pywin32

eve · Message par **eve** » 14 avr. 2010, 17:34

bonjour
j'espere que quelqu'un pourra me donner un debut de piste de resolution de mon souci , je tourne en rond
je n'ai plus acces à msn, juste aux mails, et j'ai comme message pywin32 a cessé de fonctionner

j'ai enlevé les dernieres installations
j'ai fait une restauration systeme
rien n'y fait

merci :-)

Message par **chantal11** » 14 avr. 2010, 18:20

Bonjour eve,

Génère un log RSIT comme indiqué ci-dessous :

Télécharge random's system information tool (RSIT) de random/random et enregistre le sur le bureau
Double clique sur RSIT.exe pour lancer l'outil. Il ne nécessite pas d'installation*.
Dans l'écran Disclaimer, clique sur Continue pour accepter les conditions
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et accepte la licence
Quand l'analyse est terminée, 2 rapports sont générés :
- le rapport log.txt qui s'affiche
- le rapport info.txt qui est réduit dans la Barre des tâches
Copie-colle le contenu de chaque rapport dans ta réponse
Ces rapports sont enregistrés dans le dossier C:\rsit

Important :
* Sous Vista : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

* Sous Windows 7 : Il faut mettre le fichier RSIT.exe sur le bureau, faire un clic droit dessus et dans Propriétés, onglet Compatibilité, cocher la case "Exécuter ce programme en mode compatibilité pour" et dans le menu choisir Vista SP2 et la case dans Niveau de privilège.
Valide par Appliquer.

Un helper prendra le relais si une infection est détectée.

@+

eve · Message par **eve** » 14 avr. 2010, 19:06

merci Chantal
je viens de faire comme tu as écrit

)
c'est en cours

à +

eve · Message par **eve** » 14 avr. 2010, 19:14

pour moi c'est de l'hébreu

Logfile of random's system information tool 1.06 (written by random/random)
Run by evelyne at 2010-04-14 18:53:01
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 19 GB (17%) free of 109 GB
Total RAM: 1021 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:31, on 14/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\evelyne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWZQ895Y\RSIT[1].exe
C:\Program Files\trend micro\evelyne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Pro Antispyware 2009] "C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8405 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{2678F9D3-507D-44A6-A052-80F3F215808E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [2009-01-17 277648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-06 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-03 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [2009-01-17 277648]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-06 259696]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pro Antispyware 2009"=C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\proas2009.exe /autorun []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eomse]
c:\users\evelyne\appdata\local\eomse.exe [2009-07-17 263680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04 46704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe [2009-01-17 56456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-12-04 711200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2006-12-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-16 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
.protected

C:\Users\evelyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
.protected

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bcde24b-dc9d-11db-9d19-806e6f6e6963}]
shell\AutoRun\command - E:\EAUTORUN.EXE

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-14 18:53:06 ----D---- C:\Program Files\trend micro
2010-04-14 18:53:01 ----D---- C:\rsit
2010-04-14 10:37:27 ----A---- C:\Windows\system32\nshhttp.dll
2010-04-14 10:37:18 ----A---- C:\Windows\system32\httpapi.dll
2010-04-13 23:41:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-13 23:41:07 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-13 23:41:04 ----A---- C:\Windows\system32\vbscript.dll
2010-04-13 23:40:56 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-13 23:40:52 ----A---- C:\Windows\system32\wintrust.dll
2010-04-13 23:40:49 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 23:32:44 ----A---- C:\Windows\system32\jscript.dll
2010-04-13 23:31:55 ----A---- C:\Windows\system32\mshtml.dll
2010-04-13 23:31:51 ----A---- C:\Windows\system32\ieframe.dll
2010-04-13 23:31:47 ----A---- C:\Windows\system32\iertutil.dll
2010-04-13 23:31:46 ----A---- C:\Windows\system32\wininet.dll
2010-04-13 23:31:46 ----A---- C:\Windows\system32\urlmon.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\occache.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\mstime.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-13 23:31:43 ----A---- C:\Windows\system32\ieui.dll
2010-04-13 23:31:35 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-13 23:31:35 ----A---- C:\Windows\system32\iepeers.dll
2010-04-13 23:31:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-13 23:31:34 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-13 23:31:34 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-13 23:31:33 ----A---- C:\Windows\system32\ie4uinit.exe
2010-04-13 23:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-13 23:31:32 ----A---- C:\Windows\system32\iesetup.dll
2010-04-13 23:31:32 ----A---- C:\Windows\system32\iernonce.dll
2010-04-13 23:31:20 ----A---- C:\Windows\system32\secproc_isv.dll
2010-04-13 23:31:20 ----A---- C:\Windows\system32\secproc.dll
2010-04-13 23:31:12 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-04-13 23:31:12 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-04-13 23:31:12 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-04-13 23:31:11 ----A---- C:\Windows\system32\RMActivate.exe
2010-04-13 23:31:10 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-04-13 23:31:10 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-04-13 23:31:10 ----A---- C:\Windows\system32\msdrm.dll
2010-04-13 23:30:48 ----A---- C:\Windows\system32\tzres.dll
2010-04-13 23:29:29 ----A---- C:\Windows\system32\gameux.dll
2010-04-13 23:29:28 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-04-13 23:29:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-04-13 19:33:30 ----D---- C:\ProgramData\Yahoo! Companion(139)
2010-04-13 17:32:38 ----A---- C:\Windows\system32\quartz.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\tsbyuv.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\msyuv.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\msvidc32.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\msrle32.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\iyuv_32.dll
2010-04-13 17:32:36 ----A---- C:\Windows\system32\msvfw32.dll
2010-04-13 17:32:36 ----A---- C:\Windows\system32\mciavi32.dll
2010-04-13 17:32:22 ----A---- C:\Windows\system32\avifil32.dll
2010-04-11 16:41:43 ----A---- C:\TB.txt
2010-04-11 16:40:04 ----D---- C:\ToolBar SD
2010-04-11 14:21:35 ----D---- C:\Program Files\Apple Software Update(59)
2010-04-11 10:49:05 ----D---- C:\ProgramData\Alwil Software

======List of files/folders modified in the last 1 months======

2010-04-14 18:53:20 ----D---- C:\Windows\Prefetch
2010-04-14 18:53:14 ----D---- C:\Windows\Temp
2010-04-14 18:53:06 ----RD---- C:\Program Files
2010-04-14 17:27:21 ----D---- C:\Windows\System32
2010-04-14 17:27:21 ----D---- C:\Windows\inf
2010-04-14 17:27:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-14 12:33:00 ----SHD---- C:\System Volume Information
2010-04-14 11:34:53 ----D---- C:\Windows\winsxs
2010-04-14 11:27:56 ----D---- C:\Windows\rescache
2010-04-14 11:13:09 ----D---- C:\Windows\system32\catroot
2010-04-14 11:13:03 ----D---- C:\Windows\system32\catroot2
2010-04-14 11:09:57 ----D---- C:\Windows\system32\wbem
2010-04-14 11:09:57 ----D---- C:\Windows
2010-04-14 11:06:14 ----D---- C:\Windows\Tasks
2010-04-14 11:06:14 ----D---- C:\Windows\system32\Tasks
2010-04-14 11:06:14 ----D---- C:\Windows\system32\spool
2010-04-14 11:06:13 ----D---- C:\Windows\system32\migration
2010-04-14 11:06:13 ----D---- C:\Windows\system32\fr-FR
2010-04-14 11:06:13 ----D---- C:\Windows\system32\drivers
2010-04-14 11:06:12 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-14 11:06:09 ----SHD---- C:\Windows\Installer
2010-04-14 11:06:05 ----SD---- C:\Windows\Downloaded Program Files
2010-04-14 11:06:05 ----RSD---- C:\Windows\Fonts
2010-04-14 11:06:04 ----HD---- C:\ProgramData
2010-04-14 11:06:04 ----D---- C:\Windows\AppPatch
2010-04-14 11:06:03 ----D---- C:\Program Files\Yahoo!
2010-04-14 11:06:03 ----D---- C:\Program Files\Windows Mail
2010-04-14 11:06:03 ----D---- C:\Program Files\Windows Live
2010-04-14 11:06:02 ----D---- C:\Program Files\Movie Maker
2010-04-14 11:06:02 ----D---- C:\Program Files\Internet Explorer
2010-04-14 11:06:02 ----D---- C:\Program Files\Common Files\microsoft shared
2010-04-14 11:06:01 ----D---- C:\Windows\registration
2010-04-14 10:51:48 ----D---- C:\ProgramData\Microsoft Help
2010-04-13 23:06:00 ----D---- C:\Windows\WindowsMobile
2010-04-13 23:06:00 ----D---- C:\Windows\system32\zh-TW
2010-04-13 23:06:00 ----D---- C:\Windows\system32\zh-CN
2010-04-13 23:06:00 ----D---- C:\Windows\system32\XPSViewer
2010-04-13 23:05:57 ----D---- C:\Windows\system32\uk-UA
2010-04-13 23:05:56 ----D---- C:\Windows\system32\tr-TR
2010-04-13 23:05:56 ----D---- C:\Windows\system32\th-TH
2010-04-13 23:05:56 ----D---- C:\Windows\system32\sv-SE
2010-04-13 23:05:56 ----D---- C:\Windows\system32\sr-Latn-CS
2010-04-13 23:05:55 ----D---- C:\Windows\system32\SLUI
2010-04-13 23:05:55 ----D---- C:\Windows\system32\sl-SI
2010-04-13 23:05:55 ----D---- C:\Windows\system32\sk-SK
2010-04-13 23:05:55 ----D---- C:\Windows\system32\setup
2010-04-13 23:05:55 ----D---- C:\Windows\system32\ru-RU
2010-04-13 23:05:55 ----D---- C:\Windows\system32\ro-RO
2010-04-13 23:05:54 ----D---- C:\Windows\system32\pt-PT
2010-04-13 23:05:53 ----D---- C:\Windows\system32\pt-BR
2010-04-13 23:05:53 ----D---- C:\Windows\system32\pl-PL
2010-04-13 23:05:53 ----D---- C:\Windows\system32\oobe
2010-04-13 23:05:52 ----D---- C:\Windows\system32\nl-NL
2010-04-13 23:05:52 ----D---- C:\Windows\system32\nb-NO
2010-04-13 23:05:50 ----D---- C:\Windows\system32\migwiz
2010-04-13 23:05:50 ----D---- C:\Windows\system32\manifeststore
2010-04-13 23:05:49 ----D---- C:\Windows\system32\lv-LV
2010-04-13 23:05:49 ----D---- C:\Windows\system32\lt-LT
2010-04-13 23:05:49 ----D---- C:\Windows\system32\ko-KR
2010-04-13 23:05:48 ----D---- C:\Windows\system32\ja-JP
2010-04-13 23:05:48 ----D---- C:\Windows\system32\it-IT
2010-04-13 23:05:46 ----D---- C:\Windows\system32\hu-HU
2010-04-13 23:05:46 ----D---- C:\Windows\system32\hr-HR
2010-04-13 23:05:46 ----D---- C:\Windows\system32\he-IL
2010-04-13 23:05:46 ----D---- C:\Windows\system32\fr
2010-04-13 23:05:45 ----D---- C:\Windows\system32\fi-FI
2010-04-13 23:05:45 ----D---- C:\Windows\system32\et-EE
2010-04-13 23:05:45 ----D---- C:\Windows\system32\es-ES
2010-04-13 23:05:45 ----D---- C:\Windows\system32\en-US
2010-04-13 23:05:45 ----D---- C:\Windows\system32\el-GR
2010-04-13 23:05:39 ----D---- C:\Windows\system32\de-DE
2010-04-13 23:05:39 ----D---- C:\Windows\system32\da-DK
2010-04-13 23:05:38 ----D---- C:\Windows\system32\cs-CZ
2010-04-13 23:05:37 ----D---- C:\Windows\system32\Boot
2010-04-13 23:05:37 ----D---- C:\Windows\system32\bg-BG
2010-04-13 23:05:36 ----D---- C:\Windows\system32\ar-SA
2010-04-13 23:05:36 ----D---- C:\Windows\system32\AdvancedInstallers
2010-04-13 23:05:36 ----D---- C:\Windows\servicing
2010-04-13 23:05:26 ----D---- C:\Windows\IME
2010-04-13 23:05:22 ----D---- C:\Windows\ehome
2010-04-13 23:05:10 ----D---- C:\Program Files\Windows Sidebar
2010-04-13 23:05:10 ----D---- C:\Program Files\Windows Photo Gallery
2010-04-13 23:05:09 ----D---- C:\Program Files\Windows Media Player
2010-04-13 23:05:08 ----D---- C:\Program Files\Windows Journal
2010-04-13 23:05:08 ----D---- C:\Program Files\Windows Defender
2010-04-13 23:05:08 ----D---- C:\Program Files\Windows Collaboration
2010-04-13 23:05:07 ----D---- C:\Program Files\Windows Calendar
2010-04-13 23:05:05 ----D---- C:\Program Files\Common Files\System
2010-04-13 20:17:47 ----D---- C:\Windows\system32\Msdtc
2010-04-13 20:16:53 ----D---- C:\Windows\system32\config
2010-04-13 20:15:12 ----D---- C:\ProgramData\Yahoo! Companion
2010-04-13 20:15:12 ----D---- C:\ProgramData\Kiwee Toolbar
2010-04-13 20:15:10 ----D---- C:\Program Files\Windows Live SkyDrive
2010-04-13 20:15:10 ----D---- C:\Program Files\Windows Live Favorites
2010-04-13 20:15:07 ----D---- C:\Program Files\Apple Software Update
2010-04-13 19:33:36 ----D---- C:\ProgramData\Yahoo!
2010-04-13 19:33:28 ----D---- C:\Users\evelyne\AppData\Roaming\Yahoo!
2010-04-13 19:29:00 ----A---- C:\YServer.txt
2010-04-13 16:20:11 ----D---- C:\ProgramData\NVIDIA
2010-04-13 12:45:14 ----D---- C:\Windows\Microsoft.NET
2010-04-13 12:44:55 ----RSD---- C:\Windows\assembly
2010-04-11 13:50:48 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-11 10:54:51 ----D---- C:\Program Files\Alwil Software
2010-04-06 10:52:56 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-12-05 217728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Pilote de carte Intel (R) PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-19 145920]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-12-04 58984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2009-01-17 10240]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-04-14 18:54:57

======Uninstall list======

-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Autour du Monde 1.0-->"C:\Program Files\Mindscape\Autour du Monde\unins000.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Favorit-->c:\users\evelyne\appdata\local\eghiy.bat
Favorit-->c:\users\evelyne\appdata\local\vdkza.bat
Favorit-->c:\users\evelyne\appdata\local\whiqsadm.bat
Full Pack Codecs-->C:\Program Files\Full Pack Codecs\uninst.exe
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x40c -removeonly
HP Photosmart Essential 3.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c uninst
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guide 0048-->MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kiwee Toolbar-->"C:\Program Files\AGI\common\bootstrapper.exe" -uninstall"\"C:/Program Files/AGI/Python25\pythonw.exe\" \"C:\Program Files\AGI\common\pyagcore\installer.pyc\" -u KiweeToolbar"
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Live-Player-->C:\Program Files\Live-Player\uninst.exe
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb981433)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins001.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081212-0]
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1296 [VPS 081212-0]

=====Application event log=====

Computer Name: hp
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {a0aa5c2c-376c-4bac-a743-732372689ddb}
Record Number: 5039
Source Name: VSS
Time Written: 20070717134330.000000-000
Event Type: Erreur
User:

Computer Name: hp
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {fb3346bf-01bf-4932-8516-5b023b053a76}
Record Number: 4943
Source Name: VSS
Time Written: 20070717083204.000000-000
Event Type: Erreur
User:

Computer Name: hp
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {fb3346bf-01bf-4932-8516-5b023b053a76}
Record Number: 4929
Source Name: VSS
Time Written: 20070717080420.000000-000
Event Type: Erreur
User:

Computer Name: hp
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {fb3346bf-01bf-4932-8516-5b023b053a76}
Record Number: 4926
Source Name: VSS
Time Written: 20070717080226.000000-000
Event Type: Erreur
User:

Computer Name: hp
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {fb3346bf-01bf-4932-8516-5b023b053a76}
Record Number: 4923
Source Name: VSS
Time Written: 20070717080043.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: hp
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
Record Number: 52830
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011081016.596458-000
Event Type: Échec de l'audit
User:

Computer Name: hp
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
Record Number: 52829
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011081016.565258-000
Event Type: Échec de l'audit
User:

Computer Name: hp
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\srtsp.sys
Record Number: 52828
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011081016.315658-000
Event Type: Échec de l'audit
User:

Computer Name: hp
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 52827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011080949.187258-000
Event Type: Succès de l'audit
User:

Computer Name: hp
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : HP$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x290
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 52826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081011080949.187258-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

Message par **chantal11** » 14 avr. 2010, 19:24

Bonjour eve,

En effet, le système est infecté.

Je déplace ton sujet dans le forum des désinfections.

Un helper habilité va t'indiquer la procédure à suivre.

@+

Message par **nardino** » 14 avr. 2010, 19:35

Bonsoir,

Télécharge Navilog1 sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Fais un clic-droit sur le Navilog1.exe et choisis :
"Exécuter en tant qu'administrateur". C'est impératif.

Au menu principal, Fais le choix "1"
Laisse toi guider et patiente.
De nouveau choisis 1 quand tu auras un choix
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.

Copie-colle l'intégralité du rapport dans ta réponse.
Referme le blocnote.
Note : Il sera enregistré sous C:\cleannavi.txt

Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée. Clique sur "Terminer"
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free, clique sur OK.
Laisse les Mises à jour se télécharger et referme le programme.

Lance Malwarebytes Anti-Malware par clic droit sur l'icône du bureau et "Exécuter en tant qu'administrateur"
Onglet "Recherche", coche Exécuter un examen complet et Rechercher
Sélectionne ton disque dur et clique sur Lancer l'examen

A la fin du scan, sélectionne tout et clique sur Supprimer la sélection
Poste le rapport qui s'ouvre après cette suppression.
Redémarre le pc.
Il se trouve dans l'onglet Rapports/Logs avec la date et l'heure d'exécution

Etablis un nouveau rapport log.txt de RSIT et joins le aux deux autres.
@+

eve · Message par **eve** » 14 avr. 2010, 22:25

voila les deux premiers, je relance l'ordi et le troisieme

Fix Navipromo version 4.0.8 commencé le 14/04/2010 20:37:28,32

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz )
BIOS : Ver 1.00PARTTBLv
USER : evelyne ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Activated)

C:\ (Local Disk) - NTFS - Total:106 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)

Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur

C:\Users\evelyne\AppData\Local\vdkza.bat supprimé !

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\evelyne\AppData\Local\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Scan terminé 14/04/2010 20:40:55,17 ***

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3988

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

14/04/2010 22:22:40
mbam-log-2010-04-14 (22-22-40).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 261235
Temps écoulé: 1 heure(s), 30 minute(s), 44 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 35
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 74

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PCCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslAgent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PC-AntiSpyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.SpywareSecure) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PCCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pro antispyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\systemcheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Users\evelyne\AppData\Roaming\PC-Cleaner (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Antispyware (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Antispyware\logs (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Antispyware\startup (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd (Rogue.XPantiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPantiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\evelyne\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PCCleaner) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Antispyware\config.xml (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Antispyware\Sites.bl (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\PC-Antispyware\logs\1208952882.log (Rogue.PCAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081027154222539.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081027162827006.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081028100541047.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081029091545131.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081029161414038.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081029194446968.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081030074939755.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081030090046356.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081030091802334.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081030111643428.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081031084645350.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081101092213910.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081101164651851.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081101203913882.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081102034407159.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081102090414991.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081102140132266.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081102181255612.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081103010213103.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081103081515112.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081106150439599.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081106152249569.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081106200748871.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081106204424489.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081107001740896.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081107093047812.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081107184312738.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081108112807236.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081109013702501.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081110220848358.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081111095101301.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081111184047295.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081111210004822.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081114201422875.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081114204120437.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081115092030354.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081115210249162.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081116084503218.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081116130527311.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081120155845318.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081121082757458.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081124143903125.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081124145605663.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081125081222041.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081128210522774.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081129094543787.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081129111049918.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081205203424119.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081206110935406.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081207100745066.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081207171900207.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081212185301740.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081212211743925.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081212213046306.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081213002721538.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081213093839045.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081213182155568.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081214094003558.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081219211307371.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081219213907645.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081219223228136.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081220111724136.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\ProgramData\Solt Lake Software\Pro Antispyware 2009\LOG\20081220154223273.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.AV360) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\evelyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\etc\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\.protected (Rogue.Multiple) -> Quarantined and deleted successfully.

eve · Message par **eve** » 14 avr. 2010, 22:33

Logfile of random's system information tool 1.06 (written by random/random)
Run by evelyne at 2010-04-14 22:31:46
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 20 GB (18%) free of 109 GB
Total RAM: 1021 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:42, on 14/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\evelyne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJV2FU7Y\RSIT[1].exe
C:\Program Files\trend micro\evelyne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8304 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{2678F9D3-507D-44A6-A052-80F3F215808E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [2009-01-17 277648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-06 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-03 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [2009-01-17 277648]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-06 259696]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04 46704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook]
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe [2009-01-17 56456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-12-04 711200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2006-12-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-16 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bcde24b-dc9d-11db-9d19-806e6f6e6963}]
shell\AutoRun\command - E:\EAUTORUN.EXE

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-14 20:48:01 ----D---- C:\Users\evelyne\AppData\Roaming\Malwarebytes
2010-04-14 20:47:49 ----D---- C:\ProgramData\Malwarebytes
2010-04-14 20:47:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 19:44:16 ----A---- C:\cleannavi.txt
2010-04-14 19:43:47 ----AD---- C:\Navilog1
2010-04-14 18:53:06 ----D---- C:\Program Files\trend micro
2010-04-14 18:53:01 ----D---- C:\rsit
2010-04-14 10:37:27 ----A---- C:\Windows\system32\nshhttp.dll
2010-04-14 10:37:18 ----A---- C:\Windows\system32\httpapi.dll
2010-04-13 23:41:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-13 23:41:07 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-13 23:41:04 ----A---- C:\Windows\system32\vbscript.dll
2010-04-13 23:40:56 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-13 23:40:52 ----A---- C:\Windows\system32\wintrust.dll
2010-04-13 23:40:49 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 23:32:44 ----A---- C:\Windows\system32\jscript.dll
2010-04-13 23:31:55 ----A---- C:\Windows\system32\mshtml.dll
2010-04-13 23:31:51 ----A---- C:\Windows\system32\ieframe.dll
2010-04-13 23:31:47 ----A---- C:\Windows\system32\iertutil.dll
2010-04-13 23:31:46 ----A---- C:\Windows\system32\wininet.dll
2010-04-13 23:31:46 ----A---- C:\Windows\system32\urlmon.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\occache.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\mstime.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-04-13 23:31:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-04-13 23:31:43 ----A---- C:\Windows\system32\ieui.dll
2010-04-13 23:31:35 ----A---- C:\Windows\system32\ieUnatt.exe
2010-04-13 23:31:35 ----A---- C:\Windows\system32\iepeers.dll
2010-04-13 23:31:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-04-13 23:31:34 ----A---- C:\Windows\system32\jsproxy.dll
2010-04-13 23:31:34 ----A---- C:\Windows\system32\iesysprep.dll
2010-04-13 23:31:33 ----A---- C:\Windows\system32\ie4uinit.exe
2010-04-13 23:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2010-04-13 23:31:32 ----A---- C:\Windows\system32\iesetup.dll
2010-04-13 23:31:32 ----A---- C:\Windows\system32\iernonce.dll
2010-04-13 23:31:20 ----A---- C:\Windows\system32\secproc_isv.dll
2010-04-13 23:31:20 ----A---- C:\Windows\system32\secproc.dll
2010-04-13 23:31:12 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-04-13 23:31:12 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-04-13 23:31:12 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-04-13 23:31:11 ----A---- C:\Windows\system32\RMActivate.exe
2010-04-13 23:31:10 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-04-13 23:31:10 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-04-13 23:31:10 ----A---- C:\Windows\system32\msdrm.dll
2010-04-13 23:30:48 ----A---- C:\Windows\system32\tzres.dll
2010-04-13 23:29:29 ----A---- C:\Windows\system32\gameux.dll
2010-04-13 23:29:28 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-04-13 23:29:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-04-13 19:33:30 ----D---- C:\ProgramData\Yahoo! Companion(139)
2010-04-13 17:32:38 ----A---- C:\Windows\system32\quartz.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\tsbyuv.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\msyuv.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\msvidc32.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\msrle32.dll
2010-04-13 17:32:37 ----A---- C:\Windows\system32\iyuv_32.dll
2010-04-13 17:32:36 ----A---- C:\Windows\system32\msvfw32.dll
2010-04-13 17:32:36 ----A---- C:\Windows\system32\mciavi32.dll
2010-04-13 17:32:22 ----A---- C:\Windows\system32\avifil32.dll
2010-04-11 16:41:43 ----A---- C:\TB.txt
2010-04-11 16:40:04 ----D---- C:\ToolBar SD
2010-04-11 14:21:35 ----D---- C:\Program Files\Apple Software Update(59)
2010-04-11 10:49:05 ----D---- C:\ProgramData\Alwil Software

======List of files/folders modified in the last 1 months======

2010-04-14 22:32:42 ----D---- C:\Windows\Temp
2010-04-14 22:31:44 ----D---- C:\Windows\Prefetch
2010-04-14 22:22:40 ----HD---- C:\ProgramData
2010-04-14 22:22:38 ----D---- C:\Windows
2010-04-14 20:47:51 ----D---- C:\Windows\system32\drivers
2010-04-14 20:47:48 ----RD---- C:\Program Files
2010-04-14 20:45:22 ----D---- C:\Windows\System32
2010-04-14 20:45:22 ----D---- C:\Windows\inf
2010-04-14 20:45:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-14 20:34:39 ----SHD---- C:\System Volume Information
2010-04-14 11:34:53 ----D---- C:\Windows\winsxs
2010-04-14 11:27:56 ----D---- C:\Windows\rescache
2010-04-14 11:13:09 ----D---- C:\Windows\system32\catroot
2010-04-14 11:13:03 ----D---- C:\Windows\system32\catroot2
2010-04-14 11:09:57 ----D---- C:\Windows\system32\wbem
2010-04-14 11:06:14 ----D---- C:\Windows\Tasks
2010-04-14 11:06:14 ----D---- C:\Windows\system32\Tasks
2010-04-14 11:06:14 ----D---- C:\Windows\system32\spool
2010-04-14 11:06:13 ----D---- C:\Windows\system32\migration
2010-04-14 11:06:13 ----D---- C:\Windows\system32\fr-FR
2010-04-14 11:06:12 ----D---- C:\Windows\system32\CodeIntegrity
2010-04-14 11:06:09 ----SHD---- C:\Windows\Installer
2010-04-14 11:06:05 ----SD---- C:\Windows\Downloaded Program Files
2010-04-14 11:06:05 ----RSD---- C:\Windows\Fonts
2010-04-14 11:06:04 ----D---- C:\Windows\AppPatch
2010-04-14 11:06:03 ----D---- C:\Program Files\Yahoo!
2010-04-14 11:06:03 ----D---- C:\Program Files\Windows Mail
2010-04-14 11:06:03 ----D---- C:\Program Files\Windows Live
2010-04-14 11:06:02 ----D---- C:\Program Files\Movie Maker
2010-04-14 11:06:02 ----D---- C:\Program Files\Internet Explorer
2010-04-14 11:06:02 ----D---- C:\Program Files\Common Files\microsoft shared
2010-04-14 11:06:01 ----D---- C:\Windows\registration
2010-04-14 10:51:48 ----D---- C:\ProgramData\Microsoft Help
2010-04-13 23:06:00 ----D---- C:\Windows\WindowsMobile
2010-04-13 23:06:00 ----D---- C:\Windows\system32\zh-TW
2010-04-13 23:06:00 ----D---- C:\Windows\system32\zh-CN
2010-04-13 23:06:00 ----D---- C:\Windows\system32\XPSViewer
2010-04-13 23:05:57 ----D---- C:\Windows\system32\uk-UA
2010-04-13 23:05:56 ----D---- C:\Windows\system32\tr-TR
2010-04-13 23:05:56 ----D---- C:\Windows\system32\th-TH
2010-04-13 23:05:56 ----D---- C:\Windows\system32\sv-SE
2010-04-13 23:05:56 ----D---- C:\Windows\system32\sr-Latn-CS
2010-04-13 23:05:55 ----D---- C:\Windows\system32\SLUI
2010-04-13 23:05:55 ----D---- C:\Windows\system32\sl-SI
2010-04-13 23:05:55 ----D---- C:\Windows\system32\sk-SK
2010-04-13 23:05:55 ----D---- C:\Windows\system32\setup
2010-04-13 23:05:55 ----D---- C:\Windows\system32\ru-RU
2010-04-13 23:05:55 ----D---- C:\Windows\system32\ro-RO
2010-04-13 23:05:54 ----D---- C:\Windows\system32\pt-PT
2010-04-13 23:05:53 ----D---- C:\Windows\system32\pt-BR
2010-04-13 23:05:53 ----D---- C:\Windows\system32\pl-PL
2010-04-13 23:05:53 ----D---- C:\Windows\system32\oobe
2010-04-13 23:05:52 ----D---- C:\Windows\system32\nl-NL
2010-04-13 23:05:52 ----D---- C:\Windows\system32\nb-NO
2010-04-13 23:05:50 ----D---- C:\Windows\system32\migwiz
2010-04-13 23:05:50 ----D---- C:\Windows\system32\manifeststore
2010-04-13 23:05:49 ----D---- C:\Windows\system32\lv-LV
2010-04-13 23:05:49 ----D---- C:\Windows\system32\lt-LT
2010-04-13 23:05:49 ----D---- C:\Windows\system32\ko-KR
2010-04-13 23:05:48 ----D---- C:\Windows\system32\ja-JP
2010-04-13 23:05:48 ----D---- C:\Windows\system32\it-IT
2010-04-13 23:05:46 ----D---- C:\Windows\system32\hu-HU
2010-04-13 23:05:46 ----D---- C:\Windows\system32\hr-HR
2010-04-13 23:05:46 ----D---- C:\Windows\system32\he-IL
2010-04-13 23:05:46 ----D---- C:\Windows\system32\fr
2010-04-13 23:05:45 ----D---- C:\Windows\system32\fi-FI
2010-04-13 23:05:45 ----D---- C:\Windows\system32\et-EE
2010-04-13 23:05:45 ----D---- C:\Windows\system32\es-ES
2010-04-13 23:05:45 ----D---- C:\Windows\system32\en-US
2010-04-13 23:05:45 ----D---- C:\Windows\system32\el-GR
2010-04-13 23:05:39 ----D---- C:\Windows\system32\de-DE
2010-04-13 23:05:39 ----D---- C:\Windows\system32\da-DK
2010-04-13 23:05:38 ----D---- C:\Windows\system32\cs-CZ
2010-04-13 23:05:37 ----D---- C:\Windows\system32\Boot
2010-04-13 23:05:37 ----D---- C:\Windows\system32\bg-BG
2010-04-13 23:05:36 ----D---- C:\Windows\system32\ar-SA
2010-04-13 23:05:36 ----D---- C:\Windows\system32\AdvancedInstallers
2010-04-13 23:05:36 ----D---- C:\Windows\servicing
2010-04-13 23:05:26 ----D---- C:\Windows\IME
2010-04-13 23:05:22 ----D---- C:\Windows\ehome
2010-04-13 23:05:10 ----D---- C:\Program Files\Windows Sidebar
2010-04-13 23:05:10 ----D---- C:\Program Files\Windows Photo Gallery
2010-04-13 23:05:09 ----D---- C:\Program Files\Windows Media Player
2010-04-13 23:05:08 ----D---- C:\Program Files\Windows Journal
2010-04-13 23:05:08 ----D---- C:\Program Files\Windows Defender
2010-04-13 23:05:08 ----D---- C:\Program Files\Windows Collaboration
2010-04-13 23:05:07 ----D---- C:\Program Files\Windows Calendar
2010-04-13 23:05:05 ----D---- C:\Program Files\Common Files\System
2010-04-13 20:17:47 ----D---- C:\Windows\system32\Msdtc
2010-04-13 20:16:53 ----D---- C:\Windows\system32\config
2010-04-13 20:15:12 ----D---- C:\ProgramData\Yahoo! Companion
2010-04-13 20:15:12 ----D---- C:\ProgramData\Kiwee Toolbar
2010-04-13 20:15:10 ----D---- C:\Program Files\Windows Live SkyDrive
2010-04-13 20:15:10 ----D---- C:\Program Files\Windows Live Favorites
2010-04-13 20:15:07 ----D---- C:\Program Files\Apple Software Update
2010-04-13 19:33:36 ----D---- C:\ProgramData\Yahoo!
2010-04-13 19:33:28 ----D---- C:\Users\evelyne\AppData\Roaming\Yahoo!
2010-04-13 19:29:00 ----A---- C:\YServer.txt
2010-04-13 16:20:11 ----D---- C:\ProgramData\NVIDIA
2010-04-13 12:45:14 ----D---- C:\Windows\Microsoft.NET
2010-04-13 12:44:55 ----RSD---- C:\Windows\assembly
2010-04-11 13:50:48 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-11 10:54:51 ----D---- C:\Program Files\Alwil Software
2010-04-06 10:52:56 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-12-05 217728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Pilote de carte Intel (R) PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-19 145920]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-03-30 38224]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-12-04 58984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2009-01-17 10240]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

-----------------EOF-----------------

Message par **nardino** » 15 avr. 2010, 11:09

Bonjour,

Les choses doivent déjà mieux se comporter.
Tu peux, sans état d'âme, supprimer cette toolbar : C:\Program Files\Kiwee Toolbar
Il faut rapidement mettre à jour ces deux programmes qui sont souvent utilisés comme porte d'entrée par les malwares :
-Java Runtime Environment (JRE)6u20 :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6 update20
Dans la page suivante, choisis Windows dans Platform coche I agree to the Java SE Runtime Environment 6 License Agreement et Continue
Dans la nouvelle page, coche Windows Offline Installation, et clique sur jre-6u20-windows-i586.exe //15.54MB.
Tu l'installeras hors connexion.
La version précédente est automatiquement désinstallée à partir de la 12.
Par Ajout/Suppression des programmes, tu désinstalles toutes les autres versions présentes.
Par Programmes et fonctionnalités, tu désinstalles toutes les autres versions si présentes.

-Acrobat Reader 9.3.1 :
http://www.adobe.com/fr/products/acroba ... sions.html
Sélectionne ton système et la version appropriée ainsi que la langue souhaitée.
Décoche McAfee Security Scan
Clique sur Télécharger maintenant.
Installe-le
Cette version désinstalle les précédentes.
@+

eve · Message par **eve** » 15 avr. 2010, 11:41

merci mais malheureusement ma messagerie ne fonctionne toujours pas et le messge est toujours :
Signature du problème :
Nom d’événement de problème: APPCRASH
Nom de l’application: YahooMessenger.exe
Version de l’application: 8.1.0.421
Horodatage de l'application: 46d76392
Nom du module par défaut: python25.dll
Version du module par défaut: 2.5.2150.1013
Horodateur du module par défaut: 47bd6a82
Code de l’exception: c0000005
Décalage de l’exception: 00063025
Version du système: 6.0.6002.2.2.0.768.3
Identificateur de paramètres régionaux: 1036
Information supplémentaire n° 1: ebfa
Information supplémentaire n° 2: bd91e769658881bc99f22dd065038417
Information supplémentaire n° 3: 1b82
Information supplémentaire n° 4: 984d4baaaf094adc94f790db30e41978

Message par **nardino** » 15 avr. 2010, 11:57

Bonjour,
Une réinstallation de Yahoo Messenger peut résoudre le problème.
@+

eve · Message par **eve** » 15 avr. 2010, 13:34

j'ai une nouvelle fois desinstallé et réinstallé yahoo et live messenger

ça fonctionne dans yahoo messenger, c'est déjà énorme mais toujours pas dans w live messenger

merci de toutes façons pour toute l'aide :-)

Message par **nardino** » 15 avr. 2010, 17:40

Bonjour.
Même chose pour Windows Live Messenger.

@+

eve · Message par **eve** » 15 avr. 2010, 17:46

c'est ce que j'ai fait mais à action similaire resultat fort different

)))
ça ne veut vraiment pas fonctionner

Message par **nardino** » 15 avr. 2010, 18:12

Bonjour,
Je ne vois pas de solutions à ton problème.
Désolé.
@+

Forum-vista : Entraide et dépannage Windows Vista et Windows Seven

pywin32

pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32

Re: pywin32