Résolu Comment supprimer virus dans gestionnaire tache

laurie6873

Habitué
Bonsoir,

Je suis infectée de virus, et j'ai demandé à un agent de norton de m'aider, alors il m'a juste montrer les virus sur mon pc (dans le gestionnaire des taches>>processus et là il m'a montré tous les virus (il y en a vraiment beaucoup) du style : taskeng.exe, hpqtouster.exe, crss.exe, aawtray.exe .... .... la liste est longue !
Alors vu que je devais payer 100€ pour qu'un technicien de chez eux le fasse, et que je ne peux payer surtout que ça va revenir à mon avis, alors ma question :

DOIS JE LES SUPPRIMER DU GESTIONNAIRE DES TACHES? OU FAUT IL FAIRE AUTREMENT?
SI NON QUE DOIS JE FAIRE? ET COMMENT ETRE SURE DE NE PAS EFFACER N IMPORTE QUOI CAR IL Y EN A TELLEMENT QUE JE PEUX ME TROMPER !

Voila, et puis pour bien faire déborder le vase, quand j'utilise spybot, ou que je désire supprimer un fichier dans mes documents, renommer, ou déplacer ça me dit que je ne suis pas l'administrateur et n'ai pas accès !!!
J'ai un pc acheté d'occasion de marque compaq presario cq60, sous vista.

Voilà si quelqu'un peut m'aider ...

Merci
Laurie
 

cosmido

Grand Maître
bonjours,

Félicitation pour cette description du problème !
Pas besoin de payer pour faire désinfecter un PC.

Ils y a plusieurs logiciels de diagnostiques de PC ; Hijackthis, Rsit ..
Ces logiciels sont utilisés dans les sections "Sécurités/Désinfection" de forum, comme celui-ci, pour élaborer ;
• La listes des processus chargés au démarrage du PC (vous en faisiez état),
• Les endroits-registre, prévus pour lancés des prog. au démarrage du PC,
• Les services de logiciels chargés dans Window,
• Et d'autre info. sensibles, qui permettent de retracer/supprimer toutes infections.


Produisez le rapport-diagnostique de Rsit.

Vous devez être connecté pour voir les images.
Téléchargez sur votre bureau >> << (de random/random)
• Double cliquez sur RSIT.exe,
• Appuyez sur [Continue] à l'écran « Disclaimer »,
• Si Hijackthis n’est pas installé, RSIT le téléchargera -> acceptez la licence,

>> le rapport Log.txt va s'ouvrir à l'écran..
Vous devez être connecté pour voir les images.
Postez le rapport Log.txt (C:\RSIT\ log.txt) .
 

laurie6873

Habitué


Bonsoir,

Et bien tout d'abord MERCI!
Je suis entrain de terminer une analyse de ad aware et je vais faire ce que vous m'avez dit, et je vous dirais ce qu'il s'est passé !

Merci beaucoup déjà !! :)
 

cosmido

Grand Maître
re,

À titre informatif.

Les processus qui sont accessibles dans le "Gestionnaire de tâches" -> [Processus], sont des fichiers .exe qui sont chargés/lancés. Comme ex., si vous lancez Internet Explorer, vous y remarquerez IExplorer.exe.

C'est normal qu'ils y est plusieurs processus à cet endroit. Puisque plusieurs sont des processus de Windows ou de logiciels/d'applications légitimes.

Et comme vous mentionniez, si une(s) infection(s) est en force, son processus sera visible dans [Processus]. Par contre, en ne faisant qu'arrêter un processus dans le Gestionnaire de tâches, cela ne serait pas suffisant. Ce qui serait l'équivalent de fermer un programme comme Internet Explorer.
Puisqu'en effet, au prochain redémarrage du PC, ce processus(infections) seraient relancés, rechargés. Puisqu'ils seraient encore sur le disque et rappelés d'un point de chargement du registre prévus, pour lancés des programmes.

Bref.., pour supprimer une infection qui est en force.
Soit ont fait comme vous mentionniez, en arrêtant d'abord leurs processus dans le Gestionnaire de tâches et ensuite, en allant supprimer leurs fichiers sur le disque.
Ou en redémarrant le pc en . Là ou la majorité de infections ne sont pas lancées au démarrage du PC. Pour aller directement les supprimer sur le disque.

Puisque vous aviez de la difficulté à désinfecter avec Spybot. Possiblement que vous êtes sous Vista. Alors faites un clique-droit sur Spybot et choisissez -> "Exécuter en tant qu'Administrateur". La il devrait faire sa job !

Y a mieux que Spybot.

Malwarebytes est le champion toute catégorie, en détections/suppressions d'infections en tout genre. Et il est gratisse ! Très utile en 2ième ligne de défense, soit, lorsqu'appelé, après que l'antivirus de service ait fait état d'une infection en cours. En autant qu'ont fasse toujours une mise à jours, avant de lancer un scan.

Vous devez être connecté pour voir les images.
Téléchargez
Vous devez être connecté pour voir les images.

• Lancez l'installation,
• Faites la [Mise à jours] de Malwarebytes.
• Dans [Recherche] sélectionnez [Exécuter un examen Complet],
• Après le scan, appuyer sur >>>>>>>>>> [Supprimer la sélection].
>> Redémarrer si proposé..
Vous devez être connecté pour voir les images.
Postez le rapport Malwarebytes.


Très important.
Vous devez être connecté pour voir les images.
Poster également le rapport Log.txt de RSIT.
 

laurie6873

Habitué



Bonjour,

En premier temps voici le rapport de RSIT :

1ère page intitulé INFO BLOC NOTES :

info.txt logfile of random's system information tool 1.06 2009-12-04 12:04:34

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x040c
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CA eTrust PestPatrol Anti-Spyware-->"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Games-Attack-->C:\Program Files\Games-Attack\Uninstall.exe
Gameztar Toolbar-->"C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Gameztar Toolbar-->C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\Setup.exe
GearDrvs-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Quick Launch Buttons-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c -removeonly uninst
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Wireless Assistant-->MsiExec.exe /X{E40CE35C-27F5-4EBF-82F9-13238BCA3572}
inSSIDer-->MsiExec.exe /I{5768CE3D-9D7C-4B19-94DC-9944A361FED7}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Stories Berlin Nights fr-->"C:\Program Files\BoontyGames\Mystery Stories Berlin Nights\unins000.exe"
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PFConfig 1.0.236-->C:\Program Files\PFConfig\uninst.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
QuestService 1.0 build 127-->C:\Program Files\QuestService\uninstall.exe
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
REALTEK RTL8187 Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker_45039c_fr.exe" /uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vista Shortcut Manager-->MsiExec.exe /I{47609E69-4C5E-48B1-A889-24C6B82B5C04}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
X'nStop 2.5-->"C:\Program Files\X'nStop 2.5\unins000.exe"

======Security center information======

AV: Norton 360
FW: Norton 360 (disabled)
AS: Spybot - Search and Destroy
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: Norton 360

=====Application event log=====

Computer Name: PC-de-Rom1
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 60
Source Name: Microsoft-Windows-WMI
Time Written: 20090613115653.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Rom1
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 59
Source Name: Microsoft-Windows-WMI
Time Written: 20090613115653.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Rom1
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {cc125dea-1a1b-4ae4-865f-13fa21b0fc24}
Record Number: 57
Source Name: VSS
Time Written: 20090613115642.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Rom1
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 26
Source Name: Microsoft-Windows-Search
Time Written: 20090613115253.000000-000
Event Type: Avertissement
User:

Computer Name: 26L2233A1-06
Event Code: 1036
Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090613114655.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-Rom1
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ROM1$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\en-US\bootmgr.exe.mui
ID du handle : 0xe4

Informations sur le processus :
ID du processus : 0x3fc
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709111012.567208-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Rom1
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ROM1$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\el-GR\bootmgr.exe.mui
ID du handle : 0xdc

Informations sur le processus :
ID du processus : 0x3fc
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709111012.536008-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Rom1
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ROM1$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\de-DE\bootmgr.exe.mui
ID du handle : 0xd8

Informations sur le processus :
ID du processus : 0x3fc
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709111012.489208-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Rom1
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ROM1$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\da-DK\bootmgr.exe.mui
ID du handle : 0xe0

Informations sur le processus :
ID du processus : 0x3fc
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3908
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709111012.442408-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Rom1
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-ROM1$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Boot\cs-CZ\bootmgr.exe.mui
ID du handle : 0xe4

Informations sur le processus :
ID du processus : 0x3fc
Nom du processus : C:\Windows\bfsvc.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3907
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090709111012.395608-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Broadcom\Broadcom 802.11\Driver
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------


Le 2ème intitulé LOG BLOC NOTES

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rom1 at 2009-12-04 12:03:49
Microsoft® Windows Vista™ Édition Intégrale Service Pack 2
System drive C: has 86 GB (57%) free of 153 GB
Total RAM: 1978 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:24, on 04/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Rom1\Desktop\Lolo\Downloads\RSIT.exe
C:\Program Files\trend micro\Rom1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Gameztar Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvb0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VideoBarApp] C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice127.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11073 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{FB4F1A77-FABA-4880-9E47-82118E7B767C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Automated Content Enhancer - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll [2009-11-25 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}]
Customized Platform Advancer - C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll [2009-11-26 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Content Management Wizard - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll [2009-11-26 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2007-10-08 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
TCP - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll [2009-11-25 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}]
Web Search Operator - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll [2009-11-26 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Afficher Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-19 609424]
{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - Gameztar Toolbar - C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvb0.dll [2009-12-02 1208320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2009-03-10 468264]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-04-23 206392]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-11 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-11 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-11 145944]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-10-05 520024]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Internet Today Task"=C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe [2009-11-26 348160]
"CaISSDT"=C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe [2006-04-21 165416]
"eTrustPPAP"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe [2009-12-03 258048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2009-08-17 88304]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"VideoBarApp"=C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe [2009-12-02 663552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-07 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4caebcb-5826-11de-82f1-001f16438fb6}]
shell\AutoRun\command - G:\SETUP.EXE
shell\configure\command - G:\SETUP.EXE
shell\install\command - G:\SETUP.EXE


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-04 12:03:50 ----D---- C:\Program Files\trend micro
2009-12-04 12:03:49 ----D---- C:\rsit
2009-12-03 23:58:45 ----A---- C:\Windows\pestpatrol5.INI
2009-12-03 23:56:09 ----D---- C:\ProgramData\CA
2009-12-03 23:55:48 ----D---- C:\Program Files\Common Files\Scanner
2009-12-03 23:55:24 ----D---- C:\Program Files\CA
2009-12-03 23:27:29 ----A---- C:\caisslog.txt
2009-12-03 21:40:08 ----D---- C:\Users\Rom1\AppData\Roaming\HouseCall 6.6
2009-12-03 21:40:05 ----D---- C:\Windows\system32\HouseCall 6.6
2009-12-02 23:27:21 ----A---- C:\FtpCmd.txt
2009-12-02 20:51:55 ----D---- C:\ProgramData\QuestService
2009-12-02 20:51:55 ----D---- C:\Program Files\QuestService
2009-12-02 20:51:35 ----D---- C:\Program Files\Textual Content Provider
2009-12-02 20:51:24 ----D---- C:\Program Files\Content Management Wizard
2009-12-02 20:51:13 ----D---- C:\Program Files\Internet Today
2009-12-02 20:51:03 ----D---- C:\Program Files\Customized Platform Advancer
2009-12-02 20:50:51 ----D---- C:\Program Files\Automated Content Enhancer
2009-12-02 20:50:44 ----D---- C:\Program Files\Web Search Operator
2009-12-02 20:50:24 ----D---- C:\Program Files\Gameztar Toolbar
2009-12-02 20:50:10 ----HDC---- C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}
2009-12-02 00:14:56 ----A---- C:\Windows\wininit.ini
2009-12-01 23:42:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-01 23:42:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-26 00:19:20 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 10:57:58 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 10:57:54 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 00:05:12 ----D---- C:\ProgramData\Google
2009-11-11 11:40:48 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-09 16:13:19 ----A---- C:\Windows\ntbtlog.txt
2009-11-08 16:52:38 ----D---- C:\Program Files\PhotoFiltre
2009-11-07 11:03:22 ----D---- C:\Users\Rom1\AppData\Roaming\FireShot

======List of files/folders modified in the last 1 months======

2009-12-04 12:04:15 ----D---- C:\Windows\Prefetch
2009-12-04 12:04:06 ----D---- C:\Windows\Temp
2009-12-04 12:03:50 ----RD---- C:\Program Files
2009-12-04 11:59:13 ----HD---- C:\ProgramData
2009-12-04 11:53:52 ----A---- C:\ProgramData\HPWALog.txt
2009-12-04 11:53:33 ----A---- C:\ProgramData\hpqp.ini
2009-12-04 11:52:15 ----SHD---- C:\System Volume Information
2009-12-04 11:51:13 ----D---- C:\Windows\System32
2009-12-04 11:51:13 ----D---- C:\Windows\inf
2009-12-04 11:51:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-03 23:58:45 ----D---- C:\Windows
2009-12-03 23:58:40 ----SD---- C:\ProgramData\Microsoft
2009-12-03 23:56:10 ----SHD---- C:\Windows\Installer
2009-12-03 23:55:48 ----D---- C:\Program Files\Common Files
2009-12-03 22:17:24 ----D---- C:\ProgramData\Symantec
2009-12-03 21:40:08 ----SD---- C:\Windows\Downloaded Program Files
2009-12-03 19:00:30 ----D---- C:\Program Files\Mozilla Firefox
2009-12-02 22:03:29 ----SD---- C:\Users\Rom1\AppData\Roaming\Microsoft
2009-12-02 21:38:43 ----D---- C:\Windows\Debug
2009-11-26 11:39:36 ----D---- C:\Windows\rescache
2009-11-26 00:21:00 ----D---- C:\Windows\winsxs
2009-11-26 00:20:33 ----D---- C:\Windows\system32\fr-FR
2009-11-26 00:20:25 ----D---- C:\Windows\system32\catroot
2009-11-26 00:20:15 ----D---- C:\Windows\system32\catroot2
2009-11-25 22:51:57 ----A---- C:\ProgramData\hpqp.txt
2009-11-12 00:13:06 ----D---- C:\ProgramData\Microsoft Help
2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20091120.002\IDSvix86.sys [2009-11-20 286768]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-19 1093120]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-06-05 222208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-07 2378752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091203.004\NAVENG.SYS [2009-08-25 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091203.004\NAVEX15.SYS [2009-08-25 1323568]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-07-05 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 avt0klo2;avt0klo2; C:\Windows\system32\drivers\avt0klo2.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys []
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2007-01-30 205312]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-05 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 QuestService Service;QuestService Service; C:\ProgramData\QuestService\questservice127.exe [2009-11-26 58744]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-08-17 70896]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-07-05 1251720]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-09-17 69120]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

-----------------EOF-----------------


Ensuite là je vais essayer pour spybot (clic droit...) mais le soucis est que spybot est limité car il dit que je ne suis pas l'administrateur, alors que si ! je suis bien sous vista.

Ensuite je vais télécharger "le champion toutes catégories" !

Je fais ça et vous recontacte de suite !
 

laurie6873

Habitué
Alors pour spybot j'ai fais comme tu m'a dit mais il fait un balayage mais ça met une plombe et ça plante (j'ai du mal à le fermer !) alors là j'ai Malwarebytes qui fait une analyse il a déjà 81 objets infectés! et c'est pas fini ! je t'envois le rapport des que je l'ai !
Pour le mode sans echec hier l'agent norton m'a fait télécharger un anti spyware norton et m'a dit de redémarrer sans echec, et de lancer l'analyse mais ça ne marchait pas, alors il m'a dit j'étais trop infectée...
 

cosmido

Grand Maître
re,

Trop infecté dîtes vous,
Watchez ben aller malwarebytes
..Et redémarrer si proposé, c'est nécessaire pour compléter sa désinfection.
Vous retracerez le rapport à poster dans [Rapports/Logs].

Je check les rapports RSIT.
 

cosmido

Grand Maître
Meilleure réponse
re,


Vous devez être connecté pour voir les images.
Faites les procédures suivantes, dans la séquence proposée.
Vous devez être connecté pour voir les images.



Utilisateur de Vista.
• Désactiver l'

>> Vous réactiverez l’UAC après les suppressions <<.

_____________________________________________________________

Si le support >> G:\ << correspond à autre chose qu'un lecteur CD/DVD

Vous devez être connecté pour voir les images.
Téléchargez de C_XX & Chiquitine29
Vous devez être connecté pour voir les images.


Vous devez être connecté pour voir les images.
Branchez tout vos périphériques USB externes,

• Lancez UsbFix par un clic-droit > "Exécuter en tant qu'administrateur"

• Sélectionnez l'option 1 – Recherche
>> Laisse le aller, le rapport apparaîtra,
Vous devez être connecté pour voir les images.
Postez "immédiatement" ce rapport d'UsbFix.txt ( C:\UsbFix.txt ).


"Process.exe" est une composante de l'outil, qui est détecté par certains antivirus.
Il ne s'agit pas d'un virus, mais d'un module d’USBFix. Ignorer une alerte.

_____________________________________________________________

Vous devez être connecté pour voir les images.
Téléchargez sur votre bureau (de C_XX)
Vous devez être connecté pour voir les images.


Vous devez être connecté pour voir les images.
Désactiver l'antivirus.

• Lancez AD-R.exe par un Clic droit > "Exécuter en tant qu'administrateur"
• Sélectionner la langue, F et validez par Entrée,
• Déconnectez-vous, quittez les applications ouvertes
• Sélectionner l'option [L. Lancer le nettoyage]

>> Laisser le aller,
• Lorsque le scan sera complété appuyez sur une touche pour ouvrir le rapport
Vous devez être connecté pour voir les images.
Postez le rapport (C:\Ad-Report-SCAN.log)

Vous devez être connecté pour voir les images.
Réactiver l'antivirus et l’UAC.

_____________________________________________________________

Supprimez les lignes qui sont encore là, après ..Malwarebytes.

Relancer HijackThis
Vous devez être connecté pour voir les images.
par un Clic-droit -> Exécuter en tant qu'Adm..
(aussi disponible ici : C:\Program Files\trend micro\Rom1.exe )
• Appuyer sur
Vous devez être connecté pour voir les images.
,
• Cocher
Vous devez être connecté pour voir les images.
les lignes suivantes (de 02 à 023),
>>> Fermer Internet Explorer et autre fenêtre..
• Appuyer sur
Vous devez être connecté pour voir les images.
pour les supprimer.

O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\wso.dll

O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [VideoBarApp] C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe


Vous devez être connecté pour voir les images.
Redémarrer le PC.
_____________________________________________________________

Vais attendre le rapport de Malwarebytes.
Avant de continuer avec ce qui restera de suppressions de fichiers/ répertoires (infections).
_____________________________________________________________


En attendant, puisque le gros de la désinfection sera fait.

Désinstallation de Boonty Games.
Aller dans "Programmes et fonctionnalités" du Panneau de Config.
Pour désinstaller : Boonty Games


Gestion des programmes inutiles au démarrage du PC.
Plusieurs programmes installent leurs processus, pour qu'ils soient lancés au démarrage du PC. Plusieurs ne sont pas nécessaires. StartUpLite nettoie ces objets non-nécessaires au démarrage du PC.
Vous devez être connecté pour voir les images.
Téléchargez .
• Laisser tout cocher ce qui proposés en désactivation.
• Et appuyer sur [continuer]


Relancer Hijackthis,
• Appuyer sur
Vous devez être connecté pour voir les images.

Vous devez être connecté pour voir les images.
Et postez le rapport qui s'ouvrira à l'écran.

- Les rapport d'Ad-Remover et peut-être d'UsbFix, sont aussi à poster.

 

laurie6873

Habitué


Voilà Mawarebytes vient de finir il a trouvé 253 objets infectés !!! j'halucine! et surtout il est très efficace!
Je t'envois le rapport Atends je redémarre il me le demande et je te l"envois !
MERCI en tout cas !!!!!!!!!


 

laurie6873

Habitué


Voila le rapport de Malwarebytes :

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3292
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

04/12/2009 16:29:45
mbam-log-2009-12-04 (16-29-45).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 217058
Temps écoulé: 1 hour(s), 25 minute(s), 17 second(s)

Processus mémoire infecté(s): 9
Module(s) mémoire infecté(s): 8
Clé(s) du Registre infectée(s): 60
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 39
Fichier(s) infecté(s): 128

Processus mémoire infecté(s):
C:\ProgramData\QuestService\questservice127.exe (Adware.DoubleD) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe (Adware.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videobarapp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{40f1eb95-4de4-4f36-a826-054ee36bb905} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Winsudate (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today (Adware.Agent) -> Delete on reboot.
C:\Program Files\Internet Today\1.1.0.1190 (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870 (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService (Adware.DoubleD) -> Delete on reboot.
C:\Users\Rom1\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Web Search Operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\ProgramData\QuestService\questservice127.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvb0.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibcom.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibidl.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibupt.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbasst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbdl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\ProductInfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\3A0AAFF0\B94081D6\mvbsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\75918810\B94081D6\mvbapp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\93CE9E2B\B94081D6\mvbasst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\CMWSetup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\ITSetup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\TPSetup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85Y87W9D\wsosetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85Y87W9D\cmwsetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS6HBAHF\Qstserv[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS6HBAHF\cpasetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS6HBAHF\mvbup[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZATN5X7\itsetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0MOPZD6\tcpsetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0MOPZD6\productinfo[1].dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0MOPZD6\acesetup[1].exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Gameztar Toolbar\2.1.1.5750\bin\mvbup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Desktop\Lolo\Downloads\gameztar_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\464ELODF\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\464ELODF\gibidl[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HAYSAZR\gibupt[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HAYSAZR\gibusr[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2VJVYR3\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Windows\Temp\QUE4838.tmp\upgrade.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe (Adware.Agent) -> Delete on reboot.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\Microsoft.VC80.CRT.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\msvcr80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Internet Today\1.1.0.1190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\acepx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\cpapx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Rom1\Local Settings\Application Data\Web Search Operator\3.1.0.1840\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\searchPlugins\questservice127.xml (Adware.DoubleD) -> Quarantined and deleted successfully.

et j'en ai un deuxieme je sais pas si ça te servir je te le met quand meme :

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3292
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

04/12/2009 16:26:56
mbam-log-2009-12-04 (16-26-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 217058
Temps écoulé: 1 hour(s), 25 minute(s), 17 second(s)

Processus mémoire infecté(s): 9
Module(s) mémoire infecté(s): 8
Clé(s) du Registre infectée(s): 60
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 39
Fichier(s) infecté(s): 128

Processus mémoire infecté(s):
C:\ProgramData\QuestService\questservice127.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> No action taken.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe (Adware.Agent) -> No action taken.

Module(s) mémoire infecté(s):
C:\Program Files\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.Gibmedia) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\videobarapp (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{40f1eb95-4de4-4f36-a826-054ee36bb905} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet today task (Adware.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Winsudate (Adware.Gibmedia) -> No action taken.
C:\Program Files\Internet Today (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190 (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840 (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\Data (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610 (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\data (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190 (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630 (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870 (Adware.Agent) -> No action taken.
C:\ProgramData\QuestService (Adware.DoubleD) -> No action taken.
C:\Program Files\QuestService (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610 (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Web Search Operator\3.1.0.1840 (Adware.DoubleD) -> No action taken.

Fichier(s) infecté(s):
C:\ProgramData\QuestService\questservice127.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> No action taken.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbapp.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbsvc.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvb0.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Winsudate\gibcom.dll (Adware.Gibmedia) -> No action taken.
C:\Program Files\Winsudate\gibidl.dll (Adware.Gibmedia) -> No action taken.
C:\Program Files\Winsudate\gibupt.exe (Adware.Gibmedia) -> No action taken.
C:\Program Files\QuestService\uninstall.exe (Adware.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbasst.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\mvbdl.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Gameztar Toolbar\2.1.1.5750\ProductInfo.dll (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\3A0AAFF0\B94081D6\mvbsvc.exe (Trojan.Agent) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe (Trojan.Agent) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\75918810\B94081D6\mvbapp.exe (Trojan.Agent) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\93CE9E2B\B94081D6\mvbasst.exe (Trojan.Agent) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\CMWSetup.exe (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\ITSetup.exe (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe (Trojan.Agent) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe (Adware.DoubleD) -> No action taken.
C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}\OFFLINE\mFileBagIDE.dll\bag\TPSetup.exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85Y87W9D\wsosetup[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85Y87W9D\cmwsetup[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS6HBAHF\Qstserv[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS6HBAHF\cpasetup[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SS6HBAHF\mvbup[1].exe (Trojan.Dropper) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZATN5X7\itsetup[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0MOPZD6\tcpsetup[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0MOPZD6\productinfo[1].dll (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0MOPZD6\acesetup[1].exe (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Gameztar Toolbar\2.1.1.5750\bin\mvbup.exe (Trojan.Dropper) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe (Trojan.Dropper) -> No action taken.
C:\Users\Rom1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Desktop\Lolo\Downloads\gameztar_installer.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\464ELODF\gibcom[1].dll (Adware.Gibmedia) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\464ELODF\gibidl[1].dll (Adware.Gibmedia) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HAYSAZR\gibupt[1].exe (Adware.Gibmedia) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HAYSAZR\gibusr[1].exe (Adware.Gibmedia) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2VJVYR3\gibsvc[1].exe (Adware.Gibmedia) -> No action taken.
C:\Windows\Temp\QUE4838.tmp\upgrade.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.ico (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\InternetToday.skf (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\mfc80.dll (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\Microsoft.VC80.CRT.manifest (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\Microsoft.VC80.MFC.manifest (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\msvcr80.dll (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\PixelLogExe.exe (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\unins000.dat (Adware.Agent) -> No action taken.
C:\Program Files\Internet Today\1.1.0.1190\unins000.exe (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\unins000.dat (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\unins000.exe (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\wsopx.exe (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\Data\config.md (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\install.rdf (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> No action taken.
C:\Program Files\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\tcppx.exe (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.dat (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.exe (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\pxtmpdata.mx (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Config.mx (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Data.mx (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_DomainExcludeList.mx (Adware.Agent) -> No action taken.
C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610\TCPIE.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSub.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSubL.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\acepx.exe (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.dat (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.exe (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data\config.md (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome.manifest (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\install.rdf (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> No action taken.
C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSub.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSubL.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\cpapx.exe (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.dat (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.exe (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data\config.md (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome.manifest (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\install.rdf (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\CPAAddOn.jar (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.dll (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> No action taken.
C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\cmwpx.exe (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\cmwsh.dll (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\config.mx (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\data.mx (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\exclude.mx (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\MatchingData.zd5 (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\pxtmpdata.mx (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.dat (Adware.Agent) -> No action taken.
C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.exe (Adware.Agent) -> No action taken.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Config.mx (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Data.mx (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> No action taken.
C:\Users\Rom1\Local Settings\Application Data\Web Search Operator\3.1.0.1840\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Mozilla Firefox\searchPlugins\questservice127.xml (Adware.DoubleD) -> No action taken.

 

laurie6873

Habitué


Ok je fais tout ce que vous me dites, et je vous envois les rapports !! merci !
 

laurie6873

Habitué
Voilà là j'ai désactiver l'UAC, et usbfix est entrain de scanner, je t'envois le rapport dès que c'est fini, apres je suis le déroulement des opérations ! et je t'envois les rapports !
 

cosmido

Grand Maître
re,

Voilà là j'ai désactiver l'UAC, et usbfix est entrain de scanner, je t'envois le rapport dès que c'est fini, apres je suis le déroulement des opérations ! et je t'envois les rapports
Après avoir fait toutes ces procédures.
Au lieu de [strike]poster un rapport Hijackthis.[/strike]
Vous devez être connecté pour voir les images.
Relancer RSIT, pour ne postez qu'un nouveau rapport Log.txt
L'autre [strike]info.txt[/strike], ne sera pas nécessaire.
___________________________________________


Good !!!!!!!!!!!!!
Ces rapports proviennent du même scan. Lorsque le scan a été complété, vous n'avez pas appuyer sur [Supprimer la sélection]. Ce qui fait que le premier rapport(le 2ième posté) comporte (-> No action taken) à chaque détection.
Les détections du scan avaient alors été mis en Quarantaine. Et puisque dans ce cas, Malwarebytes place comme tâche "commandée", de supprimer tout ce qu'il a détectés au prochain démarrage du PC. Lorsque vous avez redémarrer, aussitôt après le scan. Un 2ième rapport a été produit pour faire état de (Quarantined and deleted ..) à la suite des détections.


Lorsque vous répondez en créant un message. Appuyez sur
Vous devez être connecté pour voir les images.
. Ainsi avec la quantité de rapport de grande taille, cela fera moins de roulis, roulas, pour suivre les messages.
 

laurie6873

Habitué
Hey Cosmido !

Punaise c'est cool de bosser avec vous (on peut se dire TU ! lol c'est mieux et j'ai déjà commencé ! :sarcastic: )

Alors je vais te donner des news :
1/ à la fin de message je t'envois le rapport de usbfix
2/ j'ai pu télécharger AD-R tout s'est bien passé sauf qu'à la fin j'ai eu un message d'avertissement me disant ça : " Le résident "Tea Timer.exe" de Spybot search and destroy est actif ! Dans ces conditions le programme ne peut continuer ! "
Voilà alors j'ai ouvert spybot pour le désactiver mais le probleme pour spybot (j'ai cocher une case ou je disais qu'avant le démarrage de spybot, à chaque fois spybot devait attendre avant de s'ouvrir (un truc du style je te dirais quand j'arriverais à le fermer et que je pourrais recommencer pour te dire exactement ce qu'il dit, ouais là franchement, je crains !!
Bon et du coup je l'ai laissé finir sa vérif il a mis très longtemps et à la fin il plante je peux rien faire ni l'ouvrir pour voir ce qui se passe (car j'ai une toute petite fenetre ou y'a juste une barre qui avance, en meme temps que la vérif avance...

Donc je le désinstalle et ré-installe ou je dois faire autre chose? je fais rien j'attends déjà ta réponse.
puisque sans ça je ne pourrais pas utiliser AD-R...

Voici le rapport usbfix :


############################## | UsbFix V6.059 |

User : Rom1 (Administrateurs) # PC-DE-LAURIE
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 18:30:20 | 04/12/2009
Website :
Contact : FindyKill.Contact@gmail.com

Genuine Intel(R) CPU T1600 @ 1.66GHz
Microsoft® Windows Vista™ Édition Intégrale (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
AV : Norton 360 2007 [ Enabled | Updated ]
FW : Norton 360[ Enabled ]2007

C:\ -> Disque fixe local # 149,05 Go (83,83 Go free) # NTFS
D:\ -> Disque CD-ROM # 7,67 Go (0 Mo free) [POIROT_DVD1] # UDF
E:\ -> Disque amovible
F:\ -> Disque amovible # 967,62 Mo (294,39 Mo free) # FAT
G:\ -> Disque CD-ROM
H:\ -> Disque amovible # 958,98 Mo (503,96 Mo free) # FAT32

############################## | Processus actifs |

C:\Windows\System32\smss.exe 452
C:\Windows\system32\csrss.exe 528
C:\Windows\system32\wininit.exe 568
C:\Windows\system32\csrss.exe 576
C:\Windows\system32\services.exe 616
C:\Windows\system32\lsass.exe 632
C:\Windows\system32\lsm.exe 640
C:\Windows\system32\winlogon.exe 676
C:\Windows\system32\svchost.exe 832
C:\Windows\system32\svchost.exe 896
C:\Windows\System32\svchost.exe 932
C:\Windows\System32\svchost.exe 1040
C:\Windows\System32\svchost.exe 1096
C:\Windows\system32\svchost.exe 1112
C:\Windows\system32\svchost.exe 1220
C:\Windows\system32\SLsvc.exe 1264
C:\Windows\system32\svchost.exe 1300
C:\Windows\system32\svchost.exe 1492
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 1624
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1748
C:\Windows\System32\spoolsv.exe 1860
C:\Windows\system32\svchost.exe 1884
C:\Windows\system32\taskeng.exe 1724
C:\Windows\system32\Dwm.exe 708
C:\Windows\Explorer.EXE 1476
C:\Windows\system32\taskeng.exe 2164
C:\Program Files\Windows Defender\MSASCui.exe 2284
C:\Program Files\HP\QuickPlay\QPService.exe 2304
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2328
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2408
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2520
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2576
C:\Windows\system32\IoctlSvc.exe 2624
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 2640
C:\Windows\system32\svchost.exe 2656
C:\Windows\system32\svchost.exe 2676
C:\Windows\System32\svchost.exe 2712
C:\Windows\system32\SearchIndexer.exe 2752
C:\Windows\system32\DRIVERS\xaudio.exe 2940
C:\Windows\System32\igfxpers.exe 2996
C:\Windows\system32\WUDFHost.exe 3024
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3032
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 3084
C:\Program Files\Common Files\Symantec Shared\ccApp.exe 3128
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3148
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe 3212
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe 3224
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 3240
C:\Program Files\Windows Media Player\wmpnscfg.exe 3280
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 3300
C:\Windows\system32\igfxsrvc.exe 3400
C:\Windows\system32\wbem\unsecapp.exe 3520
C:\Windows\system32\wbem\wmiprvse.exe 3560
C:\Program Files\Windows Media Player\wmpnetwk.exe 3860
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 3296
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 496
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 3668
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1412
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe 3184
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 2356
C:\Program Files\Mozilla Firefox\firefox.exe 992
C:\Windows\system32\conime.exe 4056
C:\Windows\system32\wbem\wmiprvse.exe 5216

################## | Fichiers # Dossiers infectieux |


################## | Spyware.OnlineGames |


################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{b4caebcb-5826-11de-82f1-001f16438fb6}
shell\AutoRun\command =G:\SETUP.EXE
shell\configure\command =G:\SETUP.EXE
shell\install\command =G:\SETUP.EXE

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.059 ! |

Voila et encore merci tu es super tu m'explique vraiment bien les démarches c'est super !!
à tout à l'heure ...
 

laurie6873

Habitué
Coucou,

Alors j'ai désinstaller spybot mais je vais le remettre, voici le rapport de Ad-r :
>je te tiens au jus pour la suite !

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 03.12.2009 à 20:53
Contact: AdRemover.contact@gmail.com
Site web:
.
Lancé à: 21:54:01, 04/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 2 v6.0.6002
Nom du PC: PC-DE-LAURIE | Utilisateur actuel: Rom1
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\ProgramData\Games-Attack
C:\Users\Rom1\AppData\Roaming\Mozilla\Firefox\Profiles\bvzeg84c.default\searchplugins\ask.xml
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Titan Poker
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Titan Poker.lnk
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Users\Rom1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
C:\Poker\Titan Poker
C:\Users\Rom1\AppData\Local\Temp\New_tdf
C:\Users\Public\Desktop\Titan Poker.lnk
C:\Users\Rom1\Desktop\Games-Attack.lnk
C:\Users\Rom1\Desktop\Lolo\Downloads\SetupPoker_45039c_fr.exe

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\software\Media Access Startup
HKCU\software\Games-Attack
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKCU\software\Titan Poker
HKLM\Software\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}
HKLM\software\microsoft\windows\currentversion\uninstall\Titan Poker
HKLM\software\Titan Poker
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: bvzeg84c.default (Rom1)
.
(Rom1, prefs.js) Browser.download.lastDir, C:\Users\Rom1\Documents\Lolo\Photos\Photos MAFIA II
(Rom1, prefs.js) Browser.search.defaultenginename, Google
(Rom1, prefs.js) Browser.search.selectedEngine, Google
(Rom1, prefs.js) Browser.startup.homepage, www.lauriephoto.blogzoom.fr
.
(Rom1, prefs.js) EFFACE - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q={searchTerms}&crm=1
(Rom1, prefs.js) EFFACE - Extensions.veohsearchrecs.SupportedSites, <?xml version=\1.0\ ?>\r\n<results revision=\1.5.2\>\r\n <sites>\r\n <searchsite MatchesDomain=\google.\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\google.\ MatchesPath=\/search\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\bing.com\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\news.google.com\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\news.google.com\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\youtube.com\ HasInUrl=\search_query=\ SearchQuery=\search_query=\></searchsite>\r\n <searchsite MatchesDomain=\search.yahoo.com\ HasInUrl=\?p=\ SearchQuery=\?p=\></searchsite>\r\n <searchsite MatchesDomain=\search.yahoo.com\ HasInUrl=\&ampp=\ SearchQuery=\&ampp=\></searchsite>\r\n <searchsite MatchesDomain=\ask.com\ MatchesPath=\/web\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\ask.com\ MatchesPath=\/web\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\ask.com\ MatchesPath=\/video\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\search.live.com\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\search.msn.com\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\wikipedia.org\ SearchQuery=\?search=\></searchsite>\r\n <searchsite MatchesDomain=\amazon.com\ HasInUrl=\field-keywords=\ SearchQuery=\field-keywords=\></searchsite>\r\n <searchsite MatchesDomain=\amazon.com\ HasInUrl=\&ampkeywords=\ SearchQuery=\&ampkeywords=\></searchsite>\r\n <searchsite MatchesDomain=\bestbuy.com\ HasInUrl=\&ampst=\ SearchQuery=\&ampst=\ CannotHaveInUrl=\skuId=\></searchsite>\r\n <searchsite MatchesDomain=\bestbuy.com\ HasInUrl=\&ampsearchterm=\ SearchQuery=\&ampsearchterm=\ CannotHaveInUrl=\skuId=\></searchsite>\r\n <searchsite MatchesDomain=\.aol.\ HasInUrl=\&ampquery=\ SearchQuery=\&ampquery=\></searchsite>\r\n <searchsite MatchesDomain=\.aol.\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\music.yahoo.com\ MatchesPath=\/search\ HasInUrl=\&ampp=\ SearchQuery=\&ampp=\></searchsite>\r\n <searchsite MatchesDomain=\walmart.com\ MatchesPath=\/search\ SearchQuery=\search_query=\></searchsite>\r\n <searchsite MatchesDomain=\imdb.com\ MatchesPath=\/find\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\searchservice.myspace.com\ HasInUrl=\&ampqry=\ SearchQuery=\&ampqry=\></searchsite>\r\n <searchsite MatchesDomain=\last.fm\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\last.fm\ MatchesPath=\/search\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\ebay.com\ SearchQuery=\_nkw=\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/ers/\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/cas/\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/apa/\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/stp/\></searchsite>\r\n <searchsite MatchesDomain=\dailymotion.com\ HasInUrl=\/search/\ SearchQuery=\/search/\></searchsite>\r\n <searchsite MatchesDomain=\fancast.com\ HasInUrl=\/search/?s=\ SearchQuery=\?s=\></searchsite>\r\n <searchsite MatchesDomain=\metacafe.com\ HasInUrl=\/tags/\ SearchQuery=\/tags/\></searchsite>\r\n <searchsite MatchesDomain=\search.twitter.com\ HasInUrl=\/search?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\hulu.com\ HasInUrl=\?query=\ SearchQuery=\?query=\></searchsite>\r\n <searchsite MatchesDomain=\cnn.com\ HasInUrl=\/search.jsp\ SearchQuery=\query=\></searchsite>\r\n <searchsite MatchesDomain=\flickr.com\ MatchesPath=\/search\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\flickr.com\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\photobucket.com\ HasInUrl=\/images/\ SearchQuery=\/images/\></searchsite>\r\n <searchsite MatchesDomain=\digg.com\ HasInUrl=\search?s=\ SearchQuery=\search?s=\></searchsite>\r\n <searchsite MatchesDomain=\megavideo.com\ HasInUrl=\?c=search\ SearchQuery=\&amps=\></searchsite>\r\n </sites>\r\n\r\n\r\n <browsesites>\r\n <excludedsite Url=\hxxp://www.wikipedia.org/\/>\r\n <excludedsite Url=\hxxp://www.amazon.com/\/>\r\n <excludedsite Url=\hxxp://wikipedia.org/\/>\r\n <excludedsite Url=\hxxp://amazon.com/\/>\r\n <excludedsite Url=\hxxp://www.imeem.com/\/>\r\n <excludedsite Url=\hxxp://www.walmart.com/\/>\r\n <excludedsite Url=\hxxp://www.bestbuy.com/\/>\r\n <excludedsite Url=\hxxp://www.ebay.com/\/>\r\n <excludedsite Url=\hxxp://www.imdb.com/\/>\r\n <excludedsite Url=\hxxp://vids.myspace.com/\/>\r\n <excludedsite Url=\hxxp://new.music.yahoo.com/\/>\r\n <excludedsite Url=\hxxp://www.aol.com/\/>\r\n <excludedsite Url=\hxxp://www.imdb.com/\/>\r\n <excludedsite Url=\hxxp://www.aol.com/main.adp?adp=1\/>\r\n <excludedsite Url=\hxxp://www.bestbuy.com/site/olspage.jsp?type=category&ampid=cat00000\/>\r\n <excludedsite Url=\hxxp://it.wikipedia.org/wiki/Pagina_principale\/>\r\n <excludedsite Url=\hxxp://fr.wikipedia.org/wiki/Accueil\/>\r\n <excludedsite Url=\hxxp://ja.wikipedia.org/wiki/\/>\r\n <excludedsite Url=\hxxp://es.wikipedia.org/wiki/Wikipedia:portada\/>\r\n <excludedsite Url=\hxxp://en.wikipedia.org/wiki/Portal:Contents\/>\r\n <excludedsite Url=\hxxp://en.wikipedia.org/wiki/Main_Page\/>\r\n <excludedsite Url=\hxxp://de.wikipedia.org/wiki/Hauptseite\/>\r\n <excludedsite Url=\hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite\/>\r\n <excludedsite Url=\hxxp://i.media-imdb.com/3pads/kanoodle-title-sky.html\/>\r\n <excludedsite Url=\hxxp://i.media-imdb.com/3pads/kanoodle-name-sky.html\/>\r\n\r\n <browsesite MatchesDomain=\www.google.com\ HasInUrl=\#hl=\>\r\n <PageQuery><![CDATA[ try { var nFind = objTab.url.indexOf'=Google+Search' ifnFind == -1 { nFind = objTab.url.indexOf'=Google Search' } ifnFind != -1 { var split = objTab.url.substringobjTab.url.indexOf'&q='+3 split = split.substring0,split.indexOf'&' this.m_objCurrentDocument.location.replace'hxxp://www.google.com/search?q=' + split } }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\wikipedia.org\ CannotHaveInUrl=\Main_Page\>\r\n <PageQuery><![CDATA[try{ifobjTab.parts.path.indexOf':' < 0{strQuery = objVVCTabManager.GetTabKeywordsobjTab,1.toString}}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\amazon.com\ CannotHaveInUrl=\homepage.html\ HasInUrl=\?\>\r\n <PageQuery><![CDATA[try{var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf''}}} }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imeem.com\ CannotHaveInUrl=\/video/\ HasInUrl=\/tag/\>\r\n <PageQuery><![CDATA[try{split = objTab.url.toString.split'/tag/'split = split[1].split'/'strQuery=split[0]}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imeem.com\ CannotHaveInUrl=\/video/\ HasInUrl=\/artists/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}}ifstrQuery.toLowerCase=='browse'strQuery=''}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imeem.com\ CannotHaveInUrl=\/video/\ HasInUrl=\/music/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}}ifstrQuery.toLowerCase=='browse'strQuery=''}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\music.yahoo.com\ CannotHaveInUrl=\/videos/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 { strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}}}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\walmart.com\ HasInUrl=\?product_id=\ MainPageUrl=\hxxp://www.walmart.com/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}} }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\bestbuy.com\ CannotHaveInUrl=\skuId=\>\r\n <PageQuery><![CDATA[try{var titleTags=objTab.document.getElementsByTagName'title'iftitleTags.length>0{strQuery=titleTags[0].textvar split=strQuery.split'- BestBuy'ifsplit.length>1{strQuery=split[0]split=strQuery.split':'ifsplit.length>1{strQuery=split[1]}}}strQuery=strQuery.replace/^\s+|\s+$/g,''}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\music.aol.com\>\r\n <PageQuery><![CDATA[try{strQuery=objVVCTabManager.GetTabKeywordsobjTab,1.toString}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imdb.com\ HasInUrl=\title\ CannotHaveInUrl=\/doubleclick/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'forvar i=0 i<metaTags.length ++i{ifmetaTags.name.toLowerCase == 'title'{var content = metaTags.content.replace/^\s+|\s+$/g, ''var delimIndex = content.indexOf','ifdelimIndex > 0{strQuery = content.substring0,delimIndex}else ifcontent.length > 0{strQuery = content}strQuery = strQuery.replace/\.*\/g, ''break} }}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imdb.com\ HasInUrl=\name\ CannotHaveInUrl=\/doubleclick/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'forvar i=0 i<metaTags.length ++i{ifmetaTags.name.toLowerCase == 'title'{var content = metaTags.content.replace/^\s+|\s+$/g, ''var delimIndex = content.indexOf','ifdelimIndex > 0{strQuery = content.substring0,delimIndex}else ifcontent.length > 0{strQuery = content}strQuery = strQuery.replace/\.*\/g, ''break}} }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imdb.com\ HasInUrl=\/Sections/Genres/\>\r\n <PageQuery><![CDATA[ try {var split = objTab.parts.path.split'/'strQuery = split[3]}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\last.fm\ HasInUrl=\/music/\>\r\n <PageQuery><![CDATA[ try{var split = objTab.parts.path.split'/'ifsplit.length>1strQuery = split[2]}catche{}]]></PageQuery>\r\n </browsesite>\r\n </browsesites>\r\n \r\n <fallback>\r\n <replace url=\hxxp://gdata.youtube.com/feeds/api/videos?start-index=1&ampmax-results=50&ampv=2&ampformat=5&ampq=\>\r\n <replaceid>BF4C0C4D-1219-409d-886F-436D68306B7B</replaceid>\r\n <replaceframe>veohrecs_fr</replaceframe>\r\n </replace>\r\n </fallback>\r\n\r\n <bookmark>\r\n <elements><![CDATA[\nfunction{var window=this,document=window.document,utils=function{return{bind:functionthisArg,name{var func=thisArg[name]if'object'!==typeof thisArg.bound{thisArg.bound={}}\nif'undefined'===typeof thisArg.bound[name]&&'function'===typeof func{thisArg.bound[name]=functione{func.callthisArg,utils.getEvente}}\nreturn thisArg.bound[name]},encode:functiontext{return window.escapetext.replace/&/g,'&amp'.replace/</g,'&lt'.replace/>/g,'&gt'.replace/\\/g,'&quot'},getEvent:functione{var event=e||window.event,target=event.target||event.srcElementwhiletarget&&target.nodeType===3{target=target.parentNode}\nreturn{document:target.ownerDocument,event:event,target:target,type:event.type,page:{x:event.pageX||event.clientX+document.body.scrollLeft,y:event.pageY||event.clientY+document.body.scrollTop},preventDefault:function{this.event.returnValue=falseifthis.event.preventDefault{this.event.preventDefault}\nreturn this},stopPropagation:function{this.event.cancelBubble=trueifthis.event.stopPropagation{this.event.stopPropagation}\nreturn this},stop:function{return this.stopPropagation.preventDefault}}},log:functionmessage{var logDiv=document.getElementById'com_veoh_logDiv',newDiv=document.createElement'div'iflogDiv===null{logDiv=document.createElement'div'logDiv.setAttribute'id','com_veoh_logDiv'logDiv.style.position='absolute'logDiv.style.top='0px'logDiv.style.right='0px'logDiv.style.backgroundColor='white'logDiv.style.border='1px solid black'logDiv.style.padding='5px'logDiv.style.textAlign='left'logDiv.style.width='300px'logDiv.style.zIndex='9999999'document.getElementsByTagName'body'[0].appendChildlogDiv}\nnewDiv.innerHTML=messagelogDiv.appendChildnewDiv},logError:functione{var message=''iftypeof e==='object'{message=e+' with message: '+e.message||'none'}else{message=e}\nutils.log'Caught error: '+message}}},elements=function{var Element=functionselector{iftypeof selector==='string'{this.id=selectorthis.el=document.getElementByIdselector}else ifselector&&selector.getAttribute{this.id=selector.getAttribute'id'this.el=selector}else ifselector{this.id=''this.el=selector}else{this.id=''this.el=null}},Draggable=functionelement,options{options=options||{}this.element=elementthis.handle=options.handle||elementthis.events={start:options.start,stop:options.stop}}Element.prototype={addEvents:functionhash{forvar name in hash{iftypeof name==='string'&&this.el{ifthis.el.attachEvent{this.el.attachEvent'on'+name,hash[name]}else ifthis.el.addEventListener{this.el.addEventListenername,hash[name],false}}}\nreturn this},removeEvents:functionhash{forvar name in hash{iftypeof name==='string'&&this.el{ifthis.el.detachEvent{this.el.detachEvent'on'+name,hash[name]}else ifthis.el.removeEventListener{this.el.removeEventListenername,hash[name],false}}}\nreturn this},getParent:function{returnthis.el&&this.el.parentNode?elements.getElementthis.el.parentNode:null},getTag:function{returnthis.el&&this.el.nodeName?this.el.nodeName.toLowerCase:undefined},getPosition:function{returnthis.el&&this.el.style?{x:parseIntthis.el.style.left,10,y:parseIntthis.el.style.top,10}:{}},setPosition:functionpos{ifthis.el&&this.el.style{this.el.style.left=pos.x+'px'this.el.style.top=pos.y+'px'}\nreturn this},getOffset:functionadjust{var container=this.el,offset={x:0,y:0}whilecontainer!==undefined&&container!==null{offset.x+=container.offsetLeftoffset.y+=container.offsetTopcontainer=container.offsetParent}\niftypeof adjust==='object'{iftypeof adjust.x==='number'{offset.x+=adjust.x}\niftypeof adjust.y==='number'{offset.y+=adjust.y}}\nreturn offset},getStyle:functionname{var style=nullifthis.el&&this.el.style&&typeof name==='string'{style=this.el.style[name]}\nreturn style},setStyles:functionhash{forvar name in hash{iftypeof name==='string'&&this.el&&this.el.style{this.el.style[name]=hash[name]}}\nreturn this},getOuterHtml:function{var tmp,html=nullifthis.el{ifthis.el.outerHTML{html=this.el.outerHTML}else{tmp=elements.getElement.create'div'.appendToelements.getBody.setStyles{display:'none'}elements.getElementthis.el.cloneNodetrue.appendTotmphtml=tmp.getInnerHtmltmp.remove}}\nreturn html},getInnerHtml:function{var html=''ifthis.el&&this.el.innerHTML{html=this.el.innerHTML}\nreturn html},setHtml:functionhtml{ifthis.el{this.el.innerHTML=html}\nreturn this},replaceHtml:functiontoken,html{ifthis.el&&this.el.innerHTML{this.el.innerHTML=this.el.innerHTML.replacetoken,html}\nreturn this},get:functionname{returnthis.el&&this.el.getAttribute?this.el.getAttributename:null},set:functionhash{forvar name in hash{iftypeof name==='string'&&this.el&&this.el.setAttribute{this.el.setAttributename,hash[name]}}\nreturn this},rem:functionname{ifthis.el&&this.el.removeAttribute{this.el.removeAttributename}\nreturn this},appendTo:functionother{ifother.el&&other.el.appendChild{other.el.appendChildthis.el}\nreturn this},insertInto:functionother{ifother.el.firstChild&&other.el.insertBefore{other.el.insertBeforethis.el,other.el.firstChild}else{this.appendToother}\nreturn this},remove:function{this.cleanifthis.el&&this.el.parentNode{this.el.parentNode.removeChildthis.el}\nthis.el=nullreturn this},create:functiontype{ifthis.el===null{this.el=document.createElementtypethis.set{id:this.id}}\nreturn this},makeDraggable:functionoptions{ifthis.draggable{this.draggable.clean}\nthis.draggable=new Draggablethis,optionsthis.draggable.initreturn this},resetDraggable:function{ifthis.draggable{this.draggable.reset}\nreturn this},clean:function{ifthis.draggable{this.draggable.clean}}}Draggable.prototype={events:{},position:{},start:functionevent{ifthis.events.start&&typeof this.events.start==='function'{this.events.start.callthis.element}\nthis.position.relative=this.element.getPositionthis.position.relative={x:event.page.x-this.position.relative.x,y:event.page.y-this.position.relative.y}elements.getElementevent.document.addEvents{mousemove:utils.bindthis,'drag',mouseup:utils.bindthis,'stop',mousedown:utils.bindthis,'eventStop',selectstart:utils.bindthis,'eventStop'}},drag:functionevent{this.element.setPosition{x:event.page.x-this.position.relative.x,y:event.page.y-this.position.relative.y}},stop:functionevent{ifthis.events.stop&&typeof this.events.stop==='function'{this.events.stop.callthis.element}\nelements.getElementevent.document.removeEvents{mousemove:utils.bindthis,'drag',mouseup:utils.bindthis,'stop',mousedown:utils.bindthis,'eventStop',selectstart:utils.bindthis,'eventStop'}},eventStop:functionevent{event.stop},reset:functionevent{this.element.setPositionthis.position.initial},init:function{this.handle.addEvents{mousedown:utils.bindthis,'start'}this.position.initial=this.element.getPosition},clean:function{this.handle.removeEvents{mousedown:utils.bindthis,'start'}}}return{getElement:functionselector{return new Elementselector},getPrototype:function{return Element.prototype},getElementList:functionname{return document.getElementsByTagNamename},getBody:function{return this.getElementthis.getElementList'body'[0]},getHead:function{return this.getElementthis.getElementList'head'[0]},getMetadata:functionname{var i=0,content=null,metadata=this.getElementList'meta'fori=0i<metadata.lengthi+=1{ifname===metadata.name{content=metadata.contentbreak}}\nreturn content},getProperty:functionname{return document[name]}}}window.veoh=function{return this}window.veoh.elements=elementswindow.veoh.utils=utils}]]></elements>\r\n <injest><![CDATA[\nfunction{var window=this,elements=window.veoh.elements,utils=window.veoh.utils,baseUrl=window.veoh.baseUrl||'hxxp://www.veoh.com/',ingest=function{var Button=functionindex,embed{this.alt=''this.anchor=nullthis.button=nullthis.form=nullthis.frame=nullthis.embed=embedthis.index=indexthis.loaded=falsethis.hideHandle=nullthis.moveHandle=nullthis.moveIncrement=5this.offset={x:0,y:0}this.src='images/ingest.png'this.title='Add to Veoh playlist'this.height=30this.width=55},Frame=function{this.dragBox=nullthis.dragClose=nullthis.dragTitle=nullthis.dragFrame=nullthis.loaded=false},Form=function{this.form=nullthis.loaded=false}Button.prototype={init:functionframe,form{if!this.loaded{this.button=elements.getElement'com_veoh_ingestButton'.create'div'.appendToelements.getBody.setStyles{position:'absolute',height:'0px',width:this.width+'px',overflow:'hidden',zIndex:'10000'}this.anchor=elements.getElement'com_veoh_open'.create'a'.appendTothis.button.set{href:'#',title:this.title}.setHtml'<img border=\0\ alt=\'+this.alt+'\ height=\'+this.height+'\ width=\'+this.width+'\ src=\'+baseUrl+this.src+'\ />'this.anchor.addEvents{click:utils.bindthis,'click'}this.button.addEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.embed.addEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.loaded=true}\nthis.frame=framethis.form=formthis.anchor.set{'com_veoh_index':this.index,'id':'com_veoh_open'+this.index}this.button.set{'com_veoh_index':this.index,'id':'com_veoh_ingestButton'+this.index}this.embed.set{'com_veoh_index':this.index}ifthis.button.getStyle'height'==='0px'{this.offset=this.embed.getOffsetthis.button.setPositionthis.offset}\nreturn this},clean:function{ifthis.loaded{this.anchor.removeEvents{click:utils.bindthis,'click'}this.button.removeEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.embed.removeEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.button.removethis.embed.rem'com_veoh_index'this.anchor=nullthis.button=nullthis.embed=nullthis.frame=nullthis.form=nullthis.offset={x:0,y:0}this.loaded=false}\nreturn this},setIndex:functionindex{this.index=indexreturn this},isOrphan:function{var node=this.embedwhilenode&&node.el&&node.el!==elements.getBody.el{node=node.getParent}\nreturn!node&&node.el&&node.el===elements.getBody.el},click:functionevent{iftypeof this.form==='object'&&typeof this.frame==='object'{this.form.submitthis.embed.getOuterHtml,this.embed.el.offsetWidth,this.embed.el.offsetHeightthis.frame.openthis.embed.getOffset{x:this.embed.el.offsetWidth+10}}\nevent.preventDefault},show:functionevent{var initialY=this.offset.y,targetY=this.offset.y-this.heightiftypeof this.button==='object'&&typeof this.button.growShrinkY==='function'{window.clearTimeoutthis.hideHandlethis.button.growShrinkYinitialY,targetY,this.moveIncrement,this}},hide:functionevent{var thisArg=this,initialY=this.offset.y,targetY=initialY,hide=function{iftypeof thisArg.button==='object'&&typeof thisArg.button.growShrinkY==='function'{thisArg.button.growShrinkYinitialY,targetY,thisArg.moveIncrement,thisArg}}window.clearTimeoutthis.hideHandlethis.hideHandle=window.setTimeouthide,500}}Frame.prototype={init:function{if!this.loaded{this.dragBox=elements.getElement'com_veoh_dragBox'.create'div'.appendToelements.getBody.setStyles{backgroundColor:'#ffffff',border:'4px groove',cursor:'move',display:'none',fontSize:'12px',position:'absolute',height:'auto',width:'300px',top:'0px',left:'0px',zIndex:20000}.setHtml'<a id=\com_veoh_dragClose\ href=\></a>'+'<h2 id=\com_veoh_dragTitle\></h2>'+'<iframe id=\com_veoh_dragFrame\ name=\com_veoh_dragFrame\ src=\about:blank\></iframe>'this.dragClose=elements.getElement'com_veoh_dragClose'.set{href:'#',title:'Close'}.setStyles{background:'transparent url'+baseUrl+'images/veoh_sprite.gif no-repeat scroll -73px 0px',cursor:'pointer',position:'absolute',height:'14px',width:'14px',top:'10px',right:'10px',zIndex:30000}this.dragTitle=elements.getElement'com_veoh_dragTitle'.setStyles{borderBottom:'1px dotted #d7d7d7',color:'#444444',font:'bold 1.25em \Lucida Grande\,Tahoma,Arial,Helvetica,sans-serif',margin:'10px 10px 0px 10px',paddingBottom:'5px',textAlign:'left'}.setHtml'Add to Veoh playlist'this.dragFrame=elements.getElement'com_veoh_dragFrame'.set{frameborder:'0',height:'250',width:'300',scrolling:'yes'}.setStyles{marginTop:'1px'}this.dragBox.makeDraggable{start:function{elements.getElement'com_veoh_iframeFix'.create'div'.setStyles{opacity:'0.001',position:'absolute',height:'250px',width:'300px',left:'0px',top:'0px',zIndex:1000}.appendTothis},stop:function{elements.getElement'com_veoh_iframeFix'.remove}}this.dragClose.addEvents{click:utils.bindthis,'close',mouseover:utils.bindthis,'closeFocus',mouseout:utils.bindthis,'closeBlur'}}\nreturn this},clean:function{ifthis.loaded{this.dragClose.removeEvents{click:utils.bindthis,'close',mouseover:utils.bindthis,'closeFocus',mouseout:utils.bindthis,'closeBlur'}this.dragBox.cleanthis.dragBox.removethis.dragBox=nullthis.dragClose=nullthis.dragFrame=nullthis.dragTitle=nullthis.loaded=false}\nreturn this},open:functionoffset{iftypeof this.dragBox==='object'{this.dragBox.setPositionoffsetthis.dragBox.setStyles{display:'block'}}},close:functionevent{iftypeof this.dragBox==='object'&&typeof this.dragFrame==='object'{this.dragBox.setStyles{display:'none'}this.dragFrame.set{src:'about:blank'}}\nevent.preventDefault},closeFocus:functionevent{iftypeof this.dragClose==='object'{this.dragClose.setStyles{backgroundPosition:'-73px -14px'}}},closeBlur:functionevent{iftypeof this.dragClose==='object'{this.dragClose.setStyles{backgroundPosition:'-73px 0px'}}}}Form.prototype={init:function{if!this.loaded{this.form=elements.getElement'com_veoh_ingestForm'.create'form'.appendToelements.getBody.set{action:baseUrl+'ingest',method:'post',target:'com_veoh_dragFrame'}.setHtml'<input id=\com_veoh_ingestForm_title\ name=\title\ type=\hidden\ value=\ />'+'<input id=\com_veoh_ingestForm_url\ name=\url\ type=\hidden\ value=\ />'+'<input id=\com_veoh_ingestForm_width\ name=\width\ type=\hidden\ value=\ />'+'<input id=\com_veoh_ingestForm_height\ name=\height\ type=\hidden\ value=\ />'+'<textarea id=\com_veoh_ingestForm_embedCode\ name=\embed_code\ style=\display:none\></textarea>'+'<textarea id=\com_veoh_ingestForm_pageText\ name=\page_text\ style=\display:none\></textarea>'}\nreturn this},clean:function{ifthis.loaded{this.form.removethis.form=nullthis.loaded=false}},submit:functionembedHtml,width,height{var name='',item='',fields={}iftypeof this.form==='object'{fields.embedCode=embedHtmlfields.width=''+widthfields.height=''+heightfields.title=elements.getMetadata'title'||elements.getProperty'title'fields.url=elements.getProperty'URL'fields.pageText=''forname in fields{iftypeof fields[name]==='string'{item=elements.getElement'com_veoh_ingestForm_'+nameif'input'===item.getTag{item.set{value:utils.encodefields[name]}}else{item.setHtmlutils.encodefields[name]}}}\nthis.form.el.submit}}}return{buttonList:[],form:null,frame:null,attempt:functioninterval,limit{var blacklist={'hulu':'www.hulu.com','veoh':'www.veoh.com'}try{if!this.isBlacklistedHostdocument.URL,blacklist{this.initinterval,limit}}catche{}},init:functioninterval,limit{var timer=null,init=function{var i=0iflimit===0{window.clearIntervaltimerreturn}else iflimit>0{limit-=1}\nfori=0i<this.buttonList.lengthi+=1{ifthis.buttonList&&this.buttonList.isOrphan{this.buttonList.cleanthis.buttonList=null}}\nthis.buttonList=this.getButtonsthis.buttonListifthis.buttonList.length>0{this.form=this.form||this.getFormthis.frame=this.frame||this.getFramefori=0i<this.buttonList.lengthi+=1{ifthis.buttonList{this.buttonList.initthis.frame,this.form}}}},callInit=function{init.callingest},unload=function{ingest.clean.callingest}interval=interval||0limit=limit||1init.callthisifinterval>0{window.setIntervalcallInit,interval*1000}\nelements.getElementwindow.addEvents{'unload':unload}},clean:function{ifthis.form{this.form.cleanthis.form=null}\nifthis.frame{this.frame.cleanthis.frame=null}\nforvar i=0i<this.buttonList.lengthi+=1{ifthis.buttonList{this.buttonList.cleanthis.buttonList=null}}\nthis.buttonList=[]},getButtons:functionexistingButtons{var buttonList=[],processTagList=functiontag,baseIndex{var i=0,j=0,item=null,parent=null,list=elements.getElementListtagbaseIndex=baseIndex||0fori=0i<list.lengthi+=1{iflist{item=elements.getElementlistparent=item.getParentif!item.get'processed'{ifingest.isVideoEmbeditem{buttonList=new Buttoni,item}\nitem.set{'processed':'true'}if'object'===parent.getTag{parent.set{'processed':'true'}}}else{j=window.parseIntitem.get'com_veoh_index'if!window.isNaNj&&existingButtons[j]{buttonList=existingButtons[j].setIndexi}}}}}existingButtons=existingButtons||[]processTagList'embed'processTagList'object',buttonList.lengthreturn buttonList},getForm:function{var form=new Formreturn form.init},getFrame:function{var frame=new Framereturn frame.init},getSourceUrl:functionembed{var embedList=null,paramList=null,i=0,url=embed.src||embed.dataif!url{paramList=embed.getElementsByTagName'param'ifparamList&&paramList.length>0{fori=0i<paramList.lengthi+=1{ifparamList.name==='movie'{url=paramList.value}}}}\nif!url{embedList=embed.getElementsByTagName'embed'ifembedList&&embedList.length>0{url=embedList[0].src}}\nreturn url},isBlacklistedHost:functionurl,blacklist{forvar name in blacklist{ifurl.indexOf'hxxp://'+blacklist[name]===0{return true}}\nreturn false},isVideoEmbed:functionitem{var embed=item.el,name='',sourceURL='',adSizes={'mediumRectangle':{w:300,h:250},'squarePopup':{w:250,h:250},'verticalRectangle':{w:240,h:400},'largeRectangle':{w:336,h:280},'rectangle':{w:180,h:150},'3x1Rectangle':{w:300,h:100},'popUnder':{w:720,h:300},'fullBanner':{w:468,h:60},'halfBanner':{w:234,h:60},'microBar':{w:88,h:31},'button1':{w:120,h:90},'button2':{w:120,h:60},'verticalBanner':{w:120,h:240},'squareButton':{w:125,h:125},'leaderboard':{w:768,h:90},'wideSkyscraper':{w:160,h:600},'skyscraper':{w:120,h:600},'halfPageAd':{w:300,h:600},'1x1Pixel':{w:1,h:1},'120x20Button':{w:120,h:20},'300x60Rectangle':{w:300,h:60},'970x100Banner':{w:970,h:100},'970x250Banner':{w:970,h:250}},hostBlacklist={'m1.2mdn.net':'m1.2mdn.net'}if!embed{return false}\nsourceURL=this.getSourceUrlembedif!sourceURL||sourceURL.indexOf'hxxp://'!==0{return false}\nifthis.isBlacklistedHostsourceURL,hostBlacklist{return false}\nif900<embed.offsetWidth{return false}\nif0<embed.offsetHeight&&embed.offsetHeight<200{return false}\nifembed.height===\0\||embed.width===\0\{return false}\nforname in adSizes{ifadSizes[name].w===embed.offsetWidth&&adSizes[name].h===embed.offsetHeight{return false}else ifadSizes[name].w==embed.width&&adSizes[name].h==embed.height{return false}}\nreturn true}}}window.veoh.elements.getPrototype.growShrinkY=functioninitialY,targetY,increment,hContainer{var thisArg=this,currentY=thisArg.getPosition.y,move=function{iftargetY<currentY{currentY=Math.maxtargetY,currentY-incrementthisArg.setStyles{top:currentY+'px',height:initialY-currentY+'px'}}else iftargetY>currentY{currentY=Math.mintargetY,currentY+incrementthisArg.setStyles{top:currentY+'px',height:initialY-currentY+'px'}}else{window.clearIntervalhContainer.moveHandle}}iftargetY!==currentY{window.clearIntervalhContainer.moveHandlehContainer.moveHandle=window.setIntervalmove,1}}window.veoh.ingest=ingest}]]></injest>\r\n <injestInit><![CDATA[veoh.ingest.attempt5,-1]]></injestInit>\r\n </bookmark>\r\n </results>\r\n \r\n\r\n\r\n
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Rom1\AppData\Roaming\HouseCall 6.6\patch.exe
.
===================================
.
34925 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
2 Fichier(s) - C:\Users\Rom1\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
1552 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 22:12:23 | 04/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.


 

laurie6873

Habitué
Oups en relisant tes instructions je m'aperçois que quand j'ai fais les analyses (AD-R et Usbfix j'avais pas l'anti virus coupé !!
Veux tu que je le refasse correctement et à nouveau t'envoyer les bons rapports?
Franchement je suis tête en l'air !!
Déjà que tu prends du temps à m'aider ...

Désolé ! :sarcastic:
 

cosmido

Grand Maître
re,

UsbFix ne sera pas nécessaire.


Arfg.. j'avais omis de mettre la procédure de désactivation de Spybot.

Utilisateur de SpybotSD.
Désactivez la protection résidente de SpybotSD,
qui peut interférer avec les suppressions.
• Lancez Spybot > Mode avancé > Outils >> Résident
• Décochez la case résident "tea timer" et refermez Spybot

Important.
Lorsque la désinfection sera complétée ( et pas avant ), réactiver le " TeaTimer " .
/!\ Alors Spybot proposera, avec plusieurs pop-up, d'accepter ou non les modifications faites au registre suite aux suppressions/désinfections.
Vous devrez les accepter toutes sans exceptions !
__________________________________________________

>>>>>>> L'UAC doit aussi être désactivé. <<<<<<<<<

__________________________________________________

Vous devez être connecté pour voir les images.
Relance Ad-Remover, selon sa procédure.
Vous devez être connecté pour voir les images.
et poste le rapport.

Pour le reste..
Vous devez être connecté pour voir les images.
Fait la proc. "Gestion des prog. au démarrage" avec StartUpLite.

Vous devez être connecté pour voir les images.
Relance RSIT,
Vous devez être connecté pour voir les images.
et poste un nouveau rapport Log.txt.
__________________________________________________

Ce fichier doit être supprimer, c'est un vecteur d'infection en puissance : C:\Users\Rom1\AppData\Roaming\HouseCall 6.6\patch.exe

Est-ce que l'antivirus Norton et une version payante ou .. élabore ..
 

laurie6873

Habitué



Re,

Ok tout est fini !!
J'ai tout suivi ce que tu m'as conseillé ! ouf !

Quant la partie virus sera terminé, le problème d'administrateur seront aussi résolus? parce que là ça m'a plus dit ça mais en faite car là c'est désactiver, mais je vais le remettre et j'aurais plus de problemes avec ça? (pour renommer, supprimer, ou déplacer des fichiers)

Super !

J'attends la suite, mais là je vais éteindre le pc et moi aussi car je me leve tot demain, je te dis à demain et encore merci !!
 

laurie6873

Habitué
Voilà le rapport de AD-R (je l'ai fais avec norton et UAC désactivé) :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 03.12.2009 à 20:53
Contact: AdRemover.contact@gmail.com
Site web:
.
Lancé à: 17:22:31, 05/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Ultimate Service Pack 2 v6.0.6002
Nom du PC: PC-DE-LAURIE | Utilisateur actuel: Rom1
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: bvzeg84c.default (Rom1)
.
(Rom1, prefs.js) Browser.download.lastDir, C:\Users\Rom1\Documents\Lolo\Photos\Photos MAFIA II
(Rom1, prefs.js) Browser.search.defaultenginename, Google
(Rom1, prefs.js) Browser.search.selectedEngine, Google
(Rom1, prefs.js) Browser.startup.homepage, www.lauriephoto.blogzoom.fr
.
(Rom1, prefs.js) EFFACE - Extensions.veohsearchrecs.SupportedSites, <?xml version=\1.0\ ?>\r\n<results revision=\1.5.2\>\r\n <sites>\r\n <searchsite MatchesDomain=\google.\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\google.\ MatchesPath=\/search\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\bing.com\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\news.google.com\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\news.google.com\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\youtube.com\ HasInUrl=\search_query=\ SearchQuery=\search_query=\></searchsite>\r\n <searchsite MatchesDomain=\search.yahoo.com\ HasInUrl=\?p=\ SearchQuery=\?p=\></searchsite>\r\n <searchsite MatchesDomain=\search.yahoo.com\ HasInUrl=\&ampp=\ SearchQuery=\&ampp=\></searchsite>\r\n <searchsite MatchesDomain=\ask.com\ MatchesPath=\/web\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\ask.com\ MatchesPath=\/web\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\ask.com\ MatchesPath=\/video\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\search.live.com\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\search.msn.com\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\wikipedia.org\ SearchQuery=\?search=\></searchsite>\r\n <searchsite MatchesDomain=\amazon.com\ HasInUrl=\field-keywords=\ SearchQuery=\field-keywords=\></searchsite>\r\n <searchsite MatchesDomain=\amazon.com\ HasInUrl=\&ampkeywords=\ SearchQuery=\&ampkeywords=\></searchsite>\r\n <searchsite MatchesDomain=\bestbuy.com\ HasInUrl=\&ampst=\ SearchQuery=\&ampst=\ CannotHaveInUrl=\skuId=\></searchsite>\r\n <searchsite MatchesDomain=\bestbuy.com\ HasInUrl=\&ampsearchterm=\ SearchQuery=\&ampsearchterm=\ CannotHaveInUrl=\skuId=\></searchsite>\r\n <searchsite MatchesDomain=\.aol.\ HasInUrl=\&ampquery=\ SearchQuery=\&ampquery=\></searchsite>\r\n <searchsite MatchesDomain=\.aol.\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\music.yahoo.com\ MatchesPath=\/search\ HasInUrl=\&ampp=\ SearchQuery=\&ampp=\></searchsite>\r\n <searchsite MatchesDomain=\walmart.com\ MatchesPath=\/search\ SearchQuery=\search_query=\></searchsite>\r\n <searchsite MatchesDomain=\imdb.com\ MatchesPath=\/find\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\searchservice.myspace.com\ HasInUrl=\&ampqry=\ SearchQuery=\&ampqry=\></searchsite>\r\n <searchsite MatchesDomain=\last.fm\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\last.fm\ MatchesPath=\/search\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\ebay.com\ SearchQuery=\_nkw=\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/ers/\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/cas/\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/apa/\></searchsite>\r\n <searchsite MatchesDomain=\craigslist.org\ HasInUrl=\search/\ SearchQuery=\query=\ CannotHaveInUrl=\/stp/\></searchsite>\r\n <searchsite MatchesDomain=\dailymotion.com\ HasInUrl=\/search/\ SearchQuery=\/search/\></searchsite>\r\n <searchsite MatchesDomain=\fancast.com\ HasInUrl=\/search/?s=\ SearchQuery=\?s=\></searchsite>\r\n <searchsite MatchesDomain=\metacafe.com\ HasInUrl=\/tags/\ SearchQuery=\/tags/\></searchsite>\r\n <searchsite MatchesDomain=\search.twitter.com\ HasInUrl=\/search?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\hulu.com\ HasInUrl=\?query=\ SearchQuery=\?query=\></searchsite>\r\n <searchsite MatchesDomain=\cnn.com\ HasInUrl=\/search.jsp\ SearchQuery=\query=\></searchsite>\r\n <searchsite MatchesDomain=\flickr.com\ MatchesPath=\/search\ HasInUrl=\?q=\ SearchQuery=\?q=\></searchsite>\r\n <searchsite MatchesDomain=\flickr.com\ MatchesPath=\/search\ HasInUrl=\&ampq=\ SearchQuery=\&ampq=\></searchsite>\r\n <searchsite MatchesDomain=\photobucket.com\ HasInUrl=\/images/\ SearchQuery=\/images/\></searchsite>\r\n <searchsite MatchesDomain=\digg.com\ HasInUrl=\search?s=\ SearchQuery=\search?s=\></searchsite>\r\n <searchsite MatchesDomain=\megavideo.com\ HasInUrl=\?c=search\ SearchQuery=\&amps=\></searchsite>\r\n </sites>\r\n\r\n\r\n <browsesites>\r\n <excludedsite Url=\hxxp://www.wikipedia.org/\/>\r\n <excludedsite Url=\hxxp://www.amazon.com/\/>\r\n <excludedsite Url=\hxxp://wikipedia.org/\/>\r\n <excludedsite Url=\hxxp://amazon.com/\/>\r\n <excludedsite Url=\hxxp://www.imeem.com/\/>\r\n <excludedsite Url=\hxxp://www.walmart.com/\/>\r\n <excludedsite Url=\hxxp://www.bestbuy.com/\/>\r\n <excludedsite Url=\hxxp://www.ebay.com/\/>\r\n <excludedsite Url=\hxxp://www.imdb.com/\/>\r\n <excludedsite Url=\hxxp://vids.myspace.com/\/>\r\n <excludedsite Url=\hxxp://new.music.yahoo.com/\/>\r\n <excludedsite Url=\hxxp://www.aol.com/\/>\r\n <excludedsite Url=\hxxp://www.imdb.com/\/>\r\n <excludedsite Url=\hxxp://www.aol.com/main.adp?adp=1\/>\r\n <excludedsite Url=\hxxp://www.bestbuy.com/site/olspage.jsp?type=category&ampid=cat00000\/>\r\n <excludedsite Url=\hxxp://it.wikipedia.org/wiki/Pagina_principale\/>\r\n <excludedsite Url=\hxxp://fr.wikipedia.org/wiki/Accueil\/>\r\n <excludedsite Url=\hxxp://ja.wikipedia.org/wiki/\/>\r\n <excludedsite Url=\hxxp://es.wikipedia.org/wiki/Wikipedia:portada\/>\r\n <excludedsite Url=\hxxp://en.wikipedia.org/wiki/Portal:Contents\/>\r\n <excludedsite Url=\hxxp://en.wikipedia.org/wiki/Main_Page\/>\r\n <excludedsite Url=\hxxp://de.wikipedia.org/wiki/Hauptseite\/>\r\n <excludedsite Url=\hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite\/>\r\n <excludedsite Url=\hxxp://i.media-imdb.com/3pads/kanoodle-title-sky.html\/>\r\n <excludedsite Url=\hxxp://i.media-imdb.com/3pads/kanoodle-name-sky.html\/>\r\n\r\n <browsesite MatchesDomain=\www.google.com\ HasInUrl=\#hl=\>\r\n <PageQuery><![CDATA[ try { var nFind = objTab.url.indexOf'=Google+Search' ifnFind == -1 { nFind = objTab.url.indexOf'=Google Search' } ifnFind != -1 { var split = objTab.url.substringobjTab.url.indexOf'&q='+3 split = split.substring0,split.indexOf'&' this.m_objCurrentDocument.location.replace'hxxp://www.google.com/search?q=' + split } }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\wikipedia.org\ CannotHaveInUrl=\Main_Page\>\r\n <PageQuery><![CDATA[try{ifobjTab.parts.path.indexOf':' < 0{strQuery = objVVCTabManager.GetTabKeywordsobjTab,1.toString}}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\amazon.com\ CannotHaveInUrl=\homepage.html\ HasInUrl=\?\>\r\n <PageQuery><![CDATA[try{var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf''}}} }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imeem.com\ CannotHaveInUrl=\/video/\ HasInUrl=\/tag/\>\r\n <PageQuery><![CDATA[try{split = objTab.url.toString.split'/tag/'split = split[1].split'/'strQuery=split[0]}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imeem.com\ CannotHaveInUrl=\/video/\ HasInUrl=\/artists/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}}ifstrQuery.toLowerCase=='browse'strQuery=''}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imeem.com\ CannotHaveInUrl=\/video/\ HasInUrl=\/music/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}}ifstrQuery.toLowerCase=='browse'strQuery=''}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\music.yahoo.com\ CannotHaveInUrl=\/videos/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 { strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}}}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\walmart.com\ HasInUrl=\?product_id=\ MainPageUrl=\hxxp://www.walmart.com/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'for var i=0 i<metaTags.length ++i {if metaTags.name.toLowerCase == 'keywords' {var delimIndex = metaTags.content.indexOf','if delimIndex > 0 {strQuery = metaTags.content.substring0, delimIndexifstrQuery.indexOf':' > 0 strQuery = strQuery.substring0,strQuery.indexOf':'ifstrQuery.indexOf'' > 0 strQuery = strQuery.substring0,strQuery.indexOf'' }}} }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\bestbuy.com\ CannotHaveInUrl=\skuId=\>\r\n <PageQuery><![CDATA[try{var titleTags=objTab.document.getElementsByTagName'title'iftitleTags.length>0{strQuery=titleTags[0].textvar split=strQuery.split'- BestBuy'ifsplit.length>1{strQuery=split[0]split=strQuery.split':'ifsplit.length>1{strQuery=split[1]}}}strQuery=strQuery.replace/^\s+|\s+$/g,''}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\music.aol.com\>\r\n <PageQuery><![CDATA[try{strQuery=objVVCTabManager.GetTabKeywordsobjTab,1.toString}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imdb.com\ HasInUrl=\title\ CannotHaveInUrl=\/doubleclick/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'forvar i=0 i<metaTags.length ++i{ifmetaTags.name.toLowerCase == 'title'{var content = metaTags.content.replace/^\s+|\s+$/g, ''var delimIndex = content.indexOf','ifdelimIndex > 0{strQuery = content.substring0,delimIndex}else ifcontent.length > 0{strQuery = content}strQuery = strQuery.replace/\.*\/g, ''break} }}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imdb.com\ HasInUrl=\name\ CannotHaveInUrl=\/doubleclick/\>\r\n <PageQuery><![CDATA[ try {var metaTags = objTab.document.getElementsByTagName'META'forvar i=0 i<metaTags.length ++i{ifmetaTags.name.toLowerCase == 'title'{var content = metaTags.content.replace/^\s+|\s+$/g, ''var delimIndex = content.indexOf','ifdelimIndex > 0{strQuery = content.substring0,delimIndex}else ifcontent.length > 0{strQuery = content}strQuery = strQuery.replace/\.*\/g, ''break}} }catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\imdb.com\ HasInUrl=\/Sections/Genres/\>\r\n <PageQuery><![CDATA[ try {var split = objTab.parts.path.split'/'strQuery = split[3]}catche{}]]></PageQuery>\r\n </browsesite>\r\n <browsesite MatchesDomain=\last.fm\ HasInUrl=\/music/\>\r\n <PageQuery><![CDATA[ try{var split = objTab.parts.path.split'/'ifsplit.length>1strQuery = split[2]}catche{}]]></PageQuery>\r\n </browsesite>\r\n </browsesites>\r\n \r\n <fallback>\r\n <replace url=\hxxp://gdata.youtube.com/feeds/api/videos?start-index=1&ampmax-results=50&ampv=2&ampformat=5&ampq=\>\r\n <replaceid>BF4C0C4D-1219-409d-886F-436D68306B7B</replaceid>\r\n <replaceframe>veohrecs_fr</replaceframe>\r\n </replace>\r\n </fallback>\r\n\r\n <bookmark>\r\n <elements><![CDATA[\nfunction{var window=this,document=window.document,utils=function{return{bind:functionthisArg,name{var func=thisArg[name]if'object'!==typeof thisArg.bound{thisArg.bound={}}\nif'undefined'===typeof thisArg.bound[name]&&'function'===typeof func{thisArg.bound[name]=functione{func.callthisArg,utils.getEvente}}\nreturn thisArg.bound[name]},encode:functiontext{return window.escapetext.replace/&/g,'&amp'.replace/</g,'&lt'.replace/>/g,'&gt'.replace/\\/g,'&quot'},getEvent:functione{var event=e||window.event,target=event.target||event.srcElementwhiletarget&&target.nodeType===3{target=target.parentNode}\nreturn{document:target.ownerDocument,event:event,target:target,type:event.type,page:{x:event.pageX||event.clientX+document.body.scrollLeft,y:event.pageY||event.clientY+document.body.scrollTop},preventDefault:function{this.event.returnValue=falseifthis.event.preventDefault{this.event.preventDefault}\nreturn this},stopPropagation:function{this.event.cancelBubble=trueifthis.event.stopPropagation{this.event.stopPropagation}\nreturn this},stop:function{return this.stopPropagation.preventDefault}}},log:functionmessage{var logDiv=document.getElementById'com_veoh_logDiv',newDiv=document.createElement'div'iflogDiv===null{logDiv=document.createElement'div'logDiv.setAttribute'id','com_veoh_logDiv'logDiv.style.position='absolute'logDiv.style.top='0px'logDiv.style.right='0px'logDiv.style.backgroundColor='white'logDiv.style.border='1px solid black'logDiv.style.padding='5px'logDiv.style.textAlign='left'logDiv.style.width='300px'logDiv.style.zIndex='9999999'document.getElementsByTagName'body'[0].appendChildlogDiv}\nnewDiv.innerHTML=messagelogDiv.appendChildnewDiv},logError:functione{var message=''iftypeof e==='object'{message=e+' with message: '+e.message||'none'}else{message=e}\nutils.log'Caught error: '+message}}},elements=function{var Element=functionselector{iftypeof selector==='string'{this.id=selectorthis.el=document.getElementByIdselector}else ifselector&&selector.getAttribute{this.id=selector.getAttribute'id'this.el=selector}else ifselector{this.id=''this.el=selector}else{this.id=''this.el=null}},Draggable=functionelement,options{options=options||{}this.element=elementthis.handle=options.handle||elementthis.events={start:options.start,stop:options.stop}}Element.prototype={addEvents:functionhash{forvar name in hash{iftypeof name==='string'&&this.el{ifthis.el.attachEvent{this.el.attachEvent'on'+name,hash[name]}else ifthis.el.addEventListener{this.el.addEventListenername,hash[name],false}}}\nreturn this},removeEvents:functionhash{forvar name in hash{iftypeof name==='string'&&this.el{ifthis.el.detachEvent{this.el.detachEvent'on'+name,hash[name]}else ifthis.el.removeEventListener{this.el.removeEventListenername,hash[name],false}}}\nreturn this},getParent:function{returnthis.el&&this.el.parentNode?elements.getElementthis.el.parentNode:null},getTag:function{returnthis.el&&this.el.nodeName?this.el.nodeName.toLowerCase:undefined},getPosition:function{returnthis.el&&this.el.style?{x:parseIntthis.el.style.left,10,y:parseIntthis.el.style.top,10}:{}},setPosition:functionpos{ifthis.el&&this.el.style{this.el.style.left=pos.x+'px'this.el.style.top=pos.y+'px'}\nreturn this},getOffset:functionadjust{var container=this.el,offset={x:0,y:0}whilecontainer!==undefined&&container!==null{offset.x+=container.offsetLeftoffset.y+=container.offsetTopcontainer=container.offsetParent}\niftypeof adjust==='object'{iftypeof adjust.x==='number'{offset.x+=adjust.x}\niftypeof adjust.y==='number'{offset.y+=adjust.y}}\nreturn offset},getStyle:functionname{var style=nullifthis.el&&this.el.style&&typeof name==='string'{style=this.el.style[name]}\nreturn style},setStyles:functionhash{forvar name in hash{iftypeof name==='string'&&this.el&&this.el.style{this.el.style[name]=hash[name]}}\nreturn this},getOuterHtml:function{var tmp,html=nullifthis.el{ifthis.el.outerHTML{html=this.el.outerHTML}else{tmp=elements.getElement.create'div'.appendToelements.getBody.setStyles{display:'none'}elements.getElementthis.el.cloneNodetrue.appendTotmphtml=tmp.getInnerHtmltmp.remove}}\nreturn html},getInnerHtml:function{var html=''ifthis.el&&this.el.innerHTML{html=this.el.innerHTML}\nreturn html},setHtml:functionhtml{ifthis.el{this.el.innerHTML=html}\nreturn this},replaceHtml:functiontoken,html{ifthis.el&&this.el.innerHTML{this.el.innerHTML=this.el.innerHTML.replacetoken,html}\nreturn this},get:functionname{returnthis.el&&this.el.getAttribute?this.el.getAttributename:null},set:functionhash{forvar name in hash{iftypeof name==='string'&&this.el&&this.el.setAttribute{this.el.setAttributename,hash[name]}}\nreturn this},rem:functionname{ifthis.el&&this.el.removeAttribute{this.el.removeAttributename}\nreturn this},appendTo:functionother{ifother.el&&other.el.appendChild{other.el.appendChildthis.el}\nreturn this},insertInto:functionother{ifother.el.firstChild&&other.el.insertBefore{other.el.insertBeforethis.el,other.el.firstChild}else{this.appendToother}\nreturn this},remove:function{this.cleanifthis.el&&this.el.parentNode{this.el.parentNode.removeChildthis.el}\nthis.el=nullreturn this},create:functiontype{ifthis.el===null{this.el=document.createElementtypethis.set{id:this.id}}\nreturn this},makeDraggable:functionoptions{ifthis.draggable{this.draggable.clean}\nthis.draggable=new Draggablethis,optionsthis.draggable.initreturn this},resetDraggable:function{ifthis.draggable{this.draggable.reset}\nreturn this},clean:function{ifthis.draggable{this.draggable.clean}}}Draggable.prototype={events:{},position:{},start:functionevent{ifthis.events.start&&typeof this.events.start==='function'{this.events.start.callthis.element}\nthis.position.relative=this.element.getPositionthis.position.relative={x:event.page.x-this.position.relative.x,y:event.page.y-this.position.relative.y}elements.getElementevent.document.addEvents{mousemove:utils.bindthis,'drag',mouseup:utils.bindthis,'stop',mousedown:utils.bindthis,'eventStop',selectstart:utils.bindthis,'eventStop'}},drag:functionevent{this.element.setPosition{x:event.page.x-this.position.relative.x,y:event.page.y-this.position.relative.y}},stop:functionevent{ifthis.events.stop&&typeof this.events.stop==='function'{this.events.stop.callthis.element}\nelements.getElementevent.document.removeEvents{mousemove:utils.bindthis,'drag',mouseup:utils.bindthis,'stop',mousedown:utils.bindthis,'eventStop',selectstart:utils.bindthis,'eventStop'}},eventStop:functionevent{event.stop},reset:functionevent{this.element.setPositionthis.position.initial},init:function{this.handle.addEvents{mousedown:utils.bindthis,'start'}this.position.initial=this.element.getPosition},clean:function{this.handle.removeEvents{mousedown:utils.bindthis,'start'}}}return{getElement:functionselector{return new Elementselector},getPrototype:function{return Element.prototype},getElementList:functionname{return document.getElementsByTagNamename},getBody:function{return this.getElementthis.getElementList'body'[0]},getHead:function{return this.getElementthis.getElementList'head'[0]},getMetadata:functionname{var i=0,content=null,metadata=this.getElementList'meta'fori=0i<metadata.lengthi+=1{ifname===metadata.name{content=metadata.contentbreak}}\nreturn content},getProperty:functionname{return document[name]}}}window.veoh=function{return this}window.veoh.elements=elementswindow.veoh.utils=utils}]]></elements>\r\n <injest><![CDATA[\nfunction{var window=this,elements=window.veoh.elements,utils=window.veoh.utils,baseUrl=window.veoh.baseUrl||'hxxp://www.veoh.com/',ingest=function{var Button=functionindex,embed{this.alt=''this.anchor=nullthis.button=nullthis.form=nullthis.frame=nullthis.embed=embedthis.index=indexthis.loaded=falsethis.hideHandle=nullthis.moveHandle=nullthis.moveIncrement=5this.offset={x:0,y:0}this.src='images/ingest.png'this.title='Add to Veoh playlist'this.height=30this.width=55},Frame=function{this.dragBox=nullthis.dragClose=nullthis.dragTitle=nullthis.dragFrame=nullthis.loaded=false},Form=function{this.form=nullthis.loaded=false}Button.prototype={init:functionframe,form{if!this.loaded{this.button=elements.getElement'com_veoh_ingestButton'.create'div'.appendToelements.getBody.setStyles{position:'absolute',height:'0px',width:this.width+'px',overflow:'hidden',zIndex:'10000'}this.anchor=elements.getElement'com_veoh_open'.create'a'.appendTothis.button.set{href:'#',title:this.title}.setHtml'<img border=\0\ alt=\'+this.alt+'\ height=\'+this.height+'\ width=\'+this.width+'\ src=\'+baseUrl+this.src+'\ />'this.anchor.addEvents{click:utils.bindthis,'click'}this.button.addEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.embed.addEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.loaded=true}\nthis.frame=framethis.form=formthis.anchor.set{'com_veoh_index':this.index,'id':'com_veoh_open'+this.index}this.button.set{'com_veoh_index':this.index,'id':'com_veoh_ingestButton'+this.index}this.embed.set{'com_veoh_index':this.index}ifthis.button.getStyle'height'==='0px'{this.offset=this.embed.getOffsetthis.button.setPositionthis.offset}\nreturn this},clean:function{ifthis.loaded{this.anchor.removeEvents{click:utils.bindthis,'click'}this.button.removeEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.embed.removeEvents{mouseover:utils.bindthis,'show',mouseout:utils.bindthis,'hide'}this.button.removethis.embed.rem'com_veoh_index'this.anchor=nullthis.button=nullthis.embed=nullthis.frame=nullthis.form=nullthis.offset={x:0,y:0}this.loaded=false}\nreturn this},setIndex:functionindex{this.index=indexreturn this},isOrphan:function{var node=this.embedwhilenode&&node.el&&node.el!==elements.getBody.el{node=node.getParent}\nreturn!node&&node.el&&node.el===elements.getBody.el},click:functionevent{iftypeof this.form==='object'&&typeof this.frame==='object'{this.form.submitthis.embed.getOuterHtml,this.embed.el.offsetWidth,this.embed.el.offsetHeightthis.frame.openthis.embed.getOffset{x:this.embed.el.offsetWidth+10}}\nevent.preventDefault},show:functionevent{var initialY=this.offset.y,targetY=this.offset.y-this.heightiftypeof this.button==='object'&&typeof this.button.growShrinkY==='function'{window.clearTimeoutthis.hideHandlethis.button.growShrinkYinitialY,targetY,this.moveIncrement,this}},hide:functionevent{var thisArg=this,initialY=this.offset.y,targetY=initialY,hide=function{iftypeof thisArg.button==='object'&&typeof thisArg.button.growShrinkY==='function'{thisArg.button.growShrinkYinitialY,targetY,thisArg.moveIncrement,thisArg}}window.clearTimeoutthis.hideHandlethis.hideHandle=window.setTimeouthide,500}}Frame.prototype={init:function{if!this.loaded{this.dragBox=elements.getElement'com_veoh_dragBox'.create'div'.appendToelements.getBody.setStyles{backgroundColor:'#ffffff',border:'4px groove',cursor:'move',display:'none',fontSize:'12px',position:'absolute',height:'auto',width:'300px',top:'0px',left:'0px',zIndex:20000}.setHtml'<a id=\com_veoh_dragClose\ href=\></a>'+'<h2 id=\com_veoh_dragTitle\></h2>'+'<iframe id=\com_veoh_dragFrame\ name=\com_veoh_dragFrame\ src=\about:blank\></iframe>'this.dragClose=elements.getElement'com_veoh_dragClose'.set{href:'#',title:'Close'}.setStyles{background:'transparent url'+baseUrl+'images/veoh_sprite.gif no-repeat scroll -73px 0px',cursor:'pointer',position:'absolute',height:'14px',width:'14px',top:'10px',right:'10px',zIndex:30000}this.dragTitle=elements.getElement'com_veoh_dragTitle'.setStyles{borderBottom:'1px dotted #d7d7d7',color:'#444444',font:'bold 1.25em \Lucida Grande\,Tahoma,Arial,Helvetica,sans-serif',margin:'10px 10px 0px 10px',paddingBottom:'5px',textAlign:'left'}.setHtml'Add to Veoh playlist'this.dragFrame=elements.getElement'com_veoh_dragFrame'.set{frameborder:'0',height:'250',width:'300',scrolling:'yes'}.setStyles{marginTop:'1px'}this.dragBox.makeDraggable{start:function{elements.getElement'com_veoh_iframeFix'.create'div'.setStyles{opacity:'0.001',position:'absolute',height:'250px',width:'300px',left:'0px',top:'0px',zIndex:1000}.appendTothis},stop:function{elements.getElement'com_veoh_iframeFix'.remove}}this.dragClose.addEvents{click:utils.bindthis,'close',mouseover:utils.bindthis,'closeFocus',mouseout:utils.bindthis,'closeBlur'}}\nreturn this},clean:function{ifthis.loaded{this.dragClose.removeEvents{click:utils.bindthis,'close',mouseover:utils.bindthis,'closeFocus',mouseout:utils.bindthis,'closeBlur'}this.dragBox.cleanthis.dragBox.removethis.dragBox=nullthis.dragClose=nullthis.dragFrame=nullthis.dragTitle=nullthis.loaded=false}\nreturn this},open:functionoffset{iftypeof this.dragBox==='object'{this.dragBox.setPositionoffsetthis.dragBox.setStyles{display:'block'}}},close:functionevent{iftypeof this.dragBox==='object'&&typeof this.dragFrame==='object'{this.dragBox.setStyles{display:'none'}this.dragFrame.set{src:'about:blank'}}\nevent.preventDefault},closeFocus:functionevent{iftypeof this.dragClose==='object'{this.dragClose.setStyles{backgroundPosition:'-73px -14px'}}},closeBlur:functionevent{iftypeof this.dragClose==='object'{this.dragClose.setStyles{backgroundPosition:'-73px 0px'}}}}Form.prototype={init:function{if!this.loaded{this.form=elements.getElement'com_veoh_ingestForm'.create'form'.appendToelements.getBody.set{action:baseUrl+'ingest',method:'post',target:'com_veoh_dragFrame'}.setHtml'<input id=\com_veoh_ingestForm_title\ name=\title\ type=\hidden\ value=\ />'+'<input id=\com_veoh_ingestForm_url\ name=\url\ type=\hidden\ value=\ />'+'<input id=\com_veoh_ingestForm_width\ name=\width\ type=\hidden\ value=\ />'+'<input id=\com_veoh_ingestForm_height\ name=\height\ type=\hidden\ value=\ />'+'<textarea id=\com_veoh_ingestForm_embedCode\ name=\embed_code\ style=\display:none\></textarea>'+'<textarea id=\com_veoh_ingestForm_pageText\ name=\page_text\ style=\display:none\></textarea>'}\nreturn this},clean:function{ifthis.loaded{this.form.removethis.form=nullthis.loaded=false}},submit:functionembedHtml,width,height{var name='',item='',fields={}iftypeof this.form==='object'{fields.embedCode=embedHtmlfields.width=''+widthfields.height=''+heightfields.title=elements.getMetadata'title'||elements.getProperty'title'fields.url=elements.getProperty'URL'fields.pageText=''forname in fields{iftypeof fields[name]==='string'{item=elements.getElement'com_veoh_ingestForm_'+nameif'input'===item.getTag{item.set{value:utils.encodefields[name]}}else{item.setHtmlutils.encodefields[name]}}}\nthis.form.el.submit}}}return{buttonList:[],form:null,frame:null,attempt:functioninterval,limit{var blacklist={'hulu':'www.hulu.com','veoh':'www.veoh.com'}try{if!this.isBlacklistedHostdocument.URL,blacklist{this.initinterval,limit}}catche{}},init:functioninterval,limit{var timer=null,init=function{var i=0iflimit===0{window.clearIntervaltimerreturn}else iflimit>0{limit-=1}\nfori=0i<this.buttonList.lengthi+=1{ifthis.buttonList&&this.buttonList.isOrphan{this.buttonList.cleanthis.buttonList=null}}\nthis.buttonList=this.getButtonsthis.buttonListifthis.buttonList.length>0{this.form=this.form||this.getFormthis.frame=this.frame||this.getFramefori=0i<this.buttonList.lengthi+=1{ifthis.buttonList{this.buttonList.initthis.frame,this.form}}}},callInit=function{init.callingest},unload=function{ingest.clean.callingest}interval=interval||0limit=limit||1init.callthisifinterval>0{window.setIntervalcallInit,interval*1000}\nelements.getElementwindow.addEvents{'unload':unload}},clean:function{ifthis.form{this.form.cleanthis.form=null}\nifthis.frame{this.frame.cleanthis.frame=null}\nforvar i=0i<this.buttonList.lengthi+=1{ifthis.buttonList{this.buttonList.cleanthis.buttonList=null}}\nthis.buttonList=[]},getButtons:functionexistingButtons{var buttonList=[],processTagList=functiontag,baseIndex{var i=0,j=0,item=null,parent=null,list=elements.getElementListtagbaseIndex=baseIndex||0fori=0i<list.lengthi+=1{iflist{item=elements.getElementlistparent=item.getParentif!item.get'processed'{ifingest.isVideoEmbeditem{buttonList=new Buttoni,item}\nitem.set{'processed':'true'}if'object'===parent.getTag{parent.set{'processed':'true'}}}else{j=window.parseIntitem.get'com_veoh_index'if!window.isNaNj&&existingButtons[j]{buttonList=existingButtons[j].setIndexi}}}}}existingButtons=existingButtons||[]processTagList'embed'processTagList'object',buttonList.lengthreturn buttonList},getForm:function{var form=new Formreturn form.init},getFrame:function{var frame=new Framereturn frame.init},getSourceUrl:functionembed{var embedList=null,paramList=null,i=0,url=embed.src||embed.dataif!url{paramList=embed.getElementsByTagName'param'ifparamList&&paramList.length>0{fori=0i<paramList.lengthi+=1{ifparamList.name==='movie'{url=paramList.value}}}}\nif!url{embedList=embed.getElementsByTagName'embed'ifembedList&&embedList.length>0{url=embedList[0].src}}\nreturn url},isBlacklistedHost:functionurl,blacklist{forvar name in blacklist{ifurl.indexOf'hxxp://'+blacklist[name]===0{return true}}\nreturn false},isVideoEmbed:functionitem{var embed=item.el,name='',sourceURL='',adSizes={'mediumRectangle':{w:300,h:250},'squarePopup':{w:250,h:250},'verticalRectangle':{w:240,h:400},'largeRectangle':{w:336,h:280},'rectangle':{w:180,h:150},'3x1Rectangle':{w:300,h:100},'popUnder':{w:720,h:300},'fullBanner':{w:468,h:60},'halfBanner':{w:234,h:60},'microBar':{w:88,h:31},'button1':{w:120,h:90},'button2':{w:120,h:60},'verticalBanner':{w:120,h:240},'squareButton':{w:125,h:125},'leaderboard':{w:768,h:90},'wideSkyscraper':{w:160,h:600},'skyscraper':{w:120,h:600},'halfPageAd':{w:300,h:600},'1x1Pixel':{w:1,h:1},'120x20Button':{w:120,h:20},'300x60Rectangle':{w:300,h:60},'970x100Banner':{w:970,h:100},'970x250Banner':{w:970,h:250}},hostBlacklist={'m1.2mdn.net':'m1.2mdn.net'}if!embed{return false}\nsourceURL=this.getSourceUrlembedif!sourceURL||sourceURL.indexOf'hxxp://'!==0{return false}\nifthis.isBlacklistedHostsourceURL,hostBlacklist{return false}\nif900<embed.offsetWidth{return false}\nif0<embed.offsetHeight&&embed.offsetHeight<200{return false}\nifembed.height===\0\||embed.width===\0\{return false}\nforname in adSizes{ifadSizes[name].w===embed.offsetWidth&&adSizes[name].h===embed.offsetHeight{return false}else ifadSizes[name].w==embed.width&&adSizes[name].h==embed.height{return false}}\nreturn true}}}window.veoh.elements.getPrototype.growShrinkY=functioninitialY,targetY,increment,hContainer{var thisArg=this,currentY=thisArg.getPosition.y,move=function{iftargetY<currentY{currentY=Math.maxtargetY,currentY-incrementthisArg.setStyles{top:currentY+'px',height:initialY-currentY+'px'}}else iftargetY>currentY{currentY=Math.mintargetY,currentY+incrementthisArg.setStyles{top:currentY+'px',height:initialY-currentY+'px'}}else{window.clearIntervalhContainer.moveHandle}}iftargetY!==currentY{window.clearIntervalhContainer.moveHandlehContainer.moveHandle=window.setIntervalmove,1}}window.veoh.ingest=ingest}]]></injest>\r\n <injestInit><![CDATA[veoh.ingest.attempt5,-1]]></injestInit>\r\n </bookmark>\r\n </results>\r\n \r\n\r\n\r\n
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Rom1\AppData\Roaming\HouseCall 6.6\patch.exe
.
===================================
.
35257 Octet(s) - C:\Ad-Report-CLEAN[1].log
33841 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
0 Fichier(s) - C:\Users\Rom1\AppData\Local\Temp
6 Fichier(s) - C:\Windows\Temp
.
39 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
1552 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 17:30:41 | 05/12/2009 - CLEAN[2]
.
============== E.O.F ==============
.
JE VAIS RSIT ET JE T'ENVOIS LE RAPPORT
 

laurie6873

Habitué
VOICI LE RAPPORT DE RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rom1 at 2009-12-05 17:55:06
Microsoft® Windows Vista™ Édition Intégrale Service Pack 2
System drive C: has 84 GB (55%) free of 153 GB
Total RAM: 1978 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:53, on 05/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rom1\Desktop\RSIT.exe
C:\Program Files\trend micro\Rom1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6464 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{FB4F1A77-FABA-4880-9E47-82118E7B767C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-10-05 520024]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"CaISSDT"=C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe [2006-04-21 165416]
"eTrustPPAP"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe [2009-12-03 258048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-07 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4caebcb-5826-11de-82f1-001f16438fb6}]
shell\AutoRun\command - G:\SETUP.EXE
shell\configure\command - G:\SETUP.EXE
shell\install\command - G:\SETUP.EXE


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-12-04 20:55:25 ----A---- C:\Windows\ntbtlog.txt
2009-12-04 18:40:04 ----D---- C:\Program Files\Ad-Remover
2009-12-04 18:29:42 ----A---- C:\UsbFix.txt
2009-12-04 18:29:11 ----D---- C:\UsbFix
2009-12-04 14:57:13 ----D---- C:\Users\Rom1\AppData\Roaming\Malwarebytes
2009-12-04 14:57:06 ----D---- C:\ProgramData\Malwarebytes
2009-12-04 14:57:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-04 12:03:50 ----D---- C:\Program Files\trend micro
2009-12-04 12:03:49 ----D---- C:\rsit
2009-12-03 23:58:45 ----A---- C:\Windows\pestpatrol5.INI
2009-12-03 23:56:09 ----D---- C:\ProgramData\CA
2009-12-03 23:55:48 ----D---- C:\Program Files\Common Files\Scanner
2009-12-03 23:55:24 ----D---- C:\Program Files\CA
2009-12-03 23:27:29 ----A---- C:\caisslog.txt
2009-12-03 21:40:08 ----D---- C:\Users\Rom1\AppData\Roaming\HouseCall 6.6
2009-12-03 21:40:05 ----D---- C:\Windows\system32\HouseCall 6.6
2009-12-02 23:27:21 ----A---- C:\FtpCmd.txt
2009-12-02 20:50:24 ----D---- C:\Program Files\Gameztar Toolbar
2009-12-02 20:50:10 ----HDC---- C:\ProgramData\{09E43F98-1DEA-4220-AB2B-AB6AD067E5D3}
2009-12-02 00:14:56 ----A---- C:\Windows\wininit.ini
2009-12-01 23:42:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-01 23:42:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-26 00:19:20 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 10:57:58 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 10:57:54 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 00:05:12 ----D---- C:\ProgramData\Google
2009-11-11 11:40:48 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-08 16:52:38 ----D---- C:\Program Files\PhotoFiltre
2009-11-07 11:03:22 ----D---- C:\Users\Rom1\AppData\Roaming\FireShot
2009-11-04 11:37:53 ----A---- C:\Windows\system32\mshtml.dll
2009-10-27 12:29:55 ----D---- C:\Program Files\Adobe
2009-10-27 10:46:12 ----A---- C:\Windows\system32\wups2.dll
2009-10-27 10:46:12 ----A---- C:\Windows\system32\wucltux.dll
2009-10-27 10:46:12 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-27 10:46:12 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-27 10:45:49 ----A---- C:\Windows\system32\wups.dll
2009-10-27 10:45:49 ----A---- C:\Windows\system32\wudriver.dll
2009-10-27 10:45:49 ----A---- C:\Windows\system32\wuapi.dll
2009-10-27 10:45:36 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-27 10:45:36 ----A---- C:\Windows\system32\wuapp.exe
2009-10-16 15:27:36 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 15:27:25 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-16 15:27:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-16 15:27:14 ----A---- C:\Windows\system32\ieframe.dll
2009-10-16 15:27:12 ----A---- C:\Windows\system32\urlmon.dll
2009-10-16 15:27:12 ----A---- C:\Windows\system32\iertutil.dll
2009-10-16 15:27:11 ----A---- C:\Windows\system32\wininet.dll
2009-10-16 15:27:11 ----A---- C:\Windows\system32\occache.dll
2009-10-16 15:27:11 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-16 15:27:11 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-16 15:27:09 ----A---- C:\Windows\system32\ieui.dll
2009-10-16 15:27:09 ----A---- C:\Windows\system32\iepeers.dll
2009-10-16 15:27:08 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-16 15:27:08 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-16 15:27:08 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-16 15:27:08 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-16 15:27:07 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-16 15:27:07 ----A---- C:\Windows\system32\iesetup.dll
2009-10-16 15:27:07 ----A---- C:\Windows\system32\iernonce.dll
2009-10-16 15:27:07 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-16 15:26:55 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 15:26:44 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-03 10:54:26 ----N---- C:\Windows\system32\MpSigStub.exe
2009-09-28 18:37:28 ----D---- C:\ProgramData\WindowsSearch
2009-09-17 14:17:57 ----D---- C:\Users\Rom1\AppData\Roaming\cerasus.media
2009-09-17 14:16:41 ----D---- C:\ProgramData\BOONTY
2009-09-17 14:16:33 ----D---- C:\Program Files\Common Files\BOONTY Shared
2009-09-17 14:15:07 ----D---- C:\Program Files\BoontyGames
2009-09-17 14:12:14 ----D---- C:\Boonty
2009-09-12 17:24:50 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-12 17:24:50 ----A---- C:\Windows\system32\wlansec.dll
2009-09-12 17:24:50 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-12 17:24:50 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-12 17:24:49 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-12 17:24:31 ----A---- C:\Windows\system32\jscript.dll
2009-09-12 17:24:06 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-12 17:24:04 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-12 17:24:04 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-12 17:24:04 ----A---- C:\Windows\system32\ARP.EXE
2009-09-12 17:24:03 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-12 17:24:03 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-12 17:24:03 ----A---- C:\Windows\system32\finger.exe
2009-09-12 17:24:02 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-12 17:24:01 ----A---- C:\Windows\system32\netevent.dll
2009-09-12 17:22:53 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-12 17:22:52 ----A---- C:\Windows\system32\mf.dll
2009-09-08 12:02:10 ----D---- C:\Users\Rom1\AppData\Roaming\CyberLink
2009-09-08 12:02:01 ----A---- C:\ProgramData\MobileTV.exe
2009-09-08 12:02:01 ----A---- C:\ProgramData\DVD.exe
2009-09-08 12:02:00 ----A---- C:\ProgramData\MPV.exe
2009-09-08 12:02:00 ----A---- C:\ProgramData\Karaoke.exe
2009-09-08 12:01:59 ----D---- C:\ProgramData\FRA
2009-09-08 12:01:59 ----A---- C:\ProgramData\hpqp.txt
2009-09-08 12:01:59 ----A---- C:\ProgramData\Games.exe
2009-09-06 09:14:38 ----D---- C:\Windows\system32\appmgmt

======List of files/folders modified in the last 3 months======

2009-12-05 17:55:25 ----D---- C:\Windows\Prefetch
2009-12-05 17:55:17 ----D---- C:\Windows\Temp
2009-12-05 17:51:25 ----HD---- C:\ProgramData
2009-12-05 17:49:56 ----D---- C:\Windows\system32\catroot2
2009-12-05 17:40:42 ----D---- C:\Program Files\Mozilla Firefox
2009-12-05 17:19:13 ----D---- C:\Windows\System32
2009-12-05 17:19:13 ----D---- C:\Windows\inf
2009-12-05 17:19:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-05 17:14:45 ----A---- C:\ProgramData\HPWALog.txt
2009-12-05 15:01:29 ----SHD---- C:\Windows\Installer
2009-12-05 14:58:42 ----SHD---- C:\System Volume Information
2009-12-05 10:47:08 ----D---- C:\ProgramData\Symantec
2009-12-04 23:19:23 ----HD---- C:\Windows\system32\GroupPolicy
2009-12-04 22:10:19 ----D---- C:\Poker
2009-12-04 21:52:29 ----A---- C:\ProgramData\hpqp.ini
2009-12-04 20:55:25 ----D---- C:\Windows
2009-12-04 18:40:04 ----RD---- C:\Program Files
2009-12-04 16:32:13 ----D---- C:\Windows\system32\drivers
2009-12-03 23:58:40 ----SD---- C:\ProgramData\Microsoft
2009-12-03 23:55:48 ----D---- C:\Program Files\Common Files
2009-12-03 21:40:08 ----SD---- C:\Windows\Downloaded Program Files
2009-12-02 22:03:29 ----SD---- C:\Users\Rom1\AppData\Roaming\Microsoft
2009-12-02 21:38:43 ----D---- C:\Windows\Debug
2009-11-26 11:39:36 ----D---- C:\Windows\rescache
2009-11-26 00:21:00 ----D---- C:\Windows\winsxs
2009-11-26 00:20:33 ----D---- C:\Windows\system32\fr-FR
2009-11-26 00:20:25 ----D---- C:\Windows\system32\catroot
2009-11-12 00:13:06 ----D---- C:\ProgramData\Microsoft Help
2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-10-27 16:11:59 ----D---- C:\ProgramData\Adobe
2009-10-27 12:30:06 ----D---- C:\Program Files\Common Files\Adobe
2009-10-27 10:47:03 ----D---- C:\Windows\PolicyDefinitions
2009-10-26 13:12:26 ----D---- C:\Users\Rom1\AppData\Roaming\dvdcss
2009-10-17 10:41:28 ----D---- C:\Windows\Microsoft.NET
2009-10-17 10:41:05 ----RSD---- C:\Windows\assembly
2009-10-17 09:03:36 ----D---- C:\Windows\system32\migration
2009-10-17 09:03:35 ----D---- C:\Program Files\Internet Explorer
2009-10-06 17:40:41 ----D---- C:\Windows\system32\WDI
2009-10-05 15:26:51 ----A---- C:\Windows\system32\lsdelete.exe
2009-09-13 00:23:23 ----D---- C:\Windows\ehome
2009-09-06 09:28:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-06 09:13:10 ----D---- C:\ProgramData\VMware
2009-09-06 09:02:36 ----D---- C:\ProgramData\eMule

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20091120.002\IDSvix86.sys [2009-11-20 286768]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-19 1093120]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-06-05 222208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-07 2378752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091204.037\NAVENG.SYS [2009-08-25 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091204.037\NAVEX15.SYS [2009-08-25 1323568]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-07-05 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 aqardpc5;aqardpc5; C:\Windows\system32\drivers\aqardpc5.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys []
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2007-01-30 205312]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-05 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2009-09-17 69120]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-04-23 239160]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-07-05 1251720]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

-----------------EOF-----------------
 
Vous devez vous inscrire ou vous connecter pour répondre ici.
Derniers messages publiés
Statistiques globales
Discussions
730 098
Messages
6 717 055
Membres
1 586 282
Dernier membre
Yannick3553
Partager cette page
Haut