 2.0.0.1,C | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 23/06/10 à 19:20
Contact: AdRemover.contact@gmail.com
Site web: pagesperso-orange.fr…

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 11:28:36 le 17/07/2010, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X86)
William@PC-DE-WILLIAM (ASUSTeK Computer Inc. G60VX)

============== ACTION(S) ==============

0,Fichier supprimé: C:\Users\William\AppData\Roaming\Mozilla\FireFox\Profiles\k89qd45n.default\searchplugins\cherche.xml
0,Fichier supprimé: C:\Users\William\binternet.exe
0,Fichier supprimé: C:\Users\William\scriptjava.html
0,Dossier supprimé: C:\Program Files\Conduit

(!) – Fichiers temporaires supprimés.

– Fichier ouvert: C:\Users\William\AppData\Roaming\Mozilla\FireFox\Profiles\k89qd45n.default\Prefs.js –
Ligne supprimée: user_pref(“CT2542115.SearchEngine”, "Recherche||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_…
Ligne supprimée: user_pref(“CT2542115.SearchFromAddressBarUrl”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254…
Ligne supprimée: user_pref(“browser.startup.homepage”, “hxxp://www.cherche.us/”);
Ligne supprimée: user_pref(“keyword.URL”, "hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpj…
– Fichier Fermé –

0,Clé supprimée: HKLM\Software\Conduit
0,Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
0,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us

0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|binternet

============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.6 (fr)] **

– C:\Users\William\AppData\Roaming\Mozilla\FireFox\Profiles\k89qd45n.default\Prefs.js –
browser.download.lastDir, C:\Users\William\Desktop
browser.startup.homepage_override.mstone, rv:1.9.2.6

========================================

** Internet Explorer Version [8.0.7600.16385] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: www.microsoft.com…
Default_Search_URL: www.microsoft.com…
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\Windows\system32\blank.htm
Search bar: go.microsoft.com…
Show_ToolBar: yes
Start Page: fr.msn.com…

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: go.microsoft.com…
Default_Search_URL: www.microsoft.com…
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: search.msn.com…
Search Page: www.microsoft.com…
Start Page: fr.msn.com…

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: ieframe.dll…
Blank: mshtml.dll…

========================================

C:\Program Files\Ad-Remover\Quarantine: 5 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 17/07/2010 (3212 Octet(s))

Fin à: 11:32:57, 17/07/2010

============== E.O.F ==============

4

VOila le rapport info.txt :

info.txt logfile of random’s system information tool 1.08 2010-07-17 11:37:47

======Uninstall list======

–>MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
µTorrent–>“C:\Program Files\uTorrent\uTorrent.exe” /UNINSTALL
7-Zip 4.65–>“C:\Program Files\7-Zip\Uninstall.exe”
AC2 server emulator 0.44 by Dormine–>“C:\Program Files\Ubisoft\Assassin’s Creed II\unins000.exe”
Adobe AIR–>C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR–>MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4–>MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4–>MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4–>MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4–>MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4–>MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4–>MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4–>MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4–>MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4–>MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4–>MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4–>MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4–>MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4–>MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4–>MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All–>MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4–>MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module–>MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4–>MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support–>MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4–>C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4–>MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4–>MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.3.3 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Adobe Search for Help–>MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension–>MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup–>MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4–>MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4–>MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin–>MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4–>MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK–>MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB–>MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Ad-Remover By C_XX–>C:\Program Files\Ad-Remover\Uninstall.exe
Apple Application Support–>MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support–>MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR–>C:\Program Files\Winrar\uninstall.exe
Assistant de connexion Windows Live–>MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS AI Recovery–>MsiExec.exe /I{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}
ASUS Data Security Manager–>MsiExec.exe /X{FA2092C5-7979-412D-A962-6485274AE1EE}
ASUS FancyStart–>MsiExec.exe /I{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}
ASUS LifeFrame3–>MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe” -l0x9
ASUS Power4Gear Hybrid–>MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS SmartLogon–>MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology–>MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera–>MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ATK Generic Function Service–>C:\Program Files\InstallShield Installation Information{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x040c -removeonly
ATK Hotkey–>MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media–>MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2–>MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
AutoCAD 2009 - Français–>C:\Program Files\AutoCAD 2009\Setup\Setup.exe /P {5783F2D7-7001-040C-0002-0060B0CE6BBA} /M ACAD
AVerMedia A850 USB DMB-TH 1.0.0.26–>C:\Program Files\AVerMedia\AVerMedia A850 USB DMB-TH\uninst.exe
AVerTV–>C:\Program Files\InstallShield Installation Information{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\setup.exe -runfromtemp -l0x040c
Bonjour–>MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
CANON iMAGE GATEWAY Task for ZoomBrowser EX–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini”
Canon Internet Library for ZoomBrowser EX–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini”
Canon MOV Decoder–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\Canon MOV Decoder150\CanonMOVDecoderUnInstall.ini”
Canon MOV Encoder–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini”
Canon MovieEdit Task for ZoomBrowser EX–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini”
Canon RAW Image Task for ZoomBrowser EX–>“C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe” “C:\Program Files\Canon\RAW Image Task\Uninst.ini”
Canon Utilities CameraWindow DC 8–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\CameraWindow\CameraWindowDC8\Uninst.ini”
Canon Utilities CameraWindow–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini”
Canon Utilities Digital Photo Professional 3.5–>“C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe” “C:\Program Files\Canon\Digital Photo Professional\Uninst.ini”
Canon Utilities EOS Utility–>“C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe” “C:\Program Files\Canon\EOS Utility\Uninst.ini”
Canon Utilities MyCamera–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini”
Canon Utilities ZoomBrowser EX–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini”
Canon ZoomBrowser EX Memory Card Utility–>“C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe” “C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini”
CDDRV_Installer–>MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Connect–>MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DiRT2–>“C:\Program Files\InstallShield Installation Information{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe” -runfromtemp -l0x040c -removeonly
Driver Sweeper 2.1.0–>“C:\Program Files\Driver Sweeper\unins000.exe”
DriverEasy 2.3.0–>“C:\Program Files\Easeware\DriverEasy\unins000.exe”
EES - Engineering Equation Solver–>C:\PROGRA~1\EES\UNWISE.EXE C:\PROGRA~1\EES\INSTALL.LOG
erLT–>MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
Game Booster–>“C:\Program Files\IObit\Game Booster\unins000.exe”
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto: Episodes From Liberty City–>“C:\Program Files\InstallShield Installation Information{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}\setup.exe” -runfromtemp -l0x040c -removeonly
Grand Theft Auto: Episodes from Liberty City–>MsiExec.exe /I{5454083B-1308-4485-BF17-111000028701}
Grand Theft Auto: Episodes from Liberty City–>MsiExec.exe /I{5454083B-1308-4485-BF17-111000028702}
Grand Theft Auto: Episodes from Liberty City–>MsiExec.exe /I{5454083B-1308-4485-BF17-111000028703}
Guitar Pro 6–>“C:\Program Files\Guitar Pro 6\unins000.exe”
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
ITECIR–>C:\Program Files\InstallShield Installation Information{40580068-9B10-40B5-9548-536CE88AB23C}\SETUP.exe -runfromtemp -l0x040c -removeonly
iTunes–>MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java™ 6 Update 18–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
JDownloader–>C:\Program Files\JDownloader\uninstall.exe
KhalInstallWrapper–>MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 5.9.0 (Full)–>“C:\Program Files\K-Lite Codec Pack\unins000.exe”
kuler–>MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Larousse Multilingue–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A0E8792C-11E1-42EF-844C-EB87E3AADD19}\Setup.exe” -l0x40c
Logitech SetPoint–>“C:\Program Files\InstallShield Installation Information{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe” -runfromtemp -l0x040c -removeonly
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Mass Effect 2–>“C:\Program Files\Common Files\BioWare\Uninstall Mass Effect 2.exe”
M-Audio JamLab Driver 6.0.1 (x86)–>MsiExec.exe /X{FE0ED5B9-F79D-45E6-A8EE-F037F60BE8A0}
Microsoft .NET Framework 4 Client Profile FRA Language Pack–>MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
Microsoft .NET Framework 4 Client Profile–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile–>MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable–>MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE–>MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Xbox 360 Accessories 1.2–>MsiExec.exe /X{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}
Minilyrics(remove only)–>“C:\Program Files\Minilyrics\uninst-ml.exe”
Mise à jour Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 4 Client Profile FRA–>C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP
Mozilla Firefox (3.6.6)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Native Instruments Controller Editor–>“C:\ProgramData{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe” REMOVE=TRUE MODIFY=FALSE
Native Instruments Controller Editor–>C:\ProgramData{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe
Native Instruments Guitar Rig 3–>C:\PROGRA~1\NATIVE~1\GUITAR~3\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~3\INSTALL.LOG
Native Instruments Guitar Rig 4–>“C:\ProgramData{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe” REMOVE=TRUE MODIFY=FALSE
Native Instruments Guitar Rig 4–>C:\ProgramData{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe
NVIDIA Display Control Panel–>C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers–>C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA Performance–>“C:\Program Files\InstallShield Installation Information{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe” -runfromtemp -l0x040c -removeonly
NVIDIA Performance–>MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA PhysX–>MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
NVIDIA System Update–>“C:\Program Files\InstallShield Installation Information{6F69C969-2942-4E7B-B594-75B37664B8BA}\setup.exe” -runfromtemp -l0x040c -removeonly
NVIDIA System Update–>MsiExec.exe /I{6F69C969-2942-4E7B-B594-75B37664B8BA}
OpenAL–>“C:\Program Files\OpenAL\OalinstGridRelease.exe” /U
OpenOffice.org 3.2–>MsiExec.exe /I{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings CS4–>MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFCreator–>C:\Program Files\PDF Creator\unins000.exe
Photoshop Camera Raw–>MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PlayReady PC Runtime x86–>MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
QuickTime–>MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Rapture3D 2.3.22 Game–>“C:\Program Files\BRS\unins000.exe”
RealPlayer–>C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek Ethernet Controller Driver–>C:\Program Files\InstallShield Installation Information{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -removeonly
RICOH R5U8xx Media Driver ver.3.63.02–>“C:\Program Files\InstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe” -runfromtemp -l0x040c anything -removeonly
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Skype™ 4.2–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Suite Shared Configuration CS4–>MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver–>rundll32.exe “%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
TuneUp Utilities–>C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Ubisoft Game Launcher–>“C:\Program Files\InstallShield Installation Information{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe” -runfromtemp -l0x0409 -removeonly
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (kb983486)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
USB 2.0 2.0M UVC WebCam–>C:\Windows\Uninstuxga.bat
Vista Shortcut Manager–>MsiExec.exe /I{47609E69-4C5E-48B1-A889-24C6B82B5C04}
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger–>MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash–>MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
Wireless Console 2–>C:\Program Files\InstallShield Installation Information{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe -runfromtemp -l0x040c -removeonly

======Hosts File======

127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
127.0.0.1 activation.guitar-pro.com127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

======System event log======

Computer Name: PC-de-William
Event Code: 7034
Message: Le service AVerScheduleService s’est terminé de façon inattendue pour la 1ème fois.
Record Number: 120028
Source Name: Service Control Manager
Time Written: 20100417104057.711333-000
Event Type: Erreur
User:

Computer Name: PC-de-William
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 119954
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100416181249.528576-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: PC-de-William
Event Code: 1014
Message: La résolution du nom bourse.lci.fr a expiré lorsqu’aucun des serveurs DNS configurés n’a répondu.
Record Number: 119915
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100416181121.728142-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: PC-de-William
Event Code: 7034
Message: Le service AVerScheduleService s’est terminé de façon inattendue pour la 1ème fois.
Record Number: 119874
Source Name: Service Control Manager
Time Written: 20100416180522.069334-000
Event Type: Erreur
User:

Computer Name: PC-de-William
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 119801
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100416122559.480292-000
Event Type: Avertissement
User: AUTORITE NT\Système

=====Application event log=====

Computer Name: PC-de-William
Event Code: 4107
Message: Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab avec l’erreur : Données non valides.
.
Record Number: 257
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091206150757.250497-000
Event Type: Erreur
User:

Computer Name: PC-de-William
Event Code: 1008
Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}.

Record Number: 238
Source Name: Microsoft-Windows-Search
Time Written: 20091206150401.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-William
Event Code: 11
Message: Fuite de mémoire possible. L’application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID : 1048) a transmis un pointeur non NULL à RPC pour un paramètre [out] marqué [allocate(all_nodes)]. Les paramètres [allocate(all_nodes)] sont toujours réaffectés ; si le pointeur initial contenait une adresse mémoire valide, cela entraînerait une fuite de cette mémoire. L’appel provenait de l’interface avec l’UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Numéro de méthode (10). Action utilisateur : contactez le fournisseur de l’application pour obtenir une version mise à jour.
Record Number: 237
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20091206150353.069037-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE LOCAL

Computer Name: WIN-6A089RTGRH4
Event Code: 1008
Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}.

Record Number: 227
Source Name: Microsoft-Windows-Search
Time Written: 20091206145915.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-6A089RTGRH4
Event Code: 6001
Message: Échec de l’abonné aux notifications Winlogon lors d’un événement de notification.
Record Number: 188
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090820055248.000000-000
Event Type: Avertissement
User:

=====Security event log=====

Computer Name: WIN-6A089RTGRH4
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : NT AUTHORITY
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 107
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090820055143.616320-000
Event Type: Succès de l’audit
User:

Computer Name: WIN-6A089RTGRH4
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-6A089RTGRH4$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : NT AUTHORITY
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x1c0
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 106
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090820055143.616320-000
Event Type: Succès de l’audit
User:

Computer Name: WIN-6A089RTGRH4
Event Code: 4738
Message: Un compte d’utilisateur a été modifié.

Sujet :
ID de sécurité : S-1-5-21-3674463638-2244440911-1562989740-500
Nom du compte : Administrator
Domaine du compte : WIN-6A089RTGRH4
ID d’ouverture de session : 0x24ca4

Compte cible :
ID de sécurité : S-1-5-21-3674463638-2244440911-1562989740-500
Nom du compte : Administrator
Domaine du compte : WIN-6A089RTGRH4

Attributs modifiés :
Nom du compte SAM : -
Nom complet : -
Nom principal de l’utilisateur : -
Répertoire de base : -
Lecteur de base : -
Chemin d’accès au script : -
Chemin d’accès au profil : -
Stations de travail utilisateurs : -
Dernière modification du mot de passe le : -
Le compte expire le : -
ID de groupe principal : -
Délégué autorisé : -
Ancienne valeur UAC : 0x210
Nouvelle valeur UAC : 0x211
Contrôle du compte d’utilisateur :
Compte désactivé
Paramètres utilisateur : -
Historique SID : -
Horaire d’accès : -

Informations supplémentaires :
Privilèges: -
Record Number: 105
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090820055139.497913-000
Event Type: Succès de l’audit
User:

Computer Name: WIN-6A089RTGRH4
Event Code: 4725
Message: Un compte d’utilisateur a été désactivé.

Sujet :
ID de sécurité : S-1-5-21-3674463638-2244440911-1562989740-500
Nom du compte : Administrator
Domaine du compte : WIN-6A089RTGRH4
ID d’ouverture de session : 0x24ca4

Compte cible :
ID de sécurité : S-1-5-21-3674463638-2244440911-1562989740-500
Nom du compte : Administrator
Domaine du compte : WIN-6A089RTGRH4
Record Number: 104
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090820055139.497913-000
Event Type: Succès de l’audit
User:

Computer Name: WIN-6A089RTGRH4
Event Code: 1102
Message: Le journal d’audit a été effacé.
Objet :
ID de sécurité : S-1-5-21-3674463638-2244440911-1562989740-500
Nom de compte : Administrator
Nom de domaine : WIN-6A089RTGRH4
ID de connexion : 0x24ca4
Record Number: 103
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090820055139.373113-000
Event Type: Succès de l’audit
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=x86
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
“NUMBER_OF_PROCESSORS”=2
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 23 Stepping 10, GenuineIntel
“PROCESSOR_REVISION”=170a
“configsetroot”=%SystemRoot%\ConfigSetRoot
“asl.log”=Destination=file;OnFirstLog=command,environment
“CLASSPATH”=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

et le rapport log.txt :

Logfile of random’s system information tool 1.08 (written by random/random)
Run by William at 2010-07-17 11:37:40
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 11 GB (5%) free of 238 GB
Total RAM: 3071 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-18 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“HControlUser”=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
“ATKOSD2”=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-17 7739936]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
“egui”=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
“Kernel and Hardware Abstraction Layer”=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
“XboxStat”=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 718688]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2009-05-01 13781536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools Lite”=C:\Program Files\Daemon Tools Lite\DTLite.exe [2009-10-30 369200]
“NVIDIA nTune”=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-08-18 106496]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
FancyStart daemon.lnk - C:\Windows\Installer{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}_A1DDD39913A1970387B7B3.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
.scr - open - C:\Windows\system32\notepad.exe “%1”
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-07-17 11:37:40 ----D---- C:\rsit
2010-07-17 11:37:40 ----D---- C:\Program Files\trend micro
2010-07-17 11:30:21 ----A---- C:\Ad-Report-CLEAN[1].txt
2010-07-17 11:28:33 ----D---- C:\Program Files\Ad-Remover
2010-07-14 22:24:10 ----D---- C:\Users\William\AppData\Roaming\Malwarebytes
2010-07-14 22:24:05 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-14 22:24:04 ----D---- C:\ProgramData\Malwarebytes
2010-07-14 22:24:03 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2010-07-14 22:24:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-05 20:13:51 ----A---- C:\Windows\system32\drivers\nhcDriver.sys
2010-07-04 17:03:26 ----D---- C:\ProgramData\NVIDIA
2010-07-04 16:50:27 ----A---- C:\Windows\system32\nvcplui.exe
2010-07-04 16:50:16 ----A---- C:\Windows\system32\NVUNINST.EXE
2010-07-04 16:49:53 ----A---- C:\Windows\system32\oemdspif.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvvitvs.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvsvs.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvsvc.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvshext.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvoglv32.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvmobls.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvmctray.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvmccss.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvhotkey.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvgames.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvencodemft.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvdisps.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvd3dum.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcuvid.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcuda.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcpl.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcod146.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcod.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvapi.dll
2010-07-04 16:49:50 ----A---- C:\Windows\system32\nvvsvc.exe
2010-07-04 16:49:50 ----A---- C:\Windows\system32\nvudisp.exe
2010-07-04 16:43:19 ----A---- C:\Windows\ntbtlog.txt
2010-07-04 16:39:48 ----D---- C:\Program Files\PDF Creator
2010-07-04 16:39:48 ----A---- C:\Windows\system32\MSMPIDE.DLL
2010-07-04 16:39:48 ----A---- C:\Windows\system32\MSCMCFR.DLL
2010-07-04 16:39:48 ----A---- C:\Windows\system32\MSCC2FR.DLL
2010-07-03 19:09:52 ----D---- C:\Program Files\Driver Sweeper
2010-07-01 19:35:53 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-01 19:35:53 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-01 19:35:53 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-01 19:35:53 ----A---- C:\Windows\system32\mscoree.dll
2010-07-01 19:35:53 ----A---- C:\Windows\system32\dfshim.dll
2010-07-01 19:06:46 ----A---- C:\Windows\system32\CPFilters.dll
2010-07-01 19:06:45 ----A---- C:\Windows\system32\msdri.dll
2010-07-01 19:05:37 ----A---- C:\Windows\system32\mshtml.dll
2010-07-01 19:05:34 ----A---- C:\Windows\system32\ieframe.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\wininet.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\urlmon.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\mstime.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\iedkcs32.dll
2010-07-01 19:05:32 ----A---- C:\Windows\system32\jsproxy.dll
2010-07-01 19:05:31 ----A---- C:\Windows\system32\atmlib.dll
2010-07-01 19:05:31 ----A---- C:\Windows\system32\atmfd.dll
2010-07-01 19:05:27 ----A---- C:\Windows\system32\tzres.dll
2010-07-01 19:05:24 ----A---- C:\Windows\system32\ntdll.dll
2010-07-01 19:05:23 ----A---- C:\Windows\system32\inetcomm.dll
2010-07-01 19:05:22 ----A---- C:\Windows\system32\win32k.sys
2010-07-01 19:05:21 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-30 16:28:32 ----D---- C:\ProgramData\NVIDIA Corporation
2010-06-27 22:18:15 ----A---- C:\Windows\system32\drivers\rimmptsk.sys
2010-06-27 22:17:55 ----D---- C:\Users\William\AppData\Roaming\WinBatch
2010-06-27 22:17:28 ----A---- C:\Windows\Model.txt
2010-06-27 22:17:19 ----D---- C:\Program Files\Intel
2010-06-27 22:17:19 ----A---- C:\Windows\system32\CSVer.dll
2010-06-27 22:04:30 ----A---- C:\Windows\system32\drivers\btwampfl.sys
2010-06-27 20:21:23 ----D---- C:\Users\William\AppData\Roaming\skypePM
2010-06-27 20:09:27 ----D---- C:\Intel
2010-06-27 20:01:12 ----D---- C:\Users\William\AppData\Roaming\Thinstall
2010-06-27 19:59:09 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2010-06-27 19:50:57 ----D---- C:\Users\William\AppData\Roaming\Easeware
2010-06-27 19:50:48 ----D---- C:\Program Files\Easeware

======List of files/folders modified in the last 1 months======

2010-07-17 11:37:43 ----D---- C:\Windows\Temp
2010-07-17 11:37:41 ----D---- C:\Windows\Prefetch
2010-07-17 11:37:40 ----RD---- C:\Program Files
2010-07-17 11:34:52 ----D---- C:\Windows\system32\Tasks
2010-07-17 11:34:50 ----D---- C:\Windows\system32\config
2010-07-17 11:34:45 ----HD---- C:\ASUS.DAT
2010-07-17 10:49:18 ----D---- C:\Program Files\Minilyrics
2010-07-17 10:49:18 ----D---- C:\Lyrics
2010-07-17 07:04:21 ----D---- C:\Windows
2010-07-16 23:51:48 ----D---- C:\Windows\Minidump
2010-07-16 23:22:23 ----D---- C:\Windows\System32
2010-07-16 23:22:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-16 22:33:55 ----D---- C:\Windows\system32\NDF
2010-07-16 16:35:42 ----SHD---- C:\System Volume Information
2010-07-15 21:25:21 ----D---- C:\Users\William\AppData\Roaming\Skype
2010-07-15 00:15:15 ----D---- C:\Windows\system32\wdi
2010-07-14 22:24:05 ----D---- C:\Windows\system32\drivers
2010-07-14 22:24:04 ----HD---- C:\ProgramData
2010-07-14 16:20:47 ----D---- C:\Windows\system32\catroot2
2010-07-05 20:24:59 ----D---- C:\Windows\winsxs
2010-07-05 20:24:40 ----D---- C:\Windows\Microsoft.NET
2010-07-05 20:14:59 ----SHD---- C:\Windows\Installer
2010-07-04 18:40:38 ----D---- C:\NVIDIA
2010-07-04 17:00:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-04 17:00:18 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-04 16:50:25 ----D---- C:\Windows\inf
2010-07-04 16:50:24 ----D---- C:\Windows\system32\DriverStore
2010-07-04 16:46:28 ----D---- C:\Windows\Help
2010-07-04 16:44:41 ----D---- C:\Windows\system32\catroot
2010-07-04 00:08:45 ----D---- C:\Users\William\AppData\Roaming\uTorrent
2010-07-03 18:34:30 ----D---- C:\Program Files\JDownloader
2010-07-03 18:19:15 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-03 18:17:57 ----RD---- C:\Program Files\Skype
2010-07-03 18:17:02 ----D---- C:\Program Files\Common Files
2010-07-02 20:17:35 ----D---- C:\Windows\rescache
2010-07-02 16:10:39 ----RSD---- C:\Windows\assembly
2010-07-01 20:02:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-01 20:01:12 ----D---- C:\Program Files\Internet Explorer
2010-07-01 20:01:11 ----D---- C:\Program Files\Windows Mail
2010-07-01 20:01:10 ----D---- C:\Windows\system32\migration
2010-07-01 20:01:10 ----D---- C:\Windows\ehome
2010-07-01 20:01:09 ----D---- C:\Windows\system32\fr-FR
2010-07-01 20:01:09 ----D---- C:\Windows\AppPatch
2010-07-01 19:41:04 ----D---- C:\Windows\Logs
2010-07-01 19:40:40 ----D---- C:\ProgramData\Microsoft Help
2010-07-01 19:36:21 ----D---- C:\Windows\system32\en-US
2010-07-01 19:36:20 ----D---- C:\Program Files\Microsoft.NET
2010-06-29 20:29:52 ----D---- C:\Windows\LiveKernelReports
2010-06-29 17:41:14 ----D---- C:\Program Files\Mozilla Firefox
2010-06-27 19:36:07 ----D---- C:\Program Files\TuneUp Utilities 2010

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
R2 NVR0FLASHDev;NVR0FLASHDev; ??\C:\Windows\nvflash.sys [2008-08-01 36640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-09-07 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-17 2771104]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2009-03-09 56320]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 NETw5s32;Pilote de carte Intel® Wireless WiFi Link pour Windows 7 32 bits ; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NVR0Dev;NVR0Dev; ??\C:\Windows\nvoclock.sys [2008-08-18 29952]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1766592]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; ??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amnfekq0;amnfekq0; C:\Windows\system32\drivers\amnfekq0.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 AVerAF15DMBTH;AVerMedia A850 USB; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [2009-07-27 554368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Service d’énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-27 274472]
S3 cpuz130;cpuz130; ??\C:\Users\William\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; ??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-08-20 27672]
S3 MAUSBJAMLAB;Service for M-Audio JamLab; C:\Windows\system32\DRIVERS\MAudioJamLab.sys [2009-09-02 158344]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]
S3 nhcDriverDevice;Notebook Hardware Control Driver; ??\C:\Windows\system32\drivers\nhcDriver.sys [2010-07-05 22528]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-14 48128]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 131000]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-21 66152]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-08-18 155648]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-01 211488]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-06-14 1051976]
R2 UpdateCenterService;Update Center Service; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-08-01 114688]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-03-13 85096]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-25 655624]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-06-27 435016]

-----------------EOF-----------------

Par contre je l'ai relancé parce que j'ai vu que ça avait échoué pour l'installation de hijack et ça veut pas l'installer j'ai une erreur. Je sais vraiment pas quoi faire.

Sinon merci pour ta réponse et de la clarté de ton explication, difficile de faire mieux.

5

Salut

Des mises à jour seront à faire aprés, on verra

HijackThis download failed

  1. Poste moi un Nouveau log Hijackthis

le temps que j y jete un oeil

2)* Lances–> Malwarebytes (MBAM)

    • mise a jour
  • Puis vas dans l’onglet “Recherche”, coche >>Exécuter un examen complet
  • puis “Rechercher”
  • Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
  • A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
    *Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
  • S’il t’ es demandé de redémarrer, clique sur "oui "
  • aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici
6

Ok donc la je te passe le log hijackthis et je vais faire le scan malewarebyte :

Logfile of random’s system information tool 1.08 (written by random/random)
Run by William at 2010-07-17 18:23:41
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 4 GB (2%) free of 238 GB
Total RAM: 3071 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:50, on 17/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Daemon Tools Lite\DTLite.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\William\Desktop\RSIT.exe
C:\Program Files\trend micro\William.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM…\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM…\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM…\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [XboxStat] “C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe” silentrun
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\Daemon Tools Lite\DTLite.exe” -autorun
O4 - HKCU…\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” boot “C:\Users\William\AppData\Local\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu”
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘SERVICE RÉSEAU’)
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe


End of file - 21470 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-18 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“HControlUser”=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
“ATKOSD2”=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-17 7739936]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
“egui”=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
“Kernel and Hardware Abstraction Layer”=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
“XboxStat”=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 718688]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2009-05-01 13781536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools Lite”=C:\Program Files\Daemon Tools Lite\DTLite.exe [2009-10-30 369200]
“NVIDIA nTune”=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-08-18 106496]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
FancyStart daemon.lnk - C:\Windows\Installer{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}_A1DDD39913A1970387B7B3.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
.scr - open - C:\Windows\system32\notepad.exe “%1”
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-07-17 13:07:16 ----D---- C:\ProgramData\KONAMI
2010-07-17 13:07:16 ----D---- C:\Program Files\KONAMI
2010-07-17 11:37:40 ----D---- C:\rsit
2010-07-17 11:37:40 ----D---- C:\Program Files\trend micro
2010-07-17 11:30:21 ----A---- C:\Ad-Report-CLEAN[1].txt
2010-07-17 11:28:33 ----D---- C:\Program Files\Ad-Remover
2010-07-14 22:24:10 ----D---- C:\Users\William\AppData\Roaming\Malwarebytes
2010-07-14 22:24:05 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-14 22:24:04 ----D---- C:\ProgramData\Malwarebytes
2010-07-14 22:24:03 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2010-07-14 22:24:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-05 20:13:51 ----A---- C:\Windows\system32\drivers\nhcDriver.sys
2010-07-04 17:03:26 ----D---- C:\ProgramData\NVIDIA
2010-07-04 16:50:27 ----A---- C:\Windows\system32\nvcplui.exe
2010-07-04 16:50:16 ----A---- C:\Windows\system32\NVUNINST.EXE
2010-07-04 16:49:53 ----A---- C:\Windows\system32\oemdspif.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvvitvs.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvsvs.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvsvc.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvshext.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvoglv32.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvmobls.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvmctray.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvmccss.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\nvhotkey.dll
2010-07-04 16:49:53 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvgames.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvencodemft.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvdisps.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvdecodemft.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvd3dum.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcuvid.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcuda.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcpl.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcod146.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvcod.dll
2010-07-04 16:49:51 ----A---- C:\Windows\system32\nvapi.dll
2010-07-04 16:49:50 ----A---- C:\Windows\system32\nvvsvc.exe
2010-07-04 16:49:50 ----A---- C:\Windows\system32\nvudisp.exe
2010-07-04 16:43:19 ----A---- C:\Windows\ntbtlog.txt
2010-07-04 16:39:48 ----D---- C:\Program Files\PDF Creator
2010-07-04 16:39:48 ----A---- C:\Windows\system32\MSMPIDE.DLL
2010-07-04 16:39:48 ----A---- C:\Windows\system32\MSCMCFR.DLL
2010-07-04 16:39:48 ----A---- C:\Windows\system32\MSCC2FR.DLL
2010-07-03 19:09:52 ----D---- C:\Program Files\Driver Sweeper
2010-07-01 19:35:53 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-01 19:35:53 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-01 19:35:53 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-01 19:35:53 ----A---- C:\Windows\system32\mscoree.dll
2010-07-01 19:35:53 ----A---- C:\Windows\system32\dfshim.dll
2010-07-01 19:06:46 ----A---- C:\Windows\system32\CPFilters.dll
2010-07-01 19:06:45 ----A---- C:\Windows\system32\msdri.dll
2010-07-01 19:05:37 ----A---- C:\Windows\system32\mshtml.dll
2010-07-01 19:05:34 ----A---- C:\Windows\system32\ieframe.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\wininet.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\urlmon.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\mstime.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-07-01 19:05:33 ----A---- C:\Windows\system32\iedkcs32.dll
2010-07-01 19:05:32 ----A---- C:\Windows\system32\jsproxy.dll
2010-07-01 19:05:31 ----A---- C:\Windows\system32\atmlib.dll
2010-07-01 19:05:31 ----A---- C:\Windows\system32\atmfd.dll
2010-07-01 19:05:27 ----A---- C:\Windows\system32\tzres.dll
2010-07-01 19:05:24 ----A---- C:\Windows\system32\ntdll.dll
2010-07-01 19:05:23 ----A---- C:\Windows\system32\inetcomm.dll
2010-07-01 19:05:22 ----A---- C:\Windows\system32\win32k.sys
2010-07-01 19:05:21 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-30 16:28:32 ----D---- C:\ProgramData\NVIDIA Corporation
2010-06-27 22:18:15 ----A---- C:\Windows\system32\drivers\rimmptsk.sys
2010-06-27 22:17:55 ----D---- C:\Users\William\AppData\Roaming\WinBatch
2010-06-27 22:17:28 ----A---- C:\Windows\Model.txt
2010-06-27 22:17:19 ----D---- C:\Program Files\Intel
2010-06-27 22:17:19 ----A---- C:\Windows\system32\CSVer.dll
2010-06-27 22:04:30 ----A---- C:\Windows\system32\drivers\btwampfl.sys
2010-06-27 20:21:23 ----D---- C:\Users\William\AppData\Roaming\skypePM
2010-06-27 20:09:27 ----D---- C:\Intel
2010-06-27 20:01:12 ----D---- C:\Users\William\AppData\Roaming\Thinstall
2010-06-27 19:59:09 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2010-06-27 19:50:57 ----D---- C:\Users\William\AppData\Roaming\Easeware
2010-06-27 19:50:48 ----D---- C:\Program Files\Easeware

======List of files/folders modified in the last 1 months======

2010-07-17 18:23:50 ----D---- C:\Windows\Temp
2010-07-17 18:23:36 ----D---- C:\Windows\Prefetch
2010-07-17 17:39:33 ----D---- C:\Windows\system32\config
2010-07-17 16:28:02 ----D---- C:\Windows\system32\Tasks
2010-07-17 16:27:48 ----HD---- C:\ASUS.DAT
2010-07-17 13:13:24 ----SHD---- C:\Windows\Installer
2010-07-17 13:07:16 ----RD---- C:\Program Files
2010-07-17 13:07:16 ----HD---- C:\ProgramData
2010-07-17 13:07:09 ----SHD---- C:\System Volume Information
2010-07-17 13:00:16 ----D---- C:\Program Files\Minilyrics
2010-07-17 10:49:18 ----D---- C:\Lyrics
2010-07-17 07:04:21 ----D---- C:\Windows
2010-07-16 23:51:48 ----D---- C:\Windows\Minidump
2010-07-16 23:22:23 ----D---- C:\Windows\System32
2010-07-16 23:22:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-16 22:33:55 ----D---- C:\Windows\system32\NDF
2010-07-15 21:25:21 ----D---- C:\Users\William\AppData\Roaming\Skype
2010-07-15 00:15:15 ----D---- C:\Windows\system32\wdi
2010-07-14 22:24:05 ----D---- C:\Windows\system32\drivers
2010-07-14 16:20:47 ----D---- C:\Windows\system32\catroot2
2010-07-05 20:24:59 ----D---- C:\Windows\winsxs
2010-07-05 20:24:40 ----D---- C:\Windows\Microsoft.NET
2010-07-04 18:40:38 ----D---- C:\NVIDIA
2010-07-04 17:00:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-04 17:00:18 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-04 16:50:25 ----D---- C:\Windows\inf
2010-07-04 16:50:24 ----D---- C:\Windows\system32\DriverStore
2010-07-04 16:46:28 ----D---- C:\Windows\Help
2010-07-04 16:44:41 ----D---- C:\Windows\system32\catroot
2010-07-04 00:08:45 ----D---- C:\Users\William\AppData\Roaming\uTorrent
2010-07-03 18:34:30 ----D---- C:\Program Files\JDownloader
2010-07-03 18:19:15 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-03 18:17:57 ----RD---- C:\Program Files\Skype
2010-07-03 18:17:02 ----D---- C:\Program Files\Common Files
2010-07-02 20:17:35 ----D---- C:\Windows\rescache
2010-07-02 16:10:39 ----RSD---- C:\Windows\assembly
2010-07-01 20:02:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-01 20:01:12 ----D---- C:\Program Files\Internet Explorer
2010-07-01 20:01:11 ----D---- C:\Program Files\Windows Mail
2010-07-01 20:01:10 ----D---- C:\Windows\system32\migration
2010-07-01 20:01:10 ----D---- C:\Windows\ehome
2010-07-01 20:01:09 ----D---- C:\Windows\system32\fr-FR
2010-07-01 20:01:09 ----D---- C:\Windows\AppPatch
2010-07-01 19:41:04 ----D---- C:\Windows\Logs
2010-07-01 19:40:40 ----D---- C:\ProgramData\Microsoft Help
2010-07-01 19:36:21 ----D---- C:\Windows\system32\en-US
2010-07-01 19:36:20 ----D---- C:\Program Files\Microsoft.NET
2010-06-29 20:29:52 ----D---- C:\Windows\LiveKernelReports
2010-06-29 17:41:14 ----D---- C:\Program Files\Mozilla Firefox
2010-06-27 19:36:07 ----D---- C:\Program Files\TuneUp Utilities 2010

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ASMMAP;ASMMAP; ??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
R2 NVR0FLASHDev;NVR0FLASHDev; ??\C:\Windows\nvflash.sys [2008-08-01 36640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-09-07 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-17 2771104]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2009-03-09 56320]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 NETw5s32;Pilote de carte Intel® Wireless WiFi Link pour Windows 7 32 bits ; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NVR0Dev;NVR0Dev; ??\C:\Windows\nvoclock.sys [2008-08-18 29952]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1766592]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; ??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 AVerAF15DMBTH;AVerMedia A850 USB; C:\Windows\System32\Drivers\AVerAF15DMBTH.sys [2009-07-27 554368]
S3 ayraa0uy;ayraa0uy; C:\Windows\system32\drivers\ayraa0uy.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Service d’énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-27 274472]
S3 cpuz130;cpuz130; ??\C:\Users\William\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; ??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-08-20 27672]
S3 MAUSBJAMLAB;Service for M-Audio JamLab; C:\Windows\system32\DRIVERS\MAudioJamLab.sys [2009-09-02 158344]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]
S3 nhcDriverDevice;Notebook Hardware Control Driver; ??\C:\Windows\system32\drivers\nhcDriver.sys [2010-07-05 22528]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-14 48128]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 131000]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-21 66152]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-08-18 155648]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-01 211488]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-06-14 1051976]
R2 UpdateCenterService;Update Center Service; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-08-01 114688]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-03-13 85096]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-25 655624]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-06-27 435016]

-----------------EOF-----------------

7

Malwarebytes’ Anti-Malware 1.46

Version de la base de données: 4321

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/07/2010 21:03:39
mbam-log-2010-07-17 (21-03-39).txt

Type d’examen: Examen complet (C:|D:|)
Elément(s) analysé(s): 421528
Temps écoulé: 2 heure(s), 34 minute(s), 49 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

8

Salut

  • Désactive l’UAC Windows7

UAC Windows7

• Télécharge ZHPDiag (de Nicolas coolman)

ZHPDiag (de Nicolas coolman)
• Laisse toi guider lors de l’installation, il se lancera automatiquement à la fin.
• Clique sur l’icône représentant une loupe (« Lancer le diagnostic »)
• Enregistre le rapport sur ton Bureau à l’aide de l’icône représentant une disquette
• Héberge le rapport ZHPDiag.txt sur ce site,

cijoint.fr
• puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

Pour le rapport

  • rends toi sur >> cijoint.fr

  • clic sur Parcourir

  • trouve >> le rapport que tu viens d’enregistrer qui doit par exemple être sur ton bureau

  • et valide en cliquant sur >> Cliquez ici pour déposer le Fichier

  • un lien de ce genre [http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt] te sera généré,

  • il te suffit de le poster

  • Réactive l’UAC Windows7
    Edité le 20/07/2010 à 17:46

9

Et après une désinstallation suivie d’une réinstallation de Firefox, ça donne quoi?