Propre ou pas ?

Bonjour,il y a quelque chose à supprimer ? Rapport :

-----------\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2310 @ 1.46GHz )
BIOS : Default System BIOS
USER : Brigitte ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:69 Go (Free:25 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:60 Go)
E:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 27/09/2009|19:44 )

[ UAC => 1 ]

-----------\ Recherche de Fichiers / Dossiers …

C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\ProgramData\Kiwee Toolbar
C:\ProgramData\Kiwee Toolbar\config
C:\ProgramData\Kiwee Toolbar\images
C:\ProgramData\Kiwee Toolbar\config\content_a.xml
C:\ProgramData\Kiwee Toolbar\config\content_ie.xml
C:\ProgramData\Kiwee Toolbar\config\content_m.xml
C:\ProgramData\Kiwee Toolbar\config\content_y.xml
C:\ProgramData\Kiwee Toolbar\config\logger.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIE.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIM_a.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIM_m.xml
C:\ProgramData\Kiwee Toolbar\config\toolbarIM_y.xml
C:\ProgramData\Kiwee Toolbar\images\allow.bmp
C:\ProgramData\Kiwee Toolbar\images\block.bmp
C:\ProgramData\Kiwee Toolbar\images\dontsend.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp
C:\ProgramData\Kiwee Toolbar\images\im_toolbarstextrollover.bmp
C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX16.ico
C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX48.ico
C:\ProgramData\Kiwee Toolbar\images\send.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_eg.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_emoticons.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_eyeglass.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_gear.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_images.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_kiwee.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_msnlogo.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_news.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_text.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_videos.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_webshots.bmp
C:\ProgramData\Kiwee Toolbar\images\toolbar_winks.bmp
C:\ProgramData\Kiwee Toolbar\images\X.bmp

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.google.fr/”
“Local Page”=“C:\Windows\system32\blank.htm”
“SearchMigratedDefaultURL”=“http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7”
“Search Bar”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Start Page Redirect Cache”=“http://fr.msn.com/?ocid=iehp”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Url”=“http://go.microsoft.com/fwlink/?LinkId=75720”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://fr.yahoo.com”
“Local Page”=“C:\Windows\System32\blank.htm”
“CustomizeSearch”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“SearchAssistant”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Default_Search_URL”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Start Page”=“http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home”

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - “C:\ToolBar SD\TB_1.txt” - 24/09/2009|20:20 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 27/09/2009|19:44 - Option : [1]

-----------\ Fin du rapport a 19:44:46,23

Merci pour vos réponses !

salut

Pas propre du tout

Malgré tes propos de la derniére Fois

je te dis

Désactive ton Antivirus et antispyware avant le scan :
Vista ==>désactive l’UAC

==> Double clique sur l’icône ToolBar S&D sur le bureau
==>Sous Vista : clic droit -> Exécuter en tant qu’administrateur.
==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi l’option 2 (Suppression)
==>Le menu démarrer et les icônes vont à nouveau disparaître… c’est normal.
-==>Le nettoyage va prendre quelques minutes…
==>Une fois l’opération terminée, le rapport de nettoyage s’ouvre
==>Pour les utilisateurs de Vista, ToolBar-SD se charge de désactiver le “Contrôle des comptes utilisateurs” (UAC), il va redémarrer l’ordinateur et réactiver l’UAC.

Copier/coller le rapport
Vista ==>Réactive l’UAC
Normalement Toolbar S&D réactive systématiquement l’UAC à vérifier quand même

tu dois sans aucun doute avoir autre chose

cricri58

Merci,je fais ça demain.A demain.

Le rapport :

-----------\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2310 @ 1.46GHz )
BIOS : Default System BIOS
USER : Brigitte ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:60 Go)
E:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 28/09/2009|12:39 )

[ UAC => 0 ]

-----------\ SUPPRESSION

Supprime! - C:\Program Files\GamesBar\Localization-French.ini
Supprime! - C:\ProgramData\Kiwee Toolbar\config
Supprime! - C:\ProgramData\Kiwee Toolbar\images
Supprime! - C:\Program Files\GamesBar
Supprime! - C:\ProgramData\Kiwee Toolbar

-----------\ Recherche de Fichiers / Dossiers …

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.google.fr/”
“Local Page”=“C:\Windows\system32\blank.htm”
“SearchMigratedDefaultURL”=“http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7”
“Search Bar”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Start Page Redirect Cache”=“http://fr.msn.com/?ocid=iehp”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Url”=“http://go.microsoft.com/fwlink/?LinkId=75720”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://fr.yahoo.com”
“Local Page”=“C:\Windows\System32\blank.htm”
“CustomizeSearch”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“SearchAssistant”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Default_Search_URL”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
“Start Page”=“http://www.msn.com/”

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - “C:\ToolBar SD\TB_1.txt” - 24/09/2009|20:20 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 27/09/2009|19:44 - Option : [1]
3 - “C:\ToolBar SD\TB_3.txt” - 28/09/2009|12:41 - Option : [2]

-----------\ Fin du rapport a 12:41:30,92

Help !

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Ok,je fais ça tout de suite .

Voici le premier :

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Brigitte at 2009-09-28 17:45:58
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 24 GB (33%) free of 71 GB
Total RAM: 2037 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:20, on 28/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Codyssey\Freeraser\Freeraser.exe
C:\Program Files\Nosibay\VPbubble\Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Brigitte\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Nosibay\VPbubble\VPbubble.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Brigitte\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brigitte.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = fr.yahoo.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM…\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKLM…\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM…\Run: [MSSE] “C:\Program Files\Microsoft Security Essentials\msseces.exe” -hide
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Freeraser] C:\Program Files\Codyssey\Freeraser\Freeraser.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [VPbubble] “C:\Program Files\Nosibay\VPbubble\launcher.exe”
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User ‘Default user’)
O4 - HKUS.DEFAULT…\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User ‘Default user’)
O4 - Startup: OneNote 2007 - Capture d’écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - C:\Program… Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - C:\Program… Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program… Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - C:\Program… Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra ‘Tools’ menuitem: &KeyScrambler… - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - webtv.guidetv.orange.fr…
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com…
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - download.mcafee.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dlleNetHook.dlleNetHook.dll C:\Windows\system32\guard32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

–
End of file - 11105 bytes

======Scheduled tasks folder======

C:\Windows\tasks\EasyShare Registration Task.job
C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\Malwarebytes’ Scheduled Scan for Brigitte.job
C:\Windows\tasks\Malwarebytes’ Scheduled Update for Brigitte.job
C:\Windows\tasks\User_Feed_Synchronization-{55AF2E8A-EBC9-4A50-8828-434D9E33BE57}.job
C:\Windows\tasks\User_Feed_Synchronization-{AC89A3A3-517E-4E7D-9FBF-FD2CA480E843}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-09-02 179472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-08-25 793328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-09-02 662720]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
“PLFSetL”=C:\Windows\PLFSetL.exe [2007-07-05 94208]
“hpqSRMon”=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
“Malwarebytes’ Anti-Malware”=C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe [2009-09-10 420176]
“COMODO Internet Security”=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-09-26 1799952]
“MSSE”=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-08-06 1046840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
“ehTray.exe”=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
“Freeraser”=C:\Program Files\Codyssey\Freeraser\Freeraser.exe [2009-04-15 1903104]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-09-28 3883856]
“VPbubble”=C:\Program Files\Nosibay\VPbubble\launcher.exe [2009-08-24 239120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender User Interface]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2009-07-10 323584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 - Capture d’écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
WkCalRem.LNK - C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=“eNetHook.dlleNetHook.dlleNetHook.dll C:\Windows\system32\guard32.dll”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=0
“LogonHoursAction”=2
“DontDisplayLogonHoursWarnings”=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“FilterAdministratorToken”=1
“EnableUIADesktopToggle”=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”=“C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe::enabled:CSS"
“C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe”="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe::Enabled:eDSfsu”
“C:\Acer\Empowering Technology\eDataSecurity\encryption.exe”=“C:\Acer\Empowering Technology\eDataSecurity\encryption.exe::Enabled:encryption"
“C:\Acer\Empowering Technology\eDataSecurity\decryption.exe”="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe::Enabled:decryption”
“C:\Program Files\Orbitdownloader\orbitdm.exe”=“C:\Program Files\Orbitdownloader\orbitdm.exe::Enabled:Orbit"
“C:\Program Files\Orbitdownloader\orbitnet.exe”="C:\Program Files\Orbitdownloader\orbitnet.exe::Enabled:Orbit”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{89b5bda0-5e15-11dd-989e-806e6f6e6963}]
shell\AutoRun\command - E:\demarrage.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d7f9a224-8014-11dd-9e64-aa49c949cd35}]
shell\Auto\command - cmd /C launch.bat
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
.txt - open - “C:\Program Files\Notepad++\notepad++.exe” “%1”

======List of files/folders created in the last 1 months======

2009-09-28 17:45:58 ----D---- C:\rsit
2009-09-26 11:54:29 ----N---- C:\Windows\system32\MpSigStub.exe
2009-09-26 11:50:49 ----D---- C:\Program Files\Microsoft Security Essentials
2009-09-26 11:40:06 ----D---- C:\ProgramData\Comodo
2009-09-26 11:39:59 ----A---- C:\Windows\system32\guard32.dll
2009-09-25 16:35:51 ----D---- C:\Program Files\VirusTotalUploader
2009-09-24 20:39:35 ----D---- C:\Program Files\Navilog1
2009-09-24 20:19:29 ----A---- C:\TB.txt
2009-09-24 20:19:01 ----D---- C:\ToolBar SD
2009-09-24 19:21:27 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-09-24 17:42:47 ----D---- C:\Users\Brigitte\AppData\Roaming\vlc
2009-09-23 18:00:09 ----D---- C:\Users\Brigitte\AppData\Roaming\HpUpdate
2009-09-22 18:13:14 ----D---- C:\Users\Brigitte\AppData\Roaming\uTorrent
2009-09-21 19:48:53 ----D---- C:\Windows\Hewlett-Packard
2009-09-21 19:30:07 ----D---- C:\Program Files\ManyCam 2.2
2009-09-21 17:40:31 ----D---- C:\Users\Brigitte\AppData\Roaming\AIMP
2009-09-21 17:40:22 ----D---- C:\Program Files\AIMP2
2009-09-20 21:02:35 ----D---- C:\Program Files\7-Zip
2009-09-20 19:49:01 ----A---- C:\Windows\MessengerPlus.ini
2009-09-20 12:21:16 ----D---- C:\ProgramData\Kaspersky Lab
2009-09-20 09:42:08 ----A---- C:\Windows\bdagent.INI
2009-09-19 18:44:48 ----D---- C:\tmp
2009-09-19 18:44:21 ----D---- C:\Users\Brigitte\AppData\Roaming\Nosibay
2009-09-19 18:44:14 ----D---- C:\Program Files\Nosibay
2009-09-19 17:37:21 ----D---- C:\ProgramData\Messenger Plus!
2009-09-19 14:25:55 ----D---- C:\Users\Brigitte\AppData\Roaming\WinRAR
2009-09-19 10:15:16 ----A---- C:\Windows\system32\phversion.txt
2009-09-18 21:29:58 ----D---- C:\Users\Brigitte\AppData\Roaming\BitDefender
2009-09-18 21:28:25 ----D---- C:\ProgramData\BitDefender
2009-09-18 21:28:25 ----D---- C:\Program Files\BitDefender
2009-09-18 21:26:42 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-18 20:20:30 ----D---- C:\Program Files\SRWare Iron
2009-09-18 19:27:12 ----D---- C:\Users\Brigitte\AppData\Roaming\MessengerDiscovery 2
2009-09-18 18:34:39 ----D---- C:\Program Files\Windows Live Favorites
2009-09-18 18:34:23 ----D---- C:\Program Files\Windows Live Toolbar
2009-09-18 18:17:47 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-16 19:46:52 ----D---- C:\Program Files\Windows Live Safety Center
2009-09-16 17:39:56 ----D---- C:\Program Files\Messenger Plus! Live
2009-09-16 17:18:16 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-09-16 17:17:02 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-16 17:16:40 ----D---- C:\Program Files\Windows Live
2009-09-16 16:28:52 ----D---- C:\Users\Brigitte\AppData\Roaming\ComodoGroup
2009-09-15 20:58:00 ----D---- C:\Users\Brigitte\AppData\Roaming\DrekSoftware
2009-09-15 20:48:40 ----A---- C:\Windows\aimpr.ini
2009-09-15 20:48:09 ----D---- C:\Program Files\ElcomSoft
2009-09-14 13:24:46 ----D---- C:\Windows\pss
2009-09-13 18:42:10 ----A---- C:\Windows\system32\setup_XP.ini
2009-09-12 14:24:58 ----D---- C:\Users\Brigitte\AppData\Roaming\GrabPro
2009-09-12 14:24:58 ----D---- C:\downloads
2009-09-12 14:24:49 ----D---- C:\Program Files\Orbitdownloader
2009-09-12 14:24:48 ----D---- C:\Users\Brigitte\AppData\Roaming\Orbit
2009-09-11 19:45:38 ----D---- C:\ProgramData\Agnitum
2009-09-09 12:54:32 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 12:54:24 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 12:54:24 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 12:54:24 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 12:54:23 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 12:54:22 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 12:53:30 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 12:53:28 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 12:53:28 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 12:53:27 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 12:53:27 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 12:53:27 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 12:53:27 ----A---- C:\Windows\system32\finger.exe
2009-09-09 12:53:26 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 12:53:25 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 12:52:12 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 12:52:11 ----A---- C:\Windows\system32\mf.dll
2009-09-07 12:43:03 ----D---- C:\Users\Brigitte\AppData\Roaming\Foxit
2009-09-07 12:43:03 ----D---- C:\Program Files\Foxit Software
2009-09-06 10:27:20 ----D---- C:\Users\Brigitte\AppData\Roaming\skypePM
2009-09-06 10:24:07 ----D---- C:\Users\Brigitte\AppData\Roaming\Skype
2009-09-06 10:23:37 ----D---- C:\Program Files\Common Files\Skype
2009-09-06 10:23:35 ----RD---- C:\Program Files\Skype
2009-09-06 10:23:27 ----D---- C:\ProgramData\Skype
2009-09-03 09:32:43 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-03 09:32:37 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-01 16:08:51 ----D---- C:\ProgramData\eMule
2009-09-01 15:57:06 ----D---- C:\Users\Brigitte\AppData\Roaming\DMCache
2009-08-30 14:20:57 ----D---- C:\ProgramData\SiteAdvisor

======List of files/folders modified in the last 1 months======

2009-09-28 17:46:06 ----D---- C:\Windows\Temp
2009-09-28 13:16:45 ----D---- C:\Windows\System32
2009-09-28 13:16:44 ----D---- C:\Windows\inf
2009-09-28 13:16:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-28 12:42:02 ----D---- C:\Program Files\Mozilla Firefox
2009-09-28 12:40:41 ----HD---- C:\ProgramData
2009-09-28 12:40:38 ----RD---- C:\Program Files
2009-09-28 09:43:47 ----SHD---- C:\System Volume Information
2009-09-27 20:26:10 ----D---- C:\Windows\Prefetch
2009-09-27 20:07:42 ----SHD---- C:\Windows\Installer
2009-09-27 20:07:42 ----HD---- C:\Config.Msi
2009-09-27 20:06:48 ----D---- C:\Windows
2009-09-27 19:30:05 ----D---- C:\Users\Brigitte\AppData\Roaming\Notepad++
2009-09-27 19:29:10 ----D---- C:\Program Files\Notepad++
2009-09-26 12:04:47 ----D---- C:\Windows\system32\catroot
2009-09-26 11:59:26 ----D---- C:\Windows\system32\drivers
2009-09-26 11:39:56 ----D---- C:\Program Files\COMODO
2009-09-26 11:34:46 ----D---- C:\Program Files\Kaspersky Lab
2009-09-26 11:34:45 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-09-25 21:01:35 ----D---- C:\Windows\Minidump
2009-09-25 19:55:13 ----D---- C:\Windows\system32\Tasks
2009-09-25 19:55:12 ----D---- C:\Windows\Tasks
2009-09-25 19:28:01 ----SHD---- C:\Boot
2009-09-25 19:28:01 ----D---- C:\Windows\system32\config
2009-09-25 09:10:27 ----D---- C:\Windows\system32\catroot2
2009-09-24 18:38:39 ----D---- C:\Users\Brigitte\AppData\Roaming\dvdcss
2009-09-23 17:26:39 ----D---- C:\Users\Brigitte\AppData\Roaming\SUPERAntiSpyware.com
2009-09-23 17:26:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-23 17:26:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-09-20 20:03:17 ----D---- C:\Windows\winsxs
2009-09-18 21:26:42 ----D---- C:\Program Files\Common Files
2009-09-18 21:14:20 ----RSD---- C:\Windows\assembly
2009-09-18 20:30:40 ----D---- C:\Program Files\Opera
2009-09-18 19:39:06 ----D---- C:\Windows\Microsoft.NET
2009-09-18 18:28:13 ----D---- C:\ProgramData\WLInstaller
2009-09-15 16:14:17 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-09-13 12:01:37 ----SD---- C:\ProgramData\Microsoft
2009-09-12 18:24:48 ----D---- C:\ProgramData\McAfee
2009-09-12 18:11:20 ----D---- C:\Program Files\Acer GameZone
2009-09-09 21:21:44 ----D---- C:\Windows\Debug
2009-09-09 17:49:36 ----D---- C:\Windows\rescache
2009-09-09 16:55:23 ----D---- C:\Temp
2009-09-09 16:47:17 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 16:45:40 ----D---- C:\Windows\system32\fr-FR
2009-09-09 12:57:35 ----D---- C:\Program Files\Windows Mail
2009-09-09 12:55:53 ----D---- C:\Windows\ehome
2009-09-08 12:59:53 ----D---- C:\Program Files\Safari
2009-09-08 12:58:22 ----D---- C:\Program Files\Apple Software Update
2009-09-03 14:46:29 ----D---- C:\Windows\AppPatch
2009-08-29 15:20:01 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-09-26 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-09-26 29520]
R1 DritekPortIO;Dritek General Port I/O; ??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-09-26 74328]
R1 is-4IPDQdrv;is-4IPDQdrv; C:\Windows\system32\DRIVERS\00025636.sys [2008-07-08 148496]
R1 is-CCLJUdrv;is-CCLJUdrv; C:\Windows\system32\DRIVERS\75501302.sys [2008-07-08 148496]
R1 is-Q6NBGdrv;is-Q6NBGdrv; C:\Windows\system32\DRIVERS\46406149.sys [2008-07-08 148496]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; ??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-05-02 61424]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 int15;int15; ??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-06-21 691192]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-10 1792792]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-07-30 114672]
R3 MBAMProtector;MBAMProtector; ??\C:\Windows\system32\drivers\mbam.sys [2009-09-10 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-08-10 6144]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-02 1749376]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S1 is-BKINHdrv;is-BKINHdrv; C:\Windows\system32\DRIVERS\30698435.sys [2008-07-08 148496]
S1 neokdss;neokdss; C:\Windows\system32\Drivers\neokdss.sys []
S1 TSP;TSP; ??\C:\Windows\system32\drivers\klif.sys []
S1 ute5nti4;AVZ Kernel Driver; ??\C:\Windows\system32\Drivers\ute5nti4.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-30 2219520]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2009-03-14 10240]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-09-26 723632]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2006-12-12 57344]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe [2009-09-10 269648]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 MsMpSvc;@C:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-07-31 604488]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-09-23 109056]
S3 aspnet_state;Service d’état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 G Data Tuner Service;G Data Tuner Service; C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2009-02-25 907336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-07-31 361288]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

-----------------EOF-----------------

Voici le suivant :

======Uninstall list======

–>C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe” -uninstall
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe” -uninstall
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe” -uninstall
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe” -uninstall
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe” -uninstall
32 Bit HP CIO Components Installer–>MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.65–>“C:\Program Files\7-Zip\Uninstall.exe”
Acer Arcade Deluxe–>C:\Program Files\InstallShield Installation Information{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe -uninstall
Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
Acer Crystal Eye webcam–>C:\Program Files\InstallShield Installation Information{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe” -uninstall
Acer eDataSecurity Management–>C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe” -l0x40c -removeonly
Acer Empowering Technology–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe” -l0x40c -removeonly
Acer eNet Management–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe” -l0x40c -removeonly
Acer ePower Management–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe” -l0x40c -removeonly
Acer ePresentation Management–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe” -l0x40c -removeonly
Acer eSettings Management–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe” -l0x40c -removeonly
Acer GridVista–>C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe” -l0x40c -removeonly
Acer ScreenSaver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe” -l0x9 -removeonly
Acer Tour–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe” -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites–>“C:\ProgramData{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe” REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
ALPS Touch Pad Driver–>C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ArcSoft Print Creations - Album Page–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1AlbumPage
ArcSoft Print Creations - Funhouse–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1Funhouse
ArcSoft Print Creations - Greeting Card–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1GreetingCard
ArcSoft Print Creations - Photo Book–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1PhotoBook
ArcSoft Print Creations - Photo Calendar–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1Calendar
ArcSoft Print Creations - Scrapbook–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1ScrapBook
ArcSoft Print Creations - Slimline Card–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c -1Slimline
ArcSoft Print Creations–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe” -l0x40c
Assistant de connexion Windows Live ID–>MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
CCScore–>MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chessmaster Grandmaster Edition–>C:\Program Files\InstallShield Installation Information{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x040c
COMODO Internet Security–>C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
ESSBrwr–>MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK–>MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore–>MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui–>MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini–>MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD–>MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock–>MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS–>MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt–>MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Extension de Windows Live Toolbar (Windows Live Toolbar)–>MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
fflink–>MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Foxit Reader–>C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Freeraser–>C:\Program Files\Codyssey\Freeraser\Uninstall.exe
Galerie de photos Windows Live–>MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GNU Privacy Guard–>“C:\Program Files\GNU\GnuPG\uninst-gnupg.exe”
HDAUDIO Soft Data Fax Modem with SmartCP–>C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2–>“C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 9.0–>C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0–>C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0–>C:\Program Files\HP\Digital Imaging{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 3.5–>C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant–>MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 9.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update–>MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HPSSupply–>MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel® Graphics Media Accelerator Driver–>C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager–>C:\Windows\System32\Imsmudlg.exe
Junk Mail filter update–>MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KeyScrambler–>C:\Program Files\KeyScrambler\uninstall.exe
kgcbaby–>MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgchday–>MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn–>MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt–>MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids–>MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove–>MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday–>MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Launch Manager–>C:\Windows\UnInst32.exe LManager.UNI
livebox–>C:\Program Files\InstallShield Installation Information{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Logiciel Kodak EasyShare–>C:\ProgramData\Kodak\EasyShareSetup$SETUP_140001_25e5dc\Setup.exe /APR-REMOVE
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Menus intelligents (Windows Live Toolbar)–>MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft .NET Framework 1.1 Hotfix (KB929729)–>“C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra–>MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1–>C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware–>MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Antimalware–>MsiExec.exe /X{A92EC2FF-BB59-4294-B727-AFC47BA7FDA7}
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007–>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4–>MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (French) 2007–>MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack–>MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Security Essentials–>C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials–>MsiExec.exe /I{466A6359-0EC2-4369-B889-6FE780D2CF3C}
Microsoft Silverlight–>MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]–>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)–>MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)–>MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148–>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works–>MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra–>C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)–>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)–>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navigateur Orange–>C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
netbrdg–>MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Notepad+±->C:\Program Files\Notepad++\uninstall.exe
NTI Backup NOW! 4.7–>“C:\Program Files\InstallShield Installation Information{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe” -removeonly
NTI CD & DVD-Maker–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OfotoXMI–>MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Orange - Logiciels Internet–>C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Orbit Downloader–>“C:\Program Files\Orbitdownloader\unins000.exe”
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerProducer 3.72–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE” -uninstall
Realtek High Definition Audio Driver–>RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe” -l0x40c anything
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SFR–>MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA–>MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001–>MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK–>MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 4.1–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9–>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SRWare Iron 3.0.197.0–>“C:\Program Files\SRWare Iron\unins000.exe”
staticcr–>MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Surligneur (Windows Live Toolbar)–>MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
TuneUp Utilities 2009–>MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime–>MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VirusTotal Uploader–>“C:\Program Files\VirusTotalUploader\uninstall.exe”
Visual C++ 2008 x86 Runtime - (v9.0.30729)–>MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01–>C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ CRT 9.0 SP1–>MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}
VLC media player 1.0.2–>C:\Program Files\VideoLAN\VLC\uninstall.exe
VPbubble (remove only)–>C:\Program Files\Nosibay\VPbubble\Uninstall VPbubble.exe
VPRINTOL–>MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows 7 Upgrade Advisor Beta–>MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
Windows Installer Clean Up–>MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Favorites pour Windows Live Toolbar–>MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live FolderShare–>MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail–>MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger–>MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker–>MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live OneCare safety scanner–>“C:\Program Files\Windows Live Safety Center\UnInstall.exe”
Windows Live OneCare safety scanner–>MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar–>MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS–>MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

=====HijackThis Backups=====

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) [2009-09-17]
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present [2009-09-17]
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) [2009-09-17]
O4 - Global Startup: Empowering Technology Launcher.lnk = ? [2009-09-17]
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll [2009-09-17]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-Brigitte
Event Code: 10010
Message: Le serveur {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 250659
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090620152101.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Brigitte
Event Code: 4227
Message: TCP/IP n’a pas pu établir une connexion sortante car le point de terminaison local sélectionné a été récemment utilisé pour se connecter au même point de terminaison distant. Cette erreur se produit généralement lorsque les connexions sortantes sont ouvertes et fermées à un débit élevé, provoquant l’utilisation de tous les ports locaux disponibles et obligeant TCP/IP à réutiliser un port local pour une connexion sortante. Pour réduire le risque d’altération des données, la norme TCP/IP exige qu’un laps de temps minimal s’écoule entre des connexions successives d’un point de terminaison local à un point de terminaison distant.
Record Number: 250629
Source Name: Tcpip
Time Written: 20090620120121.193041-000
Event Type: Avertissement
User:

Computer Name: PC-de-Brigitte
Event Code: 7026
Message: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
is-BKINHdrv
Record Number: 250602
Source Name: Service Control Manager
Time Written: 20090620115620.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Brigitte
Event Code: 6008
Message: L’arrêt système précédant à 13:52:16 le 20/06/2009 n’était pas prévu.
Record Number: 250516
Source Name: EventLog
Time Written: 20090620115441.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Brigitte
Event Code: 5
Message: Le filtre de système de fichiers « is-BKINHdrv » (Version 6.0, 2008-07-08T12:52:58.000Z) n’a pas réussi à s’inscrire auprès du gestionnaire de filtres. L’état final de cette opération était 0xc01c0011.
Record Number: 250512
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090620115426.469721-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-de-Brigitte
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-759318378-497761762-3404630427-1000:
Process 1004 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-759318378-497761762-3404630427-1000
Process 232 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-759318378-497761762-3404630427-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1936 (\Device\HarddiskVolume2\Program Files\AGI\common\win32\pythonservice.exe) has opened key \REGISTRY\USER\S-1-5-21-759318378-497761762-3404630427-1000\Software\Google\GoogleToolbarNotifier
Process 1936 (\Device\HarddiskVolume2\Program Files\AGI\common\win32\pythonservice.exe) has opened key \REGISTRY\USER\S-1

Help ! :fou:

:bounce:

Ce message n’était pas conforme aux règles d’utilisation du nouveau forum :

Help !

Re

Patiente ,nous ne sommes pas au garde a vous devant notre PC !!

Fais dans l ordre,lis bien et surtout poste tous les rapports

1)Lances Hijackthis

SOUS VISTA: Clic droit sur Hijackthis/exécuter en tant qu’administrateur!

Cliques sur ==> Do a System Scan Only

coches ces Lignes

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.fr…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…

Fermes tes autres applications sauf ==> hijackthis ( bien sûr )

et Cliques sur ==> Fix Checked

ensuite
2) Dans ajouter et supprimer des programmes ==> désinstalles Eset Online sacanner

aprés

3. Désactives ton antivirus

Télécharge OTM de OldTimer sur le bureau :

==>OTM

Double-clique sur OTM.exe sur le bureau

—> sous VISTA: clic droit: exécuter en temps qu’administrateur.

• Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

• Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

• Clique sur MoveIt! pour lancer la suppression.
• Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:_OTM\MovedFiles.

Réactives ton antivirus

et

3. Télécharge Combofix

vista, tu dois donc aussi désactiver l’UAC avant d’utiliser

==>ComboFix.exe

==>sur ton Bureau(et pas ailleurs) et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>poisson9.com
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”
Fermez toutes les fenêtres ouvertes

Double clique==> poisson9.com ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

Réactives ton antivirus et antispyware
vista, tu dois donc aussi réactiver l’UAC
PS
si ta connexion internet n’est plus active après le redémarrage au cas faudra faire une réparation manuelle

tu feras en dernier

4. Désactives ton antivirus

Telecharge et install UsbFix (de C_XX & Chiquitine29)

==> UsbFix (de C_XX & Chiquitine29)

Déconnectes toi et fermes toutes applications en cours

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir

Double clic sur le raccourci UsbFix présent sur ton bureau .

Choisi l option 1 ( Recherche )

Laisse travailler l outil.

Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Réactives ton antivirus

@+ cricri58

Voici le premier :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver AGWinService deleted successfully.
========== FILES ==========
C:\WINDOWS\BDOSCAN8 moved successfully.
C:\Program Files\AGI\common\agcutils.dll unregistered successfully.
C:\Program Files\AGI\common\agcutils.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brigitte
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5599218 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55365193 bytes
->Apple Safari cache emptied: 199334670 bytes
->Opera cache emptied: 279780 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 33531 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 248,57 mb

OTM by OldTimer - Version 3.0.0.6 log created on 09282009_203028

Files moved on Reboot…

Registry entries deleted on Reboot…

Je ferais les autres demain.Je n’ais pas trouvé : Eset Online sacanner

Donc tu ne l as plus, c est que tu avais coché la case de désinstallation avant la fermeture de la fenêtre de Eset Online scanner

ok tu fais demain le reste

Voici le premier :

ComboFix 09-09-28.01 - Brigitte 29/09/2009 13:01.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1050 [GMT 2:00]
Lancé depuis: c:\users\Brigitte\Desktop\poisson9.com.exe
SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\drv\Tuner\Yuan\Resources_desktop.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\programdata\ntuser.dat{a548b7b0-4ea0-11de-9931-d724c43d8ee7}.TMContainer00000000000000000001.regtrans-ms
c:\users\Brigitte\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc
c:\users\Brigitte\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\102197e.msi
c:\windows\Installer\7f7f1.msi
c:\windows\Installer\ed96e.msi
c:\windows\system32(1{ea2a2829-4529-11de-a532-b6a8befaec10}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32(12{9d8d1079-4485-11de-af99-d2c8528f7560}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\AutoRun.inf
c:\windows\system32\logs

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-29 ))))))))))))))))))))))))))))))))))))
.

2009-09-29 11:18 . 2009-09-29 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-29 11:18 . 2009-09-29 11:19 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2009-09-28 18:30 . 2009-09-28 18:30 -------- d-----w- C:_OTM
2009-09-28 15:45 . 2009-09-28 15:46 -------- d-----w- C:\rsit
2009-09-26 09:54 . 2009-08-20 15:51 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-26 09:50 . 2009-09-26 09:59 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-09-26 09:40 . 2009-09-26 09:48 -------- d-----w- c:\programdata\Comodo
2009-09-26 09:39 . 2009-09-26 09:39 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-26 09:39 . 2009-09-26 09:39 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-26 09:39 . 2009-09-26 09:39 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-26 09:39 . 2009-09-26 09:39 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-25 18:24 . 2009-09-25 18:24 -------- d-----w- c:\users\Brigitte\DoctorWeb
2009-09-25 14:35 . 2009-09-25 14:35 -------- d-----w- c:\program files\VirusTotalUploader
2009-09-24 18:39 . 2009-09-24 18:40 -------- d-----w- c:\program files\Navilog1
2009-09-24 18:19 . 2009-09-28 10:41 -------- d-----w- C:\ToolBar SD
2009-09-24 17:21 . 2009-09-24 17:21 -------- d-----w- c:\users\Brigitte\AppData\Local\Microsoft Corporation
2009-09-24 17:21 . 2009-09-24 17:21 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-24 15:42 . 2009-09-27 17:32 -------- d-----w- c:\users\Brigitte\AppData\Roaming\vlc
2009-09-23 16:00 . 2009-09-23 16:00 -------- d-----w- c:\users\Brigitte\AppData\Roaming\HpUpdate
2009-09-23 13:07 . 2009-09-23 13:07 -------- d-----w- c:\users\Brigitte\AppData\Local\Yahoo!
2009-09-22 16:13 . 2009-09-22 16:24 -------- d-----w- c:\users\Brigitte\AppData\Roaming\uTorrent
2009-09-21 17:48 . 2009-09-21 17:48 -------- d-----w- c:\windows\Hewlett-Packard
2009-09-21 17:30 . 2009-09-21 17:30 -------- d-----w- c:\program files\ManyCam 2.2
2009-09-21 15:40 . 2009-09-21 15:45 -------- d-----w- c:\users\Brigitte\AppData\Roaming\AIMP
2009-09-21 15:40 . 2009-09-21 15:53 -------- d-----w- c:\program files\AIMP2
2009-09-20 19:02 . 2009-09-20 19:02 -------- d-----w- c:\program files\7-Zip
2009-09-20 10:21 . 2009-09-26 09:36 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-20 09:41 . 2009-09-20 09:43 38 ----a-w- C:\BdUninstallTool2009.09.20-11.41.55.reg
2009-09-20 06:42 . 2009-09-20 06:42 56 —ha-w- c:\windows\system32\ezsidmv.dat
2009-09-19 16:44 . 2009-09-19 16:44 -------- d-----w- C:\tmp
2009-09-19 16:44 . 2009-09-19 16:44 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Nosibay
2009-09-19 16:44 . 2009-09-19 16:44 -------- d-----w- c:\program files\Nosibay
2009-09-19 15:37 . 2009-09-19 15:37 -------- d-----w- c:\programdata\Messenger Plus!
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\wsbl.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\ph_white.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\ph_black.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-09-19 08:15 . 2009-09-19 08:15 0 ----a-w- c:\windows\system32\pcwords.dat
2009-09-18 19:51 . 2009-09-20 10:10 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-09-18 19:51 . 2009-09-18 19:51 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-09-18 19:51 . 2009-09-18 19:51 16 ----a-w- c:\windows\system32\asdict.dat
2009-09-18 19:29 . 2009-09-18 19:29 -------- d-----w- c:\users\Brigitte\AppData\Roaming\BitDefender
2009-09-18 19:28 . 2009-09-20 10:14 -------- d-----w- c:\programdata\BitDefender
2009-09-18 19:28 . 2009-09-20 10:14 -------- d-----w- c:\program files\BitDefender
2009-09-18 19:26 . 2009-09-20 10:14 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-18 18:20 . 2009-09-18 18:20 -------- d-----w- c:\program files\SRWare Iron
2009-09-18 17:27 . 2009-09-18 17:27 -------- d-----w- c:\users\Brigitte\AppData\Roaming\MessengerDiscovery 2
2009-09-18 16:34 . 2009-09-18 16:34 -------- d-----w- c:\program files\Windows Live Favorites
2009-09-18 16:34 . 2009-09-20 18:04 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-18 16:17 . 2009-09-18 16:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-16 17:46 . 2009-09-18 17:01 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-16 15:39 . 2009-09-19 15:28 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-16 15:18 . 2009-09-16 15:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 15:17 . 2009-09-16 15:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 15:16 . 2009-09-20 18:08 -------- d-----w- c:\program files\Windows Live
2009-09-16 14:28 . 2009-09-16 14:28 -------- d-----w- c:\users\Brigitte\AppData\Roaming\ComodoGroup
2009-09-15 18:58 . 2009-09-15 19:00 -------- d-----w- c:\users\Brigitte\AppData\Roaming\DrekSoftware
2009-09-15 18:48 . 2009-09-15 18:52 -------- d-----w- c:\program files\ElcomSoft
2009-09-13 09:01 . 2009-09-13 09:01 -------- d-----w- c:\users\Brigitte\AppData\Local\Axialis
2009-09-12 16:14 . 2009-09-27 18:12 -------- d-----r- c:\users\Brigitte\Téléchargent Orbit
2009-09-12 12:24 . 2009-09-12 12:59 -------- d-----w- C:\downloads
2009-09-12 12:24 . 2009-09-12 12:24 -------- d-----w- c:\users\Brigitte\AppData\Roaming\GrabPro
2009-09-12 12:24 . 2009-09-12 12:45 -------- d-----w- c:\program files\Orbitdownloader
2009-09-12 12:24 . 2009-09-29 10:50 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Orbit
2009-09-11 17:45 . 2009-09-11 17:45 -------- d-----w- c:\programdata\Agnitum
2009-09-09 10:54 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 10:54 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 10:54 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 10:54 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 10:54 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 10:53 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 10:53 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 10:53 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 10:53 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 10:53 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 10:53 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 10:53 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 10:53 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 10:53 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 10:53 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 10:53 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 10:52 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-07 10:43 . 2009-09-12 12:39 -------- d-----w- c:\program files\Foxit Software
2009-09-07 10:43 . 2009-09-07 10:43 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Foxit
2009-09-06 08:27 . 2009-09-23 14:08 -------- d-----w- c:\users\Brigitte\AppData\Roaming\skypePM
2009-09-06 08:24 . 2009-09-28 18:14 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Skype
2009-09-06 08:23 . 2009-09-06 08:23 -------- d-----w- c:\program files\Common Files\Skype
2009-09-06 08:23 . 2009-09-06 08:23 -------- d-----r- c:\program files\Skype
2009-09-06 08:23 . 2009-09-06 08:23 -------- d-----w- c:\programdata\Skype
2009-09-03 07:32 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 07:32 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 14:08 . 2009-09-01 14:41 -------- d-----w- c:\programdata\eMule
2009-09-01 14:08 . 2009-09-01 14:41 -------- d-----w- c:\users\Brigitte\AppData\Local\eMule
2009-09-01 13:57 . 2009-09-12 12:38 -------- d-----w- c:\users\Brigitte\AppData\Roaming\DMCache
2009-08-30 12:20 . 2009-08-30 12:20 -------- d-----w- c:\programdata\SiteAdvisor

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 10:48 . 2009-05-03 14:15 15370988 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-29 10:48 . 2009-05-03 14:15 1147482144 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-28 18:35 . 2008-08-12 11:40 6648 ----a-w- c:\users\Brigitte\AppData\Local\d3d9caps.dat
2009-09-28 11:16 . 2006-11-02 15:48 682034 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-28 11:16 . 2006-11-02 15:48 129632 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-27 17:30 . 2009-08-20 16:42 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Notepad++
2009-09-27 17:29 . 2009-08-20 16:42 -------- d-----w- c:\program files\Notepad++
2009-09-26 09:39 . 2009-08-18 14:51 -------- d-----w- c:\program files\COMODO
2009-09-26 09:34 . 2009-04-04 17:23 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-26 09:34 . 2009-03-28 12:59 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-24 16:38 . 2009-06-25 19:00 -------- d-----w- c:\users\Brigitte\AppData\Roaming\dvdcss
2009-09-23 17:37 . 2008-08-14 13:00 3176 ----a-w- c:\users\Brigitte\AppData\Roaming\wklnhst.dat
2009-09-23 15:26 . 2009-06-29 10:53 -------- d-----w- c:\users\Brigitte\AppData\Roaming\SUPERAntiSpyware.com
2009-09-23 15:26 . 2009-06-10 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-23 15:26 . 2009-06-20 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-18 19:51 . 2009-08-06 14:34 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-09-18 18:30 . 2009-03-26 19:11 -------- d-----w- c:\program files\Opera
2009-09-18 16:28 . 2008-07-30 13:02 -------- d-----w- c:\programdata\WLInstaller
2009-09-15 14:14 . 2009-08-09 13:25 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-09-12 16:24 . 2009-05-22 20:55 -------- d-----w- c:\programdata\McAfee
2009-09-12 16:11 . 2007-08-10 08:01 -------- d-----w- c:\program files\Acer GameZone
2009-09-10 12:54 . 2009-08-09 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-09 13:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 14:47 . 2008-07-30 11:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-08 10:59 . 2009-06-30 15:58 -------- d-----w- c:\program files\Safari
2009-09-08 10:58 . 2009-06-21 12:52 -------- d-----w- c:\program files\Apple Software Update
2009-08-29 13:20 . 2007-08-10 06:31 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-08-25 10:58 . 2009-08-22 09:46 -------- d-----w- c:\program files\KeyScrambler
2009-08-21 08:38 . 2009-08-15 15:48 -------- d-----w- c:\users\Brigitte\AppData\Roaming\gnupg
2009-08-18 15:23 . 2009-08-18 15:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-18 14:02 . 2009-08-01 15:45 -------- d-----w- c:\program files\Trend Micro
2009-08-18 13:25 . 2009-03-10 19:03 -------- d-----w- c:\program files\Lavasoft
2009-08-18 12:59 . 2009-07-31 17:08 -------- d-----w- c:\program files\Common Files\AntiVirus
2009-08-17 07:54 . 2009-02-27 15:58 -------- d-----w- c:\programdata\NOS
2009-08-17 07:54 . 2008-07-30 10:33 -------- d-----w- c:\programdata\Micro Application
2009-08-16 16:31 . 2009-03-30 18:51 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-16 14:27 . 2009-07-01 15:01 -------- d-----w- c:\programdata\G DATA
2009-08-16 14:27 . 2008-07-30 09:12 -------- d-----w- c:\program files\Yahoo!
2009-08-16 14:13 . 2009-05-26 17:03 -------- d-----w- c:\users\Brigitte\AppData\Roaming\GlarySoft
2009-08-15 15:48 . 2009-08-15 15:48 -------- d-----w- c:\program files\GNU
2009-08-11 15:02 . 2009-08-11 15:02 0 ----a-w- c:\windows\nsreg.dat
2009-08-11 15:02 . 2009-08-11 15:01 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Thunderbird
2009-08-10 16:39 . 2009-03-06 15:59 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 08:24 . 2008-08-03 15:57 -------- d-----w- c:\program files\Java
2009-08-09 17:52 . 2009-08-09 17:52 -------- d-----w- c:\program files\Codyssey
2009-08-02 16:36 . 2007-08-10 07:53 -------- d-----w- c:\programdata\Microsoft Help
2009-08-01 09:52 . 2009-07-31 15:37 -------- d-----w- c:\program files\F-Secure Internet Security
2009-08-01 09:44 . 2009-07-31 15:33 -------- d-----w- c:\programdata\f-secure
2009-07-31 17:44 . 2009-07-31 17:08 -------- d-----w- c:\users\Brigitte\AppData\Roaming\Avanquest
2009-07-31 17:14 . 2009-07-31 17:08 -------- d-----w- c:\programdata\Avanquest
2009-07-31 17:07 . 2009-07-31 17:07 -------- d-----w- c:\program files\Avanquest
2009-07-31 15:54 . 2009-07-31 15:54 -------- d-----w- c:\users\Brigitte\AppData\Roaming\F-Secure
2009-07-31 15:34 . 2009-07-31 15:34 -------- d-----w- c:\programdata\fssg
2009-07-31 15:26 . 2009-07-31 14:28 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-07-31 15:16 . 2009-05-25 17:55 -------- d-----w- c:\program files\VideoLAN
2009-07-31 14:55 . 2009-03-24 16:28 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-31 14:55 . 2009-07-31 14:55 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-31 14:54 . 2009-06-26 15:26 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-31 14:00 . 2009-04-10 16:32 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-31 12:37 . 2009-07-31 12:37 290816 ------w- c:\windows\Setup1.exe
2009-07-31 12:37 . 2009-07-31 12:37 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-07-30 20:10 . 2009-08-22 09:46 114672 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-03-12 18:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 05:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 05:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 05:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 10:50 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 10:49 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 10:49 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 10:49 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 10:49 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-15 09:48 . 2009-07-31 14:55 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-07-15 09:48 . 2009-07-31 14:55 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-13 11:27 . 2009-03-21 17:30 159022 ----a-w- c:\windows\hpoins15.dat
2009-07-13 08:08 . 2009-07-13 08:05 119515 ----a-w- c:\windows\hpqins00.dat
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-05 18:44 . 2009-07-05 18:44 96 ----a-w- c:\users\Brigitte\AppData\Local\fusioncache.dat
2009-07-03 17:50 . 2009-07-03 17:50 132 ----a-w- C:\httpdwl.dat
2009-07-02 17:42 . 2009-07-02 17:42 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-01 15:23 . 2009-05-18 18:13 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-01 15:03 . 2009-05-18 17:36 50632 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-07-01 15:03 . 2009-05-18 17:36 51656 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2009-07-01 15:02 . 2009-05-18 17:35 40392 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2009-07-03 17:18 . 2008-08-13 17:02 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
“Freeraser”=“c:\program files\Codyssey\Freeraser\Freeraser.exe” [2009-04-15 1903104]
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” [2009-09-28 3883856]
“VPbubble”=“c:\program files\Nosibay\VPbubble\launcher.exe” [2009-08-24 239120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PLFSetL”=“c:\windows\PLFSetL.exe” [2007-07-05 94208]
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2008-08-20 150016]
“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2009-09-10 420176]
“COMODO Internet Security”=“c:\program files\COMODO\COMODO Internet Security\cfp.exe” [2009-09-26 1799952]
“MSSE”=“c:\program files\Microsoft Security Essentials\msseces.exe” [2009-08-06 1046840]
“RtHDVCpl”=“RtHDVCpl.exe” - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe” [2007-05-22 151552]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“KeyScrambler”=“c:\program files\KeyScrambler\getting_started.html” [X]

c:\users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 - Capture d’?cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WkCalRem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-19 21504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-9-12 1719568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“FilterAdministratorToken”= 1 (0x1)
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”

[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
backup=c:\windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“WindowsWelcomeCenter”=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“VistaSp2”=hex(b):be,e2,88,b6,74,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-759318378-497761762-3404630427-1000]
“EnableNotificationsRef”=dword:0000000a

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{61861A63-DD98-4F74-90B2-1977E0459163}”= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
“{FF8F54EB-3E2C-4BEC-A8F5-B23D489A8EBB}”= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
“{BE64A317-8BE2-4EA9-93AE-77B789DBE85D}”= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
“{59979BEB-C720-489A-ABF2-B11E72845A87}”= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
“{44A34F41-92AD-410B-B30D-480D96471592}”= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
“{DECFA127-E568-45DE-8EA9-D6E16182C5FC}”= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
“{E04B56B1-32F5-41EA-BEDC-6CABA0375449}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
“{8849AA4E-F576-4B6A-AF96-F99CD7205EDB}”= Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
“{4B1C9DA7-AC17-4686-8D87-CEA05B7BB074}”= Disabled:c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
“{FFA86E6E-74C0-468D-BE0E-3FD7011CDCBB}”= c:\program files\Skype\Phone\Skype.exe:Skype
“TCP Query User{865DF9ED-DCAB-4658-85B0-53DAB53E40D0}c:\program files\mozilla firefox\firefox.exe”= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{1B85B1B6-E930-4F4B-87D4-24E7C30D7866}c:\program files\mozilla firefox\firefox.exe”= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
“{ECF89B5C-3940-4682-8FD1-DC3AF8B801AC}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
“TCP Query User{62FAC075-4E73-436D-BEC5-A408CBFFA177}c:\program files\orbitdownloader\orbitnet.exe”= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
“UDP Query User{6961F87B-444B-41AF-8D13-B40CF97E139C}c:\program files\orbitdownloader\orbitnet.exe”= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
“{17156E18-6A8F-49D7-8F99-9BBE5012B0BF}”= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
“{0C928516-91A2-4C3E-9D7D-66748A00B6C3}”= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{046814F5-DC98-4613-BFA3-9FA9A52412F2}”= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe”= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe::enabled:CSS
“c:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe”= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe::Enabled:eDSfsu
“c:\Acer\Empowering Technology\eDataSecurity\encryption.exe”= c:\acer\Empowering Technology\eDataSecurity\encryption.exe::Enabled:encryption
“c:\Acer\Empowering Technology\eDataSecurity\decryption.exe”= c:\acer\Empowering Technology\eDataSecurity\decryption.exe::Enabled:decryption
“c:\Program Files\Orbitdownloader\orbitdm.exe”= c:\program files\Orbitdownloader\orbitdm.exe::Enabled:Orbit
“c:\Program Files\Orbitdownloader\orbitnet.exe”= c:\program files\Orbitdownloader\orbitnet.exe::Enabled:Orbit

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [26/09/2009 11:39 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [26/09/2009 11:39 29520]
R1 is-4IPDQdrv;is-4IPDQdrv;c:\windows\System32\drivers\00025636.sys [13/05/2009 13:53 148496]
R1 is-CCLJUdrv;is-CCLJUdrv;c:\windows\System32\drivers\75501302.sys [13/05/2009 12:51 148496]
R1 is-Q6NBGdrv;is-Q6NBGdrv;c:\windows\System32\drivers\46406149.sys [13/05/2009 19:29 148496]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 07:09 270888]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [08/11/2008 12:21 61424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes’ Anti-Malware\mbamservice.exe [09/08/2009 15:25 269648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [24/03/2009 18:28 604488]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [10/08/2007 16:41 32256]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\drivers\keyscrambler.sys [22/08/2009 11:46 114672]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [09/08/2009 15:25 19160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 18:48 42480]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [06/06/2009 13:07 65576]
S1 is-BKINHdrv;is-BKINHdrv;c:\windows\System32\drivers\30698435.sys [13/05/2009 15:13 148496]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [10/08/2007 16:41 179712]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [25/02/2009 04:18 907336]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [30/07/2008 12:28 28224]
S4 0267471241168295mcinstcleanup;0267471241168295mcinstcleanup; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-09-29 c:\windows\Tasks\Maintenance en 1 clic.job

• c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:00]

2009-09-25 c:\windows\Tasks\Malwarebytes’ Scheduled Scan for Brigitte.job

• c:\program files\Malwarebytes’ Anti-Malware\mbam.exe [2009-08-09 12:53]

2009-09-29 c:\windows\Tasks\Malwarebytes’ Scheduled Update for Brigitte.job

• c:\program files\Malwarebytes’ Anti-Malware\mbam.exe [2009-08-09 12:53]

2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{55AF2E8A-EBC9-4A50-8828-434D9E33BE57}.job

• c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{AC89A3A3-517E-4E7D-9FBF-FD2CA480E843}.job

• c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
  .
  .
  ------- Examen supplémentaire -------
  .
  uStart Page = www.google.fr…
  uSearchMigratedDefaultURL = search.yahoo.com…
  mWindow Title =
  IE: ?4da1a3bfcab942eab3ec3b465ef4d37d
  IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
  IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
  IE: Add to Windows &Live Favorites - favorites.live.com…
  IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
  IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
  IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  LSP: c:\windows\system32\wpclsp.dll
  DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - webtv.guidetv.orange.fr…
  .
• • • • ORPHELINS SUPPRIMES - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-09-29 13:19
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
“ImagePath”="??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,ca,1b,61,f8,dc,5a,49,ac,b2,d0,
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,ca,1b,61,f8,dc,5a,49,ac,b2,d0,\

[HKEY_USERS\S-1-5-21-759318378-497761762-3404630427-1000_Classes\CLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
“scansk”=hex(0):83,b0,78,40,81,e9,75,66,35,39,6e,b9,af,9d,eb,10,2e,43,f5,89,8d,
2f,8a,99,58,6e,ea,03,80,1a,7c,76,b0,47,93,e9,ec,97,3e,8e,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-759318378-497761762-3404630427-1000_Classes\CLSID{ef31be34-2309-4cb3-8120-c733202577b9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
“Model”=dword:000000fe
“Therad”=dword:0000000c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@=“c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe”

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

• • • • • • • ‘winlogon.exe’(824)
              c:\windows\system32\guard32.dll

• • • • • • • ‘lsass.exe’(772)
              c:\windows\system32\guard32.dll
              .
              Heure de fin: 2009-09-29 13:23
              ComboFix-quarantined-files.txt 2009-09-29 11:23

Avant-CF: 24 688 156 672 octets libres
Après-CF: 24 557 826 048 octets libres

423 — E O F — 2009-09-28 07:44

Voici le 2 ème :

############################## | UsbFix V6.037 |

User : Brigitte (Administrateurs) # PC-DE-BRIGITTE
Update on 27/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 16:39:11 | 29/09/2009
Website : pagesperso-orange.fr…

Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 69,77 Go (22,92 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 69,52 Go (60,47 Go free) [Mes données] # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible # 7,5 Go (3,28 Go free) [KINGSTON] # FAT32
H:\ -> Disque amovible # 3,72 Go (1,75 Go free) [KINGSTON] # FAT32

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe

################## | Fichiers # Dossiers infectieux |

################## | Registre # Clés Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] “DisableRegistryTools”
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] “NoDrives”
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] “NoDrives”

################## | Registre # Mountpoints2 |

################## | ! Fin du rapport # UsbFix V6.037 ! |

Ok !!!du nettoyage de fait avec Combofix

Maintenant

Fais encore

1. Télécharge Blacklight (de F-Secure)

==>Blacklight (de F-Secure)

et sauvegarde le sur ton Bureau.

Double-clique fsbl.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ;

clique step1 Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport

2. Télécharge DllCompare

==>DllCompare
Ouvres DllCompare, vérifie que *.DLL ==> sélectionner en haut à droite.

Appuye sur [Run Locate] et ensuite [Compare] pour:

C:\WINDOWS\system32 et C:\WINDOWS

et refais cela en changeant *.DLL pour *.EXE =>en haut à droite

que le scan est fini, clique sur le bouton “Make a Log of what was found”

et réponds " oui"

==> Copie les rapports obtenus

Voici le premier rapport :

09/29/09 17:32:18 [Info]: BlackLight Engine 2.2.1092 initialized
09/29/09 17:32:18 [Info]: OS: 6.0 build 6002 (Service Pack 2)
09/29/09 17:32:18 [Note]: 7019 4
09/29/09 17:32:18 [Note]: 7005 0
09/29/09 17:33:25 [Note]: 7006 0
09/29/09 17:33:25 [Note]: 7027 0
09/29/09 17:34:03 [Note]: 7035 0
09/29/09 17:34:03 [Note]: 7026 0
09/29/09 17:34:03 [Note]: 7026 0
09/29/09 17:34:10 [Note]: FSRAW library version 1.7.1024
09/29/09 17:35:50 [Note]: 4015 79360
09/29/09 17:35:50 [Note]: 4027 79360 327680
09/29/09 17:35:50 [Note]: 4020 49418 262144
09/29/09 17:35:50 [Note]: 4018 49418 262144
09/29/09 17:36:54 [Note]: 4015 111916
09/29/09 17:36:54 [Note]: 4027 111916 9175040
09/29/09 17:36:54 [Note]: 4020 6697 65536
09/29/09 17:36:54 [Note]: 4018 6697 65536
09/29/09 17:37:24 [Note]: 4015 24833
09/29/09 17:37:24 [Note]: 4027 24833 65536
09/29/09 17:37:24 [Note]: 4020 5 327680
09/29/09 17:37:24 [Note]: 4018 5 327680
09/29/09 17:37:36 [Note]: 4015 28803
09/29/09 17:37:36 [Note]: 4027 28803 65536
09/29/09 17:37:36 [Note]: 4020 28777 65536
09/29/09 17:37:36 [Note]: 4018 28777 65536
09/29/09 17:38:03 [Note]: 4015 30074
09/29/09 17:38:03 [Note]: 4027 30074 65536
09/29/09 17:38:03 [Note]: 4020 24833 65536
09/29/09 17:38:03 [Note]: 4018 24833 65536
09/29/09 17:38:23 [Note]: 4015 31044
09/29/09 17:38:23 [Note]: 4027 31044 65536
09/29/09 17:38:23 [Note]: 4020 30074 65536
09/29/09 17:38:23 [Note]: 4018 30074 65536
09/29/09 17:57:21 [Note]: 7007 0

Voici le rapport (C:/Windows/System32 en dll ) :

• DLLCompare Log version(1.0.0.127)
  Files Found that Windows does not See or cannot Access
  *Not everything listed here means you are infected!

C:\WINDOWS\SYSTEM32\ntibun4.dll Fri 10 Aug 2007 9:18:50 A…HR 1 024 1,00 K

1 571 items found: 1 571 files (1 H/S), 0 directories.
Total of file sizes: 485 098 191 bytes 462,63 M

Administrator Account = Faux

AppInit_DLLs value = C:\Windows\System32\guard32.dll (not hidden)
--------------------End log---------------------
Voici le rapport (C:/Windows/System32 en exe ) :

• DLLCompare Log version(1.0.0.127)
  Files Found that Windows does not See or cannot Access
  *Not everything listed here means you are infected!

O^E says: “There were no files found :)”

347 items found: 347 files, 0 directories.
Total of file sizes: 124 996 835 bytes 119,20 M

Administrator Account = Faux

AppInit_DLLs value = C:\Windows\System32\guard32.dll (not hidden)
--------------------End log---------------------

Voici le rapport (C:/Windows en exe ) :

• DLLCompare Log version(1.0.0.127)
  Files Found that Windows does not See or cannot Access
  *Not everything listed here means you are infected!

O^E says: “There were no files found :)”

32 items found: 32 files, 0 directories.
Total of file sizes: 31 392 412 bytes 29,94 M

Administrator Account = Faux

AppInit_DLLs value = C:\Windows\System32\guard32.dll (not hidden)
--------------------End log---------------------

Voici le rapport (C:/Windows en dll ) :

• DLLCompare Log version(1.0.0.127)
  Files Found that Windows does not See or cannot Access
  *Not everything listed here means you are infected!

O^E says: “There were no files found :)”

7 items found: 7 files, 0 directories.
Total of file sizes: 1 054 752 bytes 1,00 M

Administrator Account = Faux

AppInit_DLLs value = C:\Windows\System32\guard32.dll (not hidden)
--------------------End log---------------------

Bien

C:\Windows\System32\guard32.dll (not hidden)
==> correspond à ==>Comodo Firewall

maintenant

Telecharge et installes Ccleaner

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

et

Poste un Log Hijackthis