Ptitciel

Membres

Afficher le profil Afficher son activité

Compteur de contenus
4
Inscription
le 31 mars 2006
Dernière visite
le 16 juin 2010

Autres informations

Mes langues
franc anglais

Ptitciel's Achievements

Junior Member (3/12)

Réputation sur la communauté

nouveau log Hijackthis

Ptitciel a posté un sujet dans Analyses et éradication malwares

Bonsoir Pear comme convenue je te fait parvenir un nouveau log de mon pc , dans l'attente d'un sauvetage merci par avance Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 184 GB (96%) free of 191 GB Total RAM: 511 MB (11% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:49:17, on 21/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\WinRoll\winroll.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\KO Approach\Approach.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\DeskSpace\deskspace.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\MICKY\Bureau\RSIT.exe C:\Program Files\trend micro\MICKY.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: McAfee Application Installer Cleanup (0234291224540343) (0234291224540343mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\023429~1.EXE O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Program Files\Micro Application\PC Anonyme\IJStealth4Svc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 9332 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-10-19 5702472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] SaveLinksOrder Locked {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-10-19 5702472] {95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2007-04-13 271360] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456] "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2006-07-17 122880] "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864] "TransBar"=C:\WINDOWS\system32\transbar.exe [2004-08-28 139264] "Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200] "Look 'n' Stop"=C:\Program Files\Soft4Ever\looknstop\looknstop.exe [2008-10-19 516164] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472] "nwiz"=nwiz.exe /install [] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-04-07 877568] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 140288] "WinRoll"=C:\Program Files\WinRoll\winroll.exe [2004-04-06 15360] "DeskSpace"=C:\Program Files\DeskSpace\deskspace.exe [2007-09-18 1066496] "STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2005-01-25 1159168] "RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2006-08-16 364544] "RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-10-19 160592] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-09-09 3513344] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-05-27 243072] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NVMCTRAY.DLL [2003-07-28 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2006-06-21 35328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] C:\Documents and Settings\MICKY\Menu Démarrer\Programmes\Démarrage KO Approach.lnk - C:\Program Files\KO Approach\Approach.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ComPlusSetup] C:\WINDOWS\system32\catsrvut.dll [2004-08-28 625152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2004-08-28 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoUserNameInStartMenu"=1 "NoSMHelp"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2008-10-21 01:48:35 ----D---- C:\Program Files\trend micro 2008-10-21 01:48:31 ----D---- C:\rsit 2008-10-21 00:05:43 ----D---- C:\Program Files\Fichiers communs\McAfee 2008-10-21 00:05:04 ----D---- C:\WINDOWS\LastGood 2008-10-21 00:04:59 ----D---- C:\Program Files\McAfee 2008-10-20 17:28:51 ----D---- C:\Documents and Settings\MICKY\Application Data\Spy Emergency 2008-10-20 17:28:37 ----A---- C:\WINDOWS\system32\sremcon.exe 2008-10-20 17:28:32 ----D---- C:\Documents and Settings\All Users\Application Data\NETGATE 2008-10-20 17:28:31 ----D---- C:\Program Files\NETGATE 2008-10-20 03:01:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-20 02:04:50 ----D---- C:\Documents and Settings\MICKY\Application Data\SYSTRAN 2008-10-20 02:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-10-20 01:25:38 ----D---- C:\Program Files\SYSTRAN 2008-10-20 01:25:18 ----A---- C:\WINDOWS\system32\libxslt.dll 2008-10-20 01:25:18 ----A---- C:\WINDOWS\system32\iconv.dll 2008-10-20 01:25:16 ----A---- C:\WINDOWS\system32\libxml2.dll 2008-10-20 01:25:16 ----A---- C:\WINDOWS\system32\libexslt.dll 2008-10-20 00:35:04 ----D---- C:\Program Files\uTorrent 2008-10-20 00:34:55 ----D---- C:\Documents and Settings\MICKY\Application Data\uTorrent 2008-10-20 00:32:34 ----D---- C:\Documents and Settings\MICKY\Application Data\PCAnonyme4 2008-10-20 00:20:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-20 00:19:53 ----D---- C:\Program Files\Micro Application 2008-10-20 00:09:15 ----D---- C:\Program Files\PeerGuardian2 2008-10-20 00:03:18 ----D---- C:\Program Files\SiteAdvisor 2008-10-20 00:03:01 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-10-20 00:03:01 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee 2008-10-19 23:52:12 ----D---- C:\Documents and Settings\MICKY\Application Data\DAEMON Tools Pro 2008-10-19 23:51:58 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-10-19 23:50:47 ----D---- C:\Program Files\DAEMON Tools Pro 2008-10-19 23:01:24 ----D---- C:\Documents and Settings\All Users\Application Data\IM 2008-10-19 22:58:03 ----D---- C:\Program Files\IncrediMail 2008-10-19 22:58:03 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-10-19 22:21:54 ----D---- C:\Program Files\Ashampoo 2008-10-19 22:06:13 ----D---- C:\Documents and Settings\MICKY\Application Data\K-Meleon 2008-10-19 22:05:54 ----D---- C:\Program Files\K-Meleon 2008-10-19 21:59:52 ----D---- C:\Program Files\zabkat 2008-10-19 21:48:11 ----D---- C:\Program Files\Microsoft 2008-10-19 21:46:22 ----D---- C:\Program Files\Fichiers communs\Windows Live 2008-10-19 21:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-10-19 21:42:36 ----D---- C:\Program Files\Messenger Plus! Live 2008-10-19 21:41:30 ----D---- C:\WINDOWS\SxsCaPendDel 2008-10-19 21:40:21 ----D---- C:\Program Files\Windows Live 2008-10-19 21:09:38 ----D---- C:\Program Files\Hijackthis Version Française 2008-10-19 20:37:25 ----D---- C:\Documents and Settings\MICKY\Application Data\Malwarebytes 2008-10-19 20:37:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-19 19:58:36 ----D---- C:\Program Files\ESET 2008-10-19 19:54:08 ----D---- C:\WINDOWS\system32\appmgmt 2008-10-19 19:14:39 ----D---- C:\Program Files\RocketDock 2008-10-19 19:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\MediaMonkey 2008-10-19 18:47:10 ----D---- C:\Program Files\TrueLaunchBar 2008-10-19 18:28:03 ----SHD---- C:\RECYCLER 2008-10-19 17:43:30 ----D---- C:\Program Files\DiskTrix 2008-10-19 17:40:23 ----D---- C:\Documents and Settings\MICKY\Application Data\ESTsoft 2008-10-19 17:39:42 ----D---- C:\Documents and Settings\All Users\Application Data\ESTsoft 2008-10-19 17:39:20 ----D---- C:\Program Files\ESTsoft 2008-10-19 17:26:01 ----D---- C:\Program Files\TGTSoft 2008-10-19 17:23:10 ----D---- C:\Program Files\Foxit Software 2008-10-19 17:22:32 ----D---- C:\Program Files\CCleaner 2008-10-19 17:16:27 ----D---- C:\Documents and Settings\MICKY\Application Data\Macromedia 2008-10-19 17:16:27 ----D---- C:\Documents and Settings\MICKY\Application Data\Adobe 2008-10-19 17:07:54 ----D---- C:\Program Files\Siber Systems 2008-10-19 17:07:43 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm 2008-10-19 16:32:31 ----D---- C:\Documents and Settings\MICKY\Application Data\Mozilla 2008-10-19 16:32:18 ----D---- C:\Program Files\Mozilla Firefox 2008-10-19 16:29:21 ----A---- C:\WINDOWS\system32\stci.dll 2008-10-19 16:29:19 ----D---- C:\Program Files\Thomson 2008-10-19 16:29:18 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-19 16:21:30 ----D---- C:\Documents and Settings\MICKY\Application Data\OtakuSoftware 2008-10-19 16:17:23 ----D---- C:\Program Files\DeskSpace 2008-10-19 16:09:42 ----D---- C:\WINDOWS\pss 2008-10-19 15:19:15 ----RA---- C:\WINDOWS\system32\BASSMOD.dll 2008-10-19 15:18:01 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-19 15:17:37 ----D---- C:\Program Files\DFX 2008-10-19 15:15:57 ----D---- C:\WINDOWS\system32\data 2008-10-19 15:15:45 ----D---- C:\Program Files\WinRoll 2008-10-19 15:12:03 ----D---- C:\Program Files\Google 2008-10-19 15:05:29 ----D---- C:\Program Files\KO Approach 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxwave.dll 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxsfs.dll 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxmas.dll 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxinsa64.exe 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxhpinst.exe 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxdrv.dll 2008-10-19 14:56:46 ----R---- C:\WINDOWS\system32\pxcpya64.exe 2008-10-19 14:56:46 ----N---- C:\WINDOWS\system32\vxblock.dll 2008-10-19 14:56:45 ----R---- C:\WINDOWS\system32\px.dll 2008-10-19 14:56:37 ----D---- C:\Program Files\Winamp 2008-10-19 14:56:37 ----D---- C:\Documents and Settings\MICKY\Application Data\Winamp 2008-10-19 14:49:20 ----D---- C:\Program Files\MediaMonkey 2008-10-19 14:46:56 ----D---- C:\Documents and Settings\MICKY\Application Data\TeraCopy 2008-10-19 14:46:23 ----D---- C:\Program Files\TeraCopy 2008-10-19 14:43:30 ----D---- C:\Program Files\CursorXP 2008-10-19 06:08:54 ----D---- C:\Documents and Settings\MICKY\Application Data\ESET 2008-10-19 06:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-19 06:03:02 ----D---- C:\WINDOWS\nview 2008-10-19 06:02:53 ----D---- C:\Program Files\Fichiers communs\InstallShield 2008-10-19 06:02:46 ----D---- C:\NVIDIA 2008-10-19 05:55:19 ----D---- C:\Documents and Settings\MICKY\Application Data\Xentient 2008-10-19 05:44:47 ----D---- C:\Documents and Settings\MICKY\Application Data\Styler 2008-10-19 05:44:34 ----D---- C:\Program Files\MSXML 6.0 2008-10-19 05:41:02 ----N---- C:\WINDOWS\system32\tzchange.exe 2008-10-19 05:40:35 ----D---- C:\Program Files\Cener Development 2008-10-19 05:40:27 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-10-19 05:39:39 ----D---- C:\Program Files\Windows Defender 2008-10-19 05:37:29 ----D---- C:\WINDOWS\Prefetch 2008-10-19 05:32:32 ----D---- C:\Program Files\UberIcon 2008-10-19 05:32:32 ----D---- C:\Program Files\TweakRAM 2008-10-19 05:32:32 ----D---- C:\Program Files\Styler 2008-10-19 05:32:32 ----D---- C:\Program Files\Paint.NET 2008-10-19 05:32:32 ----D---- C:\Program Files\Occtpt 2008-10-19 05:32:32 ----D---- C:\Program Files\IE Privacy Keeper 2008-10-19 05:32:32 ----D---- C:\Program Files\FoxitReader 2008-10-19 05:32:32 ----D---- C:\Program Files\Compare It! 2008-10-19 05:32:32 ----D---- C:\Program Files\AusLogics Disk Defrag 2008-10-19 05:32:32 ----D---- C:\Program Files\Ad-Aware 2008-10-19 05:32:31 ----D---- C:\Program Files\Spybot 2008-10-19 05:32:31 ----D---- C:\Program Files\Everest 2008-10-19 05:32:20 ----RA---- C:\WINDOWS\system32\fwapi.dll 2008-10-19 05:32:20 ----D---- C:\Program Files\Soft4Ever 2008-10-19 05:32:16 ----D---- C:\WINDOWS\VAIO 2008-10-19 05:32:00 ----RD---- C:\Program Files\Windows Sidebar 2008-10-19 05:31:59 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-10-19 05:31:52 ----RA---- C:\WINDOWS\system32\latency.exe 2008-10-19 05:31:52 ----RA---- C:\WINDOWS\system32\cpuz.ini 2008-10-19 05:31:52 ----RA---- C:\WINDOWS\system32\cpuz.exe 2008-10-19 05:31:52 ----D---- C:\WINDOWS\system32\Vistadrive 2008-10-19 05:23:55 ----D---- C:\WINDOWS\l2schemas 2008-10-19 05:23:50 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-10-19 05:23:47 ----A---- C:\WINDOWS\system32\wzcdlg.dll 2008-10-19 05:23:25 ----RA---- C:\WINDOWS\system32\certmgr.dll 2008-10-19 05:22:02 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2008-10-19 05:06:35 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-19 04:54:49 ----RA---- C:\WINDOWS\system32\irclass.dll 2008-10-19 04:54:43 ----A---- C:\WINDOWS\system32\spxcoins.dll 2008-10-19 04:53:46 ----RA---- C:\WINDOWS\system32\h323log.txt 2008-10-19 04:52:36 ----RA---- C:\WINDOWS\system32\ksuser.dll 2008-10-19 04:48:06 ----RA---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-19 04:48:05 ----D---- C:\Program Files\Fichiers communs\ODBC 2008-10-19 04:48:05 ----A---- C:\WINDOWS\ODBCINST.INI 2008-10-19 04:47:58 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2008-10-19 04:47:57 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-10-19 04:47:57 ----D---- C:\Program Files\Fichiers communs 2008-10-19 04:47:57 ----D---- C:\Program Files 2008-10-19 04:47:27 ----RA---- C:\WINDOWS\system32\dgrpsetu.dll 2008-10-19 04:47:26 ----RA---- C:\WINDOWS\system32\EqnClass.Dll 2008-10-19 04:47:14 ----A---- C:\WINDOWS\system32\storprop.dll 2008-10-19 04:47:04 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2008-10-19 04:46:48 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-19 04:46:48 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-19 04:46:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-19 04:45:38 ----D---- C:\Documents and Settings 2008-10-19 04:45:37 ----SHD---- C:\System Volume Information 2008-10-19 04:44:03 ----SH---- C:\boot.ini 2008-10-19 04:37:06 ----SHD---- C:\WINDOWS\Installer 2008-10-19 04:37:06 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-19 04:37:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-19 04:37:06 ----RSD---- C:\WINDOWS\Fonts 2008-10-19 04:37:06 ----RAD---- C:\WINDOWS 2008-10-19 04:37:06 ----HD---- C:\WINDOWS\inf 2008-10-19 04:37:06 ----D---- C:\WINDOWS\WinSxS 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Web 2008-10-19 04:37:06 ----D---- C:\WINDOWS\WBEM 2008-10-19 04:37:06 ----D---- C:\WINDOWS\twain_32 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Temp 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\wins 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\wbem 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\usmt 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\spool 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\ShellExt 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\Setup 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\ras 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\PreInstall 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\oobe 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\npp 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\mui 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\inetsrv 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\IME 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\icsxml 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\ias 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\fr-fr 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\export 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\en 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\drivers 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\dhcp 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\config 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\3com_dmi 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\3076 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\2052 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1054 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1042 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1041 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1037 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1036 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1033 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1031 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1028 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32\1025 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system32 2008-10-19 04:37:06 ----D---- C:\WINDOWS\system 2008-10-19 04:37:06 ----D---- C:\WINDOWS\security 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Resources 2008-10-19 04:37:06 ----D---- C:\WINDOWS\repair 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Provisioning 2008-10-19 04:37:06 ----D---- C:\WINDOWS\PeerNet 2008-10-19 04:37:06 ----D---- C:\WINDOWS\pchealth 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Offline Web Pages 2008-10-19 04:37:06 ----D---- C:\WINDOWS\NLDRV 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Network Diagnostic 2008-10-19 04:37:06 ----D---- C:\WINDOWS\mui 2008-10-19 04:37:06 ----D---- C:\WINDOWS\msapps 2008-10-19 04:37:06 ----D---- C:\WINDOWS\msagent 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Media 2008-10-19 04:37:06 ----D---- C:\WINDOWS\java 2008-10-19 04:37:06 ----D---- C:\WINDOWS\ime 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Help 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Driver Cache 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Debug 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Cursors 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Connection Wizard 2008-10-19 04:37:06 ----D---- C:\WINDOWS\Config 2008-10-19 04:37:06 ----D---- C:\WINDOWS\AppPatch 2008-10-19 04:37:06 ----D---- C:\WINDOWS\addins 2008-10-19 03:53:22 ----D---- C:\Documents and Settings\MICKY\Application Data\WinRAR 2008-10-19 03:53:09 ----D---- C:\Program Files\WinRAR 2008-10-19 03:24:56 ----D---- C:\Documents and Settings\MICKY\Application Data\Identities 2008-10-19 03:23:52 ----ASH---- C:\Documents and Settings\MICKY\Application Data\desktop.ini 2008-10-19 03:23:51 ----SD---- C:\Documents and Settings\MICKY\Application Data\Microsoft 2008-10-19 03:21:16 ----D---- C:\WINDOWS\SoftwareDistribution 2008-10-19 03:19:56 ----SD---- C:\WINDOWS\system32\Microsoft 2008-10-19 03:16:12 ----D---- C:\WINDOWS\system32\xircom 2008-10-19 03:16:12 ----D---- C:\Program Files\xerox 2008-10-19 03:16:12 ----D---- C:\Program Files\windows nt 2008-10-19 03:16:12 ----D---- C:\Program Files\netmeeting 2008-10-19 03:16:12 ----D---- C:\Program Files\msn gaming zone 2008-10-19 03:16:12 ----D---- C:\Program Files\movie maker 2008-10-19 03:16:12 ----D---- C:\Program Files\microsoft frontpage 2008-10-19 03:15:28 ----RA---- C:\WINDOWS\system32\msvcr71.dll 2008-10-19 03:15:28 ----RA---- C:\WINDOWS\system32\msvcp71.dll 2008-10-19 03:15:28 ----RA---- C:\WINDOWS\system32\mfc71u.dll 2008-10-19 03:15:28 ----A---- C:\WINDOWS\system32\TwnLib4.dll 2008-10-19 03:15:27 ----RA---- C:\WINDOWS\system32\MFC71.dll 2008-10-19 03:15:27 ----RA---- C:\WINDOWS\system32\imagXRA7.dll 2008-10-19 03:15:27 ----RA---- C:\WINDOWS\system32\imagXR7.dll 2008-10-19 03:15:27 ----RA---- C:\WINDOWS\system32\imagXpr7.dll 2008-10-19 03:15:23 ----RA---- C:\WINDOWS\system32\imagX7.dll 2008-10-19 03:15:11 ----D---- C:\Program Files\Fichiers communs\Ahead 2008-10-19 03:14:56 ----D---- C:\Program Files\Nero 2008-10-19 03:14:38 ----D---- C:\Program Files\MSXML 4.0 2008-10-19 03:05:04 ----RSD---- C:\WINDOWS\assembly 2008-10-19 03:05:03 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-19 03:05:02 ----D---- C:\WINDOWS\system32\URTTemp 2008-10-19 03:04:35 ----RA---- C:\WINDOWS\system32\jit.dll 2008-10-19 03:04:35 ----A---- C:\WINDOWS\setdebug.exe 2008-10-19 03:04:34 ----RA---- C:\WINDOWS\system32\javaee.dll 2008-10-19 03:04:34 ----RA---- C:\WINDOWS\system32\dx3j.dll 2008-10-19 03:04:28 ----A---- C:\WINDOWS\system32\wjview.exe 2008-10-19 03:04:27 ----RA---- C:\WINDOWS\system32\msjdbc10.dll 2008-10-19 03:04:27 ----RA---- C:\WINDOWS\system32\msjava.dll 2008-10-19 03:04:27 ----RA---- C:\WINDOWS\system32\msawt.dll 2008-10-19 03:04:27 ----RA---- C:\WINDOWS\system32\jview.exe 2008-10-19 03:04:27 ----A---- C:\WINDOWS\system32\vmhelper.dll 2008-10-19 03:04:26 ----RA---- C:\WINDOWS\system32\jdbgmgr.exe 2008-10-19 03:04:26 ----RA---- C:\WINDOWS\system32\javart.dll 2008-10-19 03:04:26 ----RA---- C:\WINDOWS\system32\javaprxy.dll 2008-10-19 03:04:26 ----RA---- C:\WINDOWS\system32\javacypt.dll 2008-10-19 03:04:24 ----RA---- C:\WINDOWS\system32\clspack.exe 2008-10-19 03:03:10 ----A---- C:\WINDOWS\system32\WgaLogon.dll 2008-10-19 03:03:09 ----RA---- C:\WINDOWS\system32\LegitCheckControl.dll 2008-10-19 03:03:09 ----A---- C:\WINDOWS\system32\WgaTray.exe 2008-10-19 03:03:03 ----RA---- C:\WINDOWS\system32\imapi2fs.dll 2008-10-19 03:03:02 ----RA---- C:\WINDOWS\system32\imapi2.dll 2008-10-19 03:02:56 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-19 03:02:54 ----RA---- C:\WINDOWS\system32\rspndr.exe 2008-10-19 03:02:33 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-10-19 03:02:30 ----RA---- C:\WINDOWS\system32\dimsroam.dll 2008-10-19 03:02:30 ----RA---- C:\WINDOWS\system32\dimsntfy.dll 2008-10-19 03:02:21 ----A---- C:\WINDOWS\control.ini 2008-10-19 03:02:21 ----A---- C:\AUTOEXEC.BAT 2008-10-19 03:01:55 ----RA---- C:\WINDOWS\system32\mapi32.dll 2008-10-19 03:00:24 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2008-10-19 03:00:14 ----HD---- C:\Program Files\WindowsUpdate 2008-10-19 02:59:07 ----RA---- C:\WINDOWS\system32\acctres.dll 2008-10-19 02:59:06 ----D---- C:\Program Files\Fichiers communs\Services 2008-10-19 02:59:01 ----SD---- C:\WINDOWS\Tasks 2008-10-19 02:59:01 ----RA---- C:\WINDOWS\system32\icfgnt5.dll 2008-10-19 02:58:59 ----D---- C:\Program Files\Fichiers communs\MSSoap 2008-10-19 02:58:50 ----D---- C:\WINDOWS\srchasst 2008-10-19 02:58:48 ----D---- C:\WINDOWS\system32\Macromed 2008-10-19 02:58:42 ----A---- C:\WINDOWS\system32\wuweb.dll 2008-10-19 02:58:41 ----A---- C:\WINDOWS\system32\wucltui.dll 2008-10-19 02:58:41 ----A---- C:\WINDOWS\system32\wuauserv.dll 2008-10-19 02:58:41 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2008-10-19 02:58:40 ----A---- C:\WINDOWS\system32\wups.dll 2008-10-19 02:58:40 ----A---- C:\WINDOWS\system32\wuaueng.dll 2008-10-19 02:58:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2008-10-19 02:58:39 ----A---- C:\WINDOWS\system32\wuauclt.exe 2008-10-19 02:58:38 ----RA---- C:\WINDOWS\system32\qmgrprxy.dll 2008-10-19 02:58:38 ----RA---- C:\WINDOWS\system32\bitsprx3.dll 2008-10-19 02:58:38 ----RA---- C:\WINDOWS\system32\bitsprx2.dll 2008-10-19 02:58:38 ----A---- C:\WINDOWS\system32\wuapi.dll 2008-10-19 02:58:37 ----RA---- C:\WINDOWS\system32\qmgr.dll 2008-10-19 02:58:27 ----RA---- C:\WINDOWS\system32\fltMc.exe 2008-10-19 02:58:27 ----RA---- C:\WINDOWS\system32\fltlib.dll 2008-10-19 02:58:26 ----D---- C:\WINDOWS\system32\Restore 2008-10-19 02:58:26 ----A---- C:\WINDOWS\system32\srrstr.dll 2008-10-19 02:58:25 ----RA---- C:\WINDOWS\system32\msoert2.dll 2008-10-19 02:58:25 ----A---- C:\WINDOWS\system32\srsvc.dll 2008-10-19 02:58:25 ----A---- C:\WINDOWS\system32\srclient.dll 2008-10-19 02:58:24 ----RA---- C:\WINDOWS\system32\msoeacct.dll 2008-10-19 02:58:21 ----RA---- C:\WINDOWS\system32\inetres.dll 2008-10-19 02:58:21 ----RA---- C:\WINDOWS\system32\inetcomm.dll 2008-10-19 02:58:17 ----RA---- C:\WINDOWS\system32\schedsvc.dll 2008-10-19 02:58:17 ----D---- C:\Program Files\Outlook Express 2008-10-19 02:58:16 ----RA---- C:\WINDOWS\system32\mstinit.exe 2008-10-19 02:58:16 ----RA---- C:\WINDOWS\system32\mstask.dll 2008-10-19 02:58:16 ----RA---- C:\WINDOWS\system32\icwphbk.dll 2008-10-19 02:58:16 ----RA---- C:\WINDOWS\system32\icwdial.dll 2008-10-19 02:58:15 ----RA---- C:\WINDOWS\system32\isign32.dll 2008-10-19 02:58:15 ----RA---- C:\WINDOWS\system32\inetcfg.dll 2008-10-19 02:58:03 ----D---- C:\Program Files\Fichiers communs\System 2008-10-19 02:58:01 ----D---- C:\Program Files\Internet Explorer 2008-10-19 02:57:14 ----HD---- C:\Program Files\Uninstall Information 2008-10-19 02:57:03 ----D---- C:\Program Files\ComPlus Applications 2008-10-19 02:57:01 ----A---- C:\WINDOWS\vbaddin.ini 2008-10-19 02:57:01 ----A---- C:\WINDOWS\vb.ini 2008-10-19 02:56:56 ----D---- C:\WINDOWS\Registration 2008-10-19 02:56:47 ----A---- C:\WINDOWS\T30DebugLogFile.txt 2008-10-19 02:56:46 ----D---- C:\WINDOWS\system32\FxsTmp 2008-10-19 02:56:31 ----D---- C:\Program Files\Windows Media Connect 2 2008-10-19 02:56:29 ----D---- C:\Program Files\Windows Media Player 2008-10-19 02:56:28 ----A---- C:\WINDOWS\system32\sndvol32.exe 2008-10-19 02:56:24 ----RA---- C:\WINDOWS\system32\getuname.dll 2008-10-19 02:56:23 ----RA---- C:\WINDOWS\system32\charmap.exe 2008-10-19 02:56:22 ----RA---- C:\WINDOWS\system32\reset.exe 2008-10-19 02:56:22 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2008-10-19 02:56:22 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2008-10-19 02:56:22 ----A---- C:\WINDOWS\system32\tslabels.ini 2008-10-19 02:56:22 ----A---- C:\WINDOWS\system32\tskill.exe 2008-10-19 02:56:22 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2008-10-19 02:56:21 ----RA---- C:\WINDOWS\system32\shadow.exe 2008-10-19 02:56:21 ----RA---- C:\WINDOWS\system32\rwinsta.exe 2008-10-19 02:56:21 ----RA---- C:\WINDOWS\system32\regini.exe 2008-10-19 02:56:21 ----RA---- C:\WINDOWS\system32\rdpcfgex.dll 2008-10-19 02:56:21 ----RA---- C:\WINDOWS\system32\qwinsta.exe 2008-10-19 02:56:21 ----RA---- C:\WINDOWS\system32\qappsrv.exe 2008-10-19 02:56:21 ----A---- C:\WINDOWS\system32\tscon.exe 2008-10-19 02:56:20 ----RA---- C:\WINDOWS\system32\msg.exe 2008-10-19 02:56:20 ----RA---- C:\WINDOWS\system32\msdtcprf.ini 2008-10-19 02:56:20 ----RA---- C:\WINDOWS\system32\logoff.exe 2008-10-19 02:56:20 ----RA---- C:\WINDOWS\system32\cdmodem.dll 2008-10-19 02:56:19 ----RA---- C:\WINDOWS\system32\dcomcnfg.exe 2008-10-19 02:56:18 ----RA---- C:\WINDOWS\system32\mtxlegih.dll 2008-10-19 02:56:18 ----RA---- C:\WINDOWS\system32\mtxex.dll 2008-10-19 02:56:18 ----RA---- C:\WINDOWS\system32\mtxdm.dll 2008-10-19 02:56:18 ----RA---- C:\WINDOWS\system32\comrepl.dll 2008-10-19 02:56:18 ----RA---- C:\WINDOWS\system32\comaddin.dll 2008-10-19 02:56:18 ----A---- C:\WINDOWS\system32\stclient.dll 2008-10-19 02:56:17 ----RA---- C:\WINDOWS\system32\comsnap.dll 2008-10-19 02:56:16 ----RA---- C:\WINDOWS\system32\fxssend.exe 2008-10-19 02:56:16 ----RA---- C:\WINDOWS\system32\fxsroute.dll 2008-10-19 02:56:16 ----RA---- C:\WINDOWS\system32\fxsperf.ini 2008-10-19 02:56:16 ----RA---- C:\WINDOWS\system32\fxsclntR.dll 2008-10-19 02:56:15 ----RA---- C:\WINDOWS\system32\fxscfgwz.dll 2008-10-19 02:56:04 ----RA---- C:\WINDOWS\system32\mplay32.exe 2008-10-19 02:56:04 ----RA---- C:\WINDOWS\system32\clipbrd.exe 2008-10-19 02:56:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2008-10-19 02:56:04 ----A---- C:\WINDOWS\system32\sndrec32.exe 2008-10-19 02:56:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2008-10-19 02:56:01 ----RA---- C:\WINDOWS\system32\mstscax.dll 2008-10-19 02:56:01 ----RA---- C:\WINDOWS\system32\mstsc.exe 2008-10-19 02:56:00 ----RA---- C:\WINDOWS\system32\sessmgr.exe 2008-10-19 02:56:00 ----RA---- C:\WINDOWS\system32\remotepg.dll 2008-10-19 02:56:00 ----RA---- C:\WINDOWS\system32\rdshost.exe 2008-10-19 02:56:00 ----RA---- C:\WINDOWS\system32\rdsaddin.exe 2008-10-19 02:55:59 ----RA---- C:\WINDOWS\system32\rdpwsx.dll 2008-10-19 02:55:59 ----RA---- C:\WINDOWS\system32\rdchost.dll 2008-10-19 02:55:59 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2008-10-19 02:55:59 ----A---- C:\WINDOWS\system32\termsrv.dll 2008-10-19 02:55:58 ----RA---- C:\WINDOWS\system32\rdpsnd.dll 2008-10-19 02:55:58 ----RA---- C:\WINDOWS\system32\rdpclip.exe 2008-10-19 02:55:58 ----RA---- C:\WINDOWS\system32\qprocess.exe 2008-10-19 02:55:58 ----RA---- C:\WINDOWS\system32\icaapi.dll 2008-10-19 02:55:58 ----RA---- C:\WINDOWS\system32\cfgbkend.dll 2008-10-19 02:55:57 ----RA---- C:\WINDOWS\system32\mtxoci.dll 2008-10-19 02:55:57 ----RA---- C:\WINDOWS\system32\msdtcuiu.dll 2008-10-19 02:55:57 ----RA---- C:\WINDOWS\system32\msdtcprx.dll 2008-10-19 02:55:57 ----D---- C:\WINDOWS\system32\MsDtc 2008-10-19 02:55:56 ----RA---- C:\WINDOWS\system32\msdtctm.dll 2008-10-19 02:55:56 ----RA---- C:\WINDOWS\system32\msdtclog.dll 2008-10-19 02:55:56 ----A---- C:\WINDOWS\system32\xolehlp.dll 2008-10-19 02:55:55 ----RA---- C:\WINDOWS\system32\msdtc.exe 2008-10-19 02:55:55 ----RA---- C:\WINDOWS\system32\colbact.dll 2008-10-19 02:55:55 ----RA---- C:\WINDOWS\system32\catsrvps.dll 2008-10-19 02:55:55 ----D---- C:\WINDOWS\system32\Com 2008-10-19 02:55:54 ----RA---- C:\WINDOWS\system32\clbcatex.dll 2008-10-19 02:55:54 ----RA---- C:\WINDOWS\system32\catsrvut.dll 2008-10-19 02:55:54 ----RA---- C:\WINDOWS\system32\catsrv.dll 2008-10-19 02:55:53 ----RA---- C:\WINDOWS\system32\comsvcs.dll 2008-10-19 02:55:52 ----RA---- C:\WINDOWS\system32\fxsxp32.dll 2008-10-19 02:55:52 ----RA---- C:\WINDOWS\system32\fxswzrd.dll 2008-10-19 02:55:52 ----RA---- C:\WINDOWS\system32\comuid.dll 2008-10-19 02:55:52 ----RA---- C:\WINDOWS\system32\clbcatq.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxsui.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxstiff.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxst30.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxssvc.exe 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxsst.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxsres.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxsperf.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxsmon.dll 2008-10-19 02:55:51 ----RA---- C:\WINDOWS\system32\fxsext32.dll 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxsevent.dll 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxsdrv.dll 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxscover.exe 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxscomex.dll 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxscom.dll 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxsclnt.exe 2008-10-19 02:55:50 ----RA---- C:\WINDOWS\system32\fxsapi.dll 2008-10-19 02:55:35 ----RA---- C:\WINDOWS\system32\servdeps.dll 2008-10-19 02:55:34 ----RA---- C:\WINDOWS\system32\mmfutil.dll 2008-10-19 02:55:34 ----RA---- C:\WINDOWS\system32\licwmi.dll 2008-10-19 02:55:34 ----RA---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 1 months====== 2008-10-20 16:16:03 ----A---- C:\WINDOWS\win.ini 2008-10-20 16:16:03 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280] R1 lnsfw1;lnsfw1; C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-10-19 77184] R1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys [2008-02-05 12344] R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe [] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688] R2 rspndr;Répondeur de découverte de topologie de la couche de liaison; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336] R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728] R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-07-28 1341339] R3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS); C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017] R3 SFilter;Look 'n' Stop Driver; C:\WINDOWS\system32\DRIVERS\lnsfw.sys [2008-10-19 45824] R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys [2008-02-05 14392] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608] S3 aiburad0;aiburad0; C:\WINDOWS\system32\drivers\aiburad0.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2004-08-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2004-08-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824] R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2005-01-17 348160] S2 0234291224540343mcinstcleanup;McAfee Application Installer Cleanup (0234291224540343); C:\WINDOWS\system32\config\SYSTEM [2008-10-21 3145728] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-28 270848] S2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergencySrv.exe [2008-05-01 694840] S2 StealthInjectorService;Stealth Service Helper; C:\Program Files\Micro Application\PC Anonyme\IJStealth4Svc.exe [2007-04-30 148992] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336] S4 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] info.txt logfile of random's system information tool 1.04 2008-10-21 01:49:23 ======Uninstall list====== AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe" ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe" Analyseur MSXML 6.0-->MsiExec.exe /I{5903C48B-E953-47B8-A651-B9222C483057} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ashampoo Magical Snap 2.20-->"C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins000.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB} Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03} CursorXP-->C:\Program Files\CursorXP\CurXPUtil.exe -u DFX 8 for Winamp-->"C:\Program Files\Winamp\uninstall_dfx.exe" DFX 8 for Windows Media Player-->MsiExec.exe /I{389d02dd-36ca-4313-ad0d-168c5808bd9a} ESET Smart Security-->MsiExec.exe /I{FBF09842-EB7F-4BC2-BD32-DDE2572B2195} Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Google Deskbar-->regsvr32 /u /s "C:\Program Files\Google\deskbar-0.5.95.0\ggtaskbar.dll" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hijackthis Version Française-->"C:\Program Files\Hijackthis Version Française\unins000.exe" IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log K-Meleon 1.5.0 fr-FR (supprimer uniquement)-->C:\Program Files\K-Meleon\uninstall.exe KO Approach-->C:\Program Files\KO Approach\Uninstall.exe Look 'n' Stop 2.06-->"C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -uninst Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe" Messenger Live Connector-->MsiExec.exe /I{0D959BD2-2BA9-418B-963B-7B4D1297C512} Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Mozilla Firefox (2.0.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Nero 7 Lite 7.9.6.0-->"C:\Program Files\Nero\unins000.exe" NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf Patch Fr Winroll2-->C:\Program Files\WinRoll\uninstall_WinrollFr.exe PC Anonyme Version 4.90.1.3190-->"C:\Program Files\Micro Application\PC Anonyme\unins000.exe" PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe" RocketDock 1.2.5-->"C:\Program Files\RocketDock\unins000.exe" Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel Spy Emergency 2008-->"C:\Program Files\NETGATE\Spy Emergency 2008\unins000.exe" StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe" SYSTRAN-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4C94F105-81D0-4AFC-8F0A-38949DC07F65} /l1036 TeraCopy 2.0 beta 2-->"C:\Program Files\TeraCopy\unins000.exe" True Launch Bar-->"C:\Program Files\TrueLaunchBar\Uninstall.exe" UltimateDefrag 2008-->C:\Program Files\DiskTrix\UltimateDefrag2008\Uninstall.EXE /u:"UltimateDefrag 2008" Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live Beta (all programs)-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Beta (all programs)-->MsiExec.exe /I{5D4A033A-A286-44BE-A0F0-B05FAC25D07F} Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588} Windows Live Messenger-->MsiExec.exe /X{B1403D7D-C725-4858-AACC-7E5FA2D72859} Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0} xplorer² professional-->"C:\Program Files\zabkat\xplorer2\Uninstall.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 rad.msn.com 127.0.0.1 rad.live.com 127.0.0.1 ads1.msn.com 127.0.0.1 adfarm.mediaplex.com Securitycenter WMI appears to be broken ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ESTsoft\ALZip\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0007 "NUMBER_OF_PROCESSORS"=1 "TEMP"=%USERPROFILE%\Local Settings\Temp "TMP"=%USERPROFILE%\Local Settings\Temp "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH -----------------EOF-----------------
- le 22 octobre 2008
- 2 réponses
analyse Hijackthis svp

Ptitciel a posté un sujet dans Analyses et éradication malwares

Bonsoir pourriez vous sil vous plait m'aidez à faire le nettoyage de mon pc merci par avances Logfile of HijackThis v1.99.1 Scan saved at 05:02:38, on 16/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Windows\System32\VisualTaskTips.exe C:\Program Files\styler\Styler.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\WinRoll\winroll.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\DeskSpace\deskspace.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\KO Approach\Approach.exe C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Program Files\Micro Application\PC Anonyme\PCAnonyme.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: ::1 localhost O1 - Hosts: 66.249.93.99 www.google.fr O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [DeskSpace] C:\Program Files\DeskSpace\deskspace.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - Startup: KO Approach.lnk = C:\Program Files\KO Approach\Approach.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Program Files\Micro Application\PC Anonyme\IJStealth4Svc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Merci Ptitciel
- le 17 octobre 2008
- 1 réponse
plein de cws sur mon ord fraichement formate

Ptitciel a posté un sujet dans Analyses et éradication malwares

bonjour je viens d'enlever plusieur cws que ma detecter spy emergency mais je me demande si il y en encore j'ai mon ord qui n'arrette pas de planter et meme mon modem a buger, j'ai meme du remettre le peripherique du modem. je vous remet ci joint un rapport hitjackthis en vous remerciant par avances je n'ai pas l'habitude d'aller sur des forums je vous prie de bien m'exuser si je n'arrive pas à bien m'exprime Ptitciel Logfile of HijackThis v1.99.1 Scan saved at 06:56:45, on 31/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0007) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Spy Emergency 2005\SpyEmergency.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe" O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- le 31 octobre 2006
- 1 réponse
j'ai elever par le regedit un cws

Ptitciel a posté un sujet dans Analyses et éradication malwares

bonjour je viens d'enlever plusieur cws que ma detecter spy emergency mais je me demande si il y en encore j'ai mon ord qui n'arrette pas de planter et meme mon modem a buger je vous remet ci joint un rapport hitjackthis en vous remerciant par avances je n'ai pas l'habitude d'aller sur des forums je vous prie de bien m'exuser si je n'arrive pas à bien m'exprime Ptitciel Logfile of HijackThis v1.99.1 Scan saved at 06:56:45, on 31/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0007) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Spy Emergency 2005\SpyEmergency.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe" O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- le 31 octobre 2006
- 1 réponse

Connexion

Ptitciel

Compteur de contenus

Inscription

Dernière visite

Autres informations

Ptitciel's Achievements

Junior Member (3/12)

Réputation sur la communauté

nouveau log Hijackthis

analyse Hijackthis svp

plein de cws sur mon ord fraichement formate

j'ai elever par le regedit un cws

Zebulon

Outils en ligne

Naviguer