rafmiouc
-
Compteur de contenus
14 -
Inscription
-
Dernière visite
rafmiouc's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Ok Kaspersky n'a rien trouvé. Merci beaucoup Mon PB est résolu. Rafmiouc
-
Une question : J'ai remarqué ces nouveaux users : Network service et Local Service. C'est la première fois que je les vois !!! Est-ce normal ?
-
--------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 15:00:40 15/12/2007 + Résultat de l'analyse: :mozilla.86:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.87:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.88:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.89:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.90:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.27:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. C:\Documents and Settings\Raf\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Raf\Local Settings\Temp\Cookies\raf@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.7:C:\Documents and Settings\Raf\Application Data\Mozilla\Firefox\Profiles\7hr9eyp9.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. Fin du rapport HJT rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:04:34, on 15/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 6554 bytes
-
Otmoveit File/Folder C:\WINDOWS\system32\awttutq.dll not found. Created on 12/14/2007 21:58:56 Deckard's System Scanner v20071014.68 Run by Raf on 2007-12-14 22:01:45 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-14 22:02:16 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Documents and Settings\Raf\Bureau\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - CmdMapping - (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} () - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} () - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} () - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} () - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} () - http://download.microsoft.com/download/7/E...04/clearadj.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 7264 bytes -- Files created between 2007-11-14 and 2007-12-14 ----------------------------- 2007-12-14 21:55:14 0 dr-h----- C:\Documents and Settings\Raf\Recent 2007-12-13 01:51:25 0 d-------- C:\Program Files\Java 2007-12-13 01:50:45 0 d-------- C:\Program Files\Fichiers communs\Java 2007-12-12 18:43:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-12 18:06:26 0 drahs---- C:\autorun.inf 2007-12-12 13:45:48 29184 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 13:45:48 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-12-12 13:45:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-12-12 13:45:48 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-12-12 13:45:48 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 12:20:31 0 d-------- C:\Downloads 2007-12-12 12:16:36 0 d-------- C:\Program Files\Trend Micro 2007-12-11 20:38:20 0 d-------- C:\Documents and Settings\Raf\Application Data\Grisoft 2007-12-11 19:12:59 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia 2007-12-11 18:53:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-11 18:53:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-11 18:48:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2007-12-10 22:29:27 0 d-------- C:\WINDOWS\ERUNT 2007-12-10 22:04:42 0 d-------- C:\hijackthis 2007-12-10 01:43:52 0 d-------- C:\Program Files\LizardTech 2007-12-10 00:23:19 0 d-------- C:\Program Files\Alwil Software 2007-12-09 23:47:56 7340032 --a------ C:\Documents and Settings\Raf\ntuser.dat 2007-12-09 23:47:53 1572864 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2007-12-09 13:26:28 0 dr-h----- C:\Documents and Settings\Administrateur\Recent 2007-12-09 10:48:41 1634 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 00:09:35 0 d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software 2007-12-06 22:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-11-27 18:57:36 0 d-------- C:\Program Files\CHIPDRIVE -- Find3M Report --------------------------------------------------------------- 2007-12-14 09:23:27 0 d-------- C:\Program Files\FlashGet 2007-12-14 00:52:05 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-12-14 00:23:55 0 d-------- C:\Program Files\Fichiers communs 2007-12-14 00:22:21 0 d-------- C:\Program Files\Fichiers communs\Ahead 2007-12-14 00:22:21 0 d-------- C:\Program Files\Ahead 2007-12-13 01:52:01 0 d-------- C:\Documents and Settings\Raf\Application Data\vlc 2007-12-13 01:46:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-13 01:29:27 0 d-------- C:\Program Files\Foxit Software 2007-12-12 19:07:47 0 d-------- C:\Program Files\Windows Media Connect 2007-12-12 19:05:14 0 d-------- C:\Program Files\Realtek AC97 2007-12-12 17:31:34 1622016 --a------ C:\WINDOWS\system32\nwiz.exe 2007-12-12 17:31:25 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-12-12 17:30:53 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:52 24576 --a------ C:\WINDOWS\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application> 2007-12-12 15:38:51 30720 --a------ C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:51 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:50 146432 --a------ C:\WINDOWS\system32\WudfHost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:49 114688 --a------ C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host> 2007-12-12 15:38:49 13824 --a------ C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:49 5632 --a------ C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:49 32768 --a------ C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:48 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:48 32256 --a------ C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:46 194560 --a------ C:\WINDOWS\system32\wisptis.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:45 5632 --a------ C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:45 11776 --a------ C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:44 119808 --a------ C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:44 8192 --a------ C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:43 438784 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:42 66560 --a------ C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:41 51712 --a------ C:\WINDOWS\system32\w32tm.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:41 34304 --a------ C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:40 102912 --a------ C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:40 28672 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:39 8704 --a------ C:\WINDOWS\system32\uwdf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:39 50176 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:38 69632 --a------ C:\WINDOWS\system32\usrshuta.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver> 2007-12-12 15:38:38 61440 --a------ C:\WINDOWS\system32\usrprbda.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics modem> 2007-12-12 15:38:38 77824 --a------ C:\WINDOWS\system32\usrmlnka.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver> 2007-12-12 15:38:37 16896 --a------ C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:37 4096 --a------ C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:36 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow> 2007-12-12 15:38:36 24576 --a------ C:\WINDOWS\system32\Ulead Photo Explorer 8.scr <Not Verified; Ulead Systems, Inc.; Ulead Photo Explorer> 2007-12-12 15:38:35 17408 --a------ C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:35 16896 --a------ C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:35 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 15360 --a------ C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 32256 --a------ C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 13312 --a------ C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 347136 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:33 17920 --a------ C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 78336 --a------ C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:32 13312 --a------ C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 143360 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 15872 --a------ C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:31 3072 --a------ C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:31 107520 --a------ C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:31 37888 --a------ C:\WINDOWS\system32\syskey.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:30 51200 --a------ C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:30 9216 --a------ C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:29 14848 --a------ C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 684032 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 14336 --a------ C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 610304 --a------ C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 18944 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 47104 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 20992 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:27 19968 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:27 708608 --a------ C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:26 11776 --a------ C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:26 539136 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:25 25088 --a------ C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:25 57344 --a------ C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:24 139264 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:24 133120 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:24 8192 --a------ C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:24 26112 --a------ C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:23 71168 --a------ C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:23 20480 --a------ C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:23 78848 --a------ C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:23 42496 --a------ C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:21 15360 --a------ C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:21 10240 --a------ C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:21 23040 --a------ C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:21 19968 --a------ C:\WINDOWS\system32\SetStr.exe <Not Verified; Radium; Radium MP3 codec configuration tool> 2007-12-12 15:38:21 32768 --a------ C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:20 78848 --a------ C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:19 9216 --a------ C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:19 31232 --a------ C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:19 13824 --a------ C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 16384 --a------ C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 14336 --a------ C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 17408 --a------ C:\WINDOWS\system32\runas.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 78336 --a------ C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:17 49664 --a------ C:\WINDOWS\system32\rsmui.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows Whistler®> 2007-12-12 15:38:17 24576 --a------ C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows Whistler®> 2007-12-12 15:38:17 53248 --a------ C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; Système d'exploitation Microsoft® Windows ® 2000> 2007-12-12 15:38:17 15872 --a------ C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:16 25600 --a------ C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:16 21504 --a------ C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:15 14848 --a------ C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:15 10240 --a------ C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:15 12800 --a------ C:\WINDOWS\system32\replace.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:15 4608 --a------ C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe> 2007-12-12 15:38:15 12288 --a------ C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:14 33792 --a------ C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 3584 --a------ C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 53248 --a------ C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:14 7168 --a------ C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 67072 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:13 62464 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:13 23040 --a------ C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:13 35840 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:13 57344 --a------ C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:12 11776 --a------ C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:12 11776 --a------ C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:11 22528 --a------ C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:11 20992 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:11 17408 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:09 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2007-12-12 15:38:09 9728 --a------ C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:08 50688 --a------ C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:08 109568 --a------ C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:08 151552 --a------ C:\WINDOWS\system32\prntfix.exe <Not Verified; ; prntfix Application> 2007-12-12 15:38:08 9216 --a------ C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:07 49152 --a------ C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:07 34304 --a------ C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:06 19456 --a------ C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:06 15872 --a------ C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:05 15360 --a------ C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:05 22528 --a------ C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:05 59904 --a------ C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:04 41984 --a------ C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:04 216576 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:58 223232 -ra------ C:\WINDOWS\system32\nvsataconnection.exe 2007-12-12 15:37:53 249344 -ra------ C:\WINDOWS\system32\NvRaidMan.exe 2007-12-12 15:37:51 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-12-12 15:37:51 420864 --a------ C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:51 31744 --a------ C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:49 79360 --a------ C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:49 70656 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:48 37888 --a------ C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:48 88576 --a------ C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:48 335872 --a------ C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:46 124928 --a------ C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:46 42496 --a------ C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:46 4096 --a------ C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:46 21504 --a------ C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:45 55296 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:43 411648 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:43 12288 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:43 6656 --a------ C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:41 347648 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:39 45568 --a------ C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer> 2007-12-12 15:37:39 128000 --a------ C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:39 22528 --a------ C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:36 14336 --a------ C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:36 22016 --a------ C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:36 124928 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:35 8192 --a------ C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:35 144384 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Gestionnaire de synchronisation Microsoft> 2007-12-12 15:37:34 816128 --a------ C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:33 52736 --a------ C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:32 85504 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:32 73216 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:30 9216 --a------ C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:30 6144 --a------ C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:30 515584 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 221696 --a------ C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 15872 --a------ C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 61952 --a------ C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 100864 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:28 5120 --a------ C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:28 26624 --a------ C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:28 30208 --a------ C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:25 9728 --a------ C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:24 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-12-12 15:37:19 24576 --a------ C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:18 53760 --a------ C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:18 46080 --a------ C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:17 58368 --a------ C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:16 114688 --a------ C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:12 8704 --a------ C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:11 16384 --a------ C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:11 39424 --a------ C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:10 46080 --a------ C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:10 61952 --a------ C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:10 193024 --a------ C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:09 55808 --a------ C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:09 7168 --a------ C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:09 21504 --a------ C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:09 23040 --a------ C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:08 3072 --a------ C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:08 10240 --a------ C:\WINDOWS\system32\finger.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:08 29184 --a------ C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:08 9216 --a------ C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:08 14848 --a------ C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:07 45568 --a------ C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:07 16896 --a------ C:\WINDOWS\system32\expand.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:07 9216 --a------ C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:07 195072 --a------ C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:06 39424 --a------ C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:05 180224 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting> 2007-12-12 15:37:05 17920 --a------ C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:05 59392 --a------ C:\WINDOWS\system32\dvdplay.exe <Not Verified; ; Application dvdplay> 2007-12-12 15:37:04 47104 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:04 249856 --a------ C:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:03 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:03 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:03 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:02 10752 --a------ C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:02 15872 --a------ C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT> 2007-12-12 15:37:01 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:00 19456 --a------ C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:00 167936 --a------ C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Application Diskpart Microsoft Corporation> 2007-12-12 15:36:59 85504 --a------ C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:59 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. et Executive Software International, Inc.; Défragmenteur de disque Windows> 2007-12-12 15:36:58 25088 --a------ C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter> 2007-12-12 15:36:58 31744 --a------ C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:58 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services> 2007-12-12 15:36:56 98304 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host> 2007-12-12 15:36:55 13824 --a------ C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:55 8192 --a------ C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:55 27648 --a------ C:\WINDOWS\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:54 18432 --a------ C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:54 15872 --a------ C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:54 65536 --a------ C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager> 2007-12-12 15:36:53 40448 --a------ C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager> 2007-12-12 15:36:53 47104 --a------ C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager> 2007-12-12 15:36:53 400896 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:52 104448 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:52 65536 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:51 7680 --a------ C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 8192 --a------ C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 11264 --a------ C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 11776 --a------ C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 45056 --a------ C:\WINDOWS\system32\ChCfg.exe 2007-12-12 15:36:51 80896 --a------ C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:50 4608 --a------ C:\WINDOWS\system32\carpserv.exe <Not Verified; Conexant Systems, Inc.; Conexant carpserv> 2007-12-12 15:36:49 115200 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:49 19456 --a------ C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:48 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:48 4608 --a------ C:\WINDOWS\system32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:48 71680 --a------ C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:47 14336 --a------ C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:46 11264 --a------ C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:46 11264 --a------ C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:46 25088 --a------ C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:45 19968 --a------ C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:45 98304 --a------ C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:44 4096 --a------ C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow> 2007-12-12 15:36:44 189952 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:43 288256 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:43 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-12-12 15:36:42 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2007-12-12 15:36:42 106496 --a------ C:\WINDOWS\UPSCR.Scr 2007-12-12 15:36:42 129024 --a------ C:\WINDOWS\UNWISE.EXE 2007-12-12 15:36:42 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; > 2007-12-12 15:36:41 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2007-12-12 15:36:41 99840 --a------ C:\WINDOWS\UninstallFirefox.exe 2007-12-12 15:36:41 304128 --a------ C:\WINDOWS\unin040c.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield Deinstaller> 2007-12-12 15:36:41 25600 --a------ C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker> 2007-12-12 15:36:40 15872 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:39 153088 --a------ C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:39 135168 --a------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519> 2007-12-12 15:36:38 70656 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:38 529408 --a------ C:\WINDOWS\mHotkey.exe <Not Verified; Chicony; Chicony Multimedia Driver> 2007-12-12 15:36:38 320512 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-12-12 15:36:37 310784 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-12-12 15:36:37 10752 --a------ C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help> 2007-12-12 15:36:36 40960 --a------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice> 2007-12-12 15:36:36 32256 --a------ C:\WINDOWS\amcap.exe 2007-12-12 15:36:36 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool> 2007-12-12 15:36:36 217088 --a------ C:\WINDOWS\Alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool> 2007-12-12 15:36:34 295424 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:33 18432 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:33 93184 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:32 57856 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:32 100352 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:31 142336 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:31 132608 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:31 75264 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:29 114176 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:28 78848 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode> 2007-12-12 15:36:28 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator> 2007-12-12 15:36:28 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®> 2007-12-12 15:36:27 150016 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:25 225280 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Gestionnaire de disque logique pour Windows NT> 2007-12-12 15:36:24 33280 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:24 5632 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:23 44544 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:22 33792 --a------ C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:22 10752 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:22 577536 --a------ C:\WINDOWS\soundman.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager> 2007-12-12 15:36:21 25088 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:20 15360 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:18 1037312 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-11 23:07:08 8019 --a------ C:\WINDOWS\mozver.dat 2007-12-10 01:40:00 0 d-------- C:\Program Files\AvRack 2007-12-10 01:39:54 0 d-------- C:\Program Files\Foxit Reader 2007-12-10 01:39:52 0 d-------- C:\Program Files\HP Adjustment Pattern Utility 2007-12-10 01:39:47 0 d-------- C:\Program Files\Messenger 2007-12-10 01:39:44 0 d-------- C:\Program Files\Movie Maker 2007-12-10 01:39:43 0 d-------- C:\Program Files\Opera 2007-12-10 01:39:43 0 d-------- C:\Program Files\NetDrive 2007-12-10 01:39:42 0 d-------- C:\Program Files\PDFCreator 2007-12-10 01:39:35 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Journal Viewer 2007-12-10 01:39:34 0 d-------- C:\Program Files\Warcraft III 2007-12-10 01:39:34 0 d-------- C:\Program Files\UltraISO 2007-12-09 16:12:38 504910 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-09 16:12:38 83286 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-06 23:00:41 0 d-------- C:\Documents and Settings\Raf\Application Data\Adobe 2007-12-06 22:59:00 0 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-27 18:53:17 0 d-------- C:\Program Files\SIM Manager Pro 2007-11-27 12:01:02 3480 --a------ C:\WINDOWS\AUTOLNCH.REG 2007-10-28 19:34:40 0 d-------- C:\Documents and Settings\Raf\Application Data\OfficeUpdate12 2007-10-28 19:27:07 0 d-------- C:\Program Files\Fichiers communs\ODBC 2007-10-21 14:55:48 0 d-------- C:\Program Files\Picasa2 2007-10-06 23:29:18 66832 --a------ C:\Documents and Settings\Raf\Application Data\GDIPFONTCACHEV1.DAT 2007-09-17 17:40:56 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [12/12/2007 15:36 C:\WINDOWS\soundman.exe] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [14/11/2007 15:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/12/2007 15:36] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) "NoSMHelp"=01000000 "NoRecentDocsMenu"=01000000 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "StartMenuLogOff"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}] AutoRun\command- E:\Autorun.exe -- End of Deckard's System Scanner: finished at 2007-12-14 22:02:40 ------------
-
Sécurité DD relié à Freebox
rafmiouc a répondu à un(e) sujet de gayboyfr dans Sécurisation, prévention
Je confirme j'ai installé un DD externe sur ma V5. Pas de souci. Pour ce qui est de l'accès via le net Pour accéder au DD de la free tu y peux y mettre un password. Regarde sur le site c'est expliqué. -
Désolé Bruce lee pour le retard. Comme je n'avais plus de réponse, j'ai essayé de me débrouiller tout seul. J'ai désinstaller pas mal de programme. J'ai réussi à installer antivir. Je ne pouvais pas car le virus tentait de l'infecter. J'ai passer un coup d'antivrus avec un autre pc (réseau). Et dans la foulé j'ai installé antivir + upload. J'ai mis en quarantaine pas mal de fichier. J'ai installer nod32 et il a fait du nettoyage. Spyboot continait à touver Win32.Delfc.uc je l'ai supprimmé avec spyboot et après plus rien... Pour être sûr j'ai passé KAV online pour vérifier. Il n'a rien trouvé. j'ai passé un coup DSS et voici le rapport (j'aimerai ton avis) Deckard's System Scanner v20071014.68 Run by Raf on 2007-12-13 22:34:50 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Raf.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:20, on 13/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Raf\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Raf.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 6550 bytes -- Files created between 2007-11-13 and 2007-12-13 ----------------------------- 2007-12-13 22:33:02 0 dr-h----- C:\Documents and Settings\Raf\Recent 2007-12-13 01:51:25 0 d-------- C:\Program Files\Java 2007-12-13 01:50:45 0 d-------- C:\Program Files\Fichiers communs\Java 2007-12-13 01:43:49 0 d-------- C:\Program Files\SmartSound Software Inc 2007-12-12 22:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-12 18:43:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-12 18:16:34 39331237 --a------ C:\KasperSky 2006 All in One.exe <Not Verified; ; AutoPlay Media Studio 6.0 Launcher> 2007-12-12 18:06:26 0 drahs---- C:\autorun.inf 2007-12-12 13:45:48 29184 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-12 13:45:48 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-12-12 13:45:48 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-12-12 13:45:48 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-12-12 13:45:48 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-12 12:20:31 0 d-------- C:\Downloads 2007-12-12 12:16:36 0 d-------- C:\Program Files\Trend Micro 2007-12-11 20:38:20 0 d-------- C:\Documents and Settings\Raf\Application Data\Grisoft 2007-12-11 19:12:59 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia 2007-12-11 18:53:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-11 18:53:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-11 18:48:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2007-12-10 22:29:27 0 d-------- C:\WINDOWS\ERUNT 2007-12-10 22:04:42 0 d-------- C:\hijackthis 2007-12-10 02:13:03 0 d-------- C:\AVG 2007-12-10 01:43:52 0 d-------- C:\Program Files\LizardTech 2007-12-10 00:23:19 0 d-------- C:\Program Files\Alwil Software 2007-12-09 23:47:56 7340032 --a------ C:\Documents and Settings\Raf\ntuser.dat 2007-12-09 23:47:53 1572864 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2007-12-09 13:26:28 0 dr-h----- C:\Documents and Settings\Administrateur\Recent 2007-12-09 10:48:41 1634 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 00:09:35 0 d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software 2007-12-06 22:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-11-27 18:57:36 0 d-------- C:\Program Files\CHIPDRIVE -- Find3M Report --------------------------------------------------------------- 2007-12-13 01:59:08 0 d-------- C:\Program Files\FlashGet 2007-12-13 01:52:09 0 d-------- C:\Program Files\adslTV 2007-12-13 01:52:01 0 d-------- C:\Documents and Settings\Raf\Application Data\vlc 2007-12-13 01:50:45 0 d-------- C:\Program Files\Fichiers communs 2007-12-13 01:46:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-13 01:33:21 0 d-------- C:\Program Files\Pinnacle 2007-12-13 01:29:27 0 d-------- C:\Program Files\Foxit Software 2007-12-13 01:28:33 0 d-------- C:\Program Files\Boilsoft ASF Converter 2007-12-12 19:07:47 0 d-------- C:\Program Files\Windows Media Connect 2007-12-12 19:05:14 0 d-------- C:\Program Files\Realtek AC97 2007-12-12 17:31:34 1622016 --a------ C:\WINDOWS\system32\nwiz.exe 2007-12-12 17:31:25 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-12-12 17:30:53 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 17:30:31 2920448 --a------ C:\WINDOWS\UNSIPPS.exe <Not Verified; Nero AG; Nero Web Engine> 2007-12-12 17:30:30 3051520 --a------ C:\WINDOWS\UNNMP.exe <Not Verified; Nero AG; Nero WebEngine> 2007-12-12 17:30:29 3051520 --a------ C:\WINDOWS\UNNMIX.exe <Not Verified; Nero AG; Nero WebEngine> 2007-12-12 17:30:29 3051520 --a------ C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero WebEngine> 2007-12-12 15:38:52 24576 --a------ C:\WINDOWS\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application> 2007-12-12 15:38:51 30720 --a------ C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:51 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:50 146432 --a------ C:\WINDOWS\system32\WudfHost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:49 114688 --a------ C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host> 2007-12-12 15:38:49 13824 --a------ C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:49 5632 --a------ C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:49 32768 --a------ C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:48 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:48 32256 --a------ C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:46 194560 --a------ C:\WINDOWS\system32\wisptis.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:45 5632 --a------ C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:45 11776 --a------ C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:44 119808 --a------ C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:44 8192 --a------ C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:43 438784 --a------ C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:42 66560 --a------ C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:41 51712 --a------ C:\WINDOWS\system32\w32tm.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:41 34304 --a------ C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:40 102912 --a------ C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:40 28672 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:39 8704 --a------ C:\WINDOWS\system32\uwdf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:39 50176 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:38 69632 --a------ C:\WINDOWS\system32\usrshuta.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver> 2007-12-12 15:38:38 61440 --a------ C:\WINDOWS\system32\usrprbda.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics modem> 2007-12-12 15:38:38 77824 --a------ C:\WINDOWS\system32\usrmlnka.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver> 2007-12-12 15:38:37 16896 --a------ C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:37 4096 --a------ C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:36 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow> 2007-12-12 15:38:36 24576 --a------ C:\WINDOWS\system32\Ulead Photo Explorer 8.scr <Not Verified; Ulead Systems, Inc.; Ulead Photo Explorer> 2007-12-12 15:38:35 17408 --a------ C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:35 16896 --a------ C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:35 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 15360 --a------ C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 32256 --a------ C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 13312 --a------ C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:34 347136 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:33 17920 --a------ C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 78336 --a------ C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:32 13312 --a------ C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 143360 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:32 15872 --a------ C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:31 3072 --a------ C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:31 107520 --a------ C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:31 37888 --a------ C:\WINDOWS\system32\syskey.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:30 51200 --a------ C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:30 9216 --a------ C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:29 14848 --a------ C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 684032 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 14336 --a------ C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 610304 --a------ C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 18944 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 47104 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 20992 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:28 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:27 19968 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:27 708608 --a------ C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:26 11776 --a------ C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:26 539136 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:25 25088 --a------ C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:25 57344 --a------ C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:24 139264 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:24 133120 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:24 8192 --a------ C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:24 26112 --a------ C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:23 71168 --a------ C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:23 20480 --a------ C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:23 78848 --a------ C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:23 42496 --a------ C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:21 15360 --a------ C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:21 10240 --a------ C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:21 23040 --a------ C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:21 19968 --a------ C:\WINDOWS\system32\SetStr.exe <Not Verified; Radium; Radium MP3 codec configuration tool> 2007-12-12 15:38:21 32768 --a------ C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:20 78848 --a------ C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:19 9216 --a------ C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:19 31232 --a------ C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:19 13824 --a------ C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 16384 --a------ C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 14336 --a------ C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 17408 --a------ C:\WINDOWS\system32\runas.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:18 78336 --a------ C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:17 49664 --a------ C:\WINDOWS\system32\rsmui.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows Whistler®> 2007-12-12 15:38:17 24576 --a------ C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows Whistler®> 2007-12-12 15:38:17 53248 --a------ C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; Système d'exploitation Microsoft® Windows ® 2000> 2007-12-12 15:38:17 15872 --a------ C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:16 25600 --a------ C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:16 21504 --a------ C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:15 14848 --a------ C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:15 10240 --a------ C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:15 12800 --a------ C:\WINDOWS\system32\replace.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:15 4608 --a------ C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe> 2007-12-12 15:38:15 12288 --a------ C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:14 33792 --a------ C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 3584 --a------ C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 53248 --a------ C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:14 7168 --a------ C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 67072 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:14 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:13 62464 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:13 23040 --a------ C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:13 35840 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:13 57344 --a------ C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:12 11776 --a------ C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:12 11776 --a------ C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:11 22528 --a------ C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:11 20992 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:11 17408 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:09 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe 2007-12-12 15:38:09 9728 --a------ C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:08 50688 --a------ C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:08 109568 --a------ C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:08 151552 --a------ C:\WINDOWS\system32\prntfix.exe <Not Verified; ; prntfix Application> 2007-12-12 15:38:08 9216 --a------ C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:07 49152 --a------ C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:07 34304 --a------ C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:06 19456 --a------ C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:06 15872 --a------ C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:05 15360 --a------ C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:38:05 22528 --a------ C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:05 59904 --a------ C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:04 41984 --a------ C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:38:04 216576 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:58 223232 -ra------ C:\WINDOWS\system32\nvsataconnection.exe 2007-12-12 15:37:53 249344 -ra------ C:\WINDOWS\system32\NvRaidMan.exe 2007-12-12 15:37:51 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-12-12 15:37:51 420864 --a------ C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:51 31744 --a------ C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:49 79360 --a------ C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:49 70656 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:48 37888 --a------ C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:48 88576 --a------ C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:48 335872 --a------ C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:46 124928 --a------ C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:46 42496 --a------ C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:46 4096 --a------ C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:46 21504 --a------ C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:45 55296 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:43 411648 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:43 12288 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:43 6656 --a------ C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:41 347648 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:39 45568 --a------ C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer> 2007-12-12 15:37:39 128000 --a------ C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:39 22528 --a------ C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:36 14336 --a------ C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:36 22016 --a------ C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:36 124928 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:35 8192 --a------ C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:35 144384 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Gestionnaire de synchronisation Microsoft> 2007-12-12 15:37:34 816128 --a------ C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:33 52736 --a------ C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:32 85504 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:32 73216 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:30 9216 --a------ C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:30 6144 --a------ C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:30 515584 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 221696 --a------ C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 15872 --a------ C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 61952 --a------ C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:29 100864 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:28 5120 --a------ C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:28 26624 --a------ C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:28 30208 --a------ C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:25 9728 --a------ C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:24 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-12-12 15:37:19 24576 --a------ C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:18 53760 --a------ C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:18 46080 --a------ C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:17 58368 --a------ C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:16 114688 --a------ C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:12 8704 --a------ C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:11 16384 --a------ C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:11 39424 --a------ C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:10 46080 --a------ C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:10 61952 --a------ C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:10 193024 --a------ C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:09 55808 --a------ C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:09 7168 --a------ C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:09 21504 --a------ C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:09 23040 --a------ C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:08 3072 --a------ C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:08 10240 --a------ C:\WINDOWS\system32\finger.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:08 29184 --a------ C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:08 9216 --a------ C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:08 14848 --a------ C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:07 45568 --a------ C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:07 16896 --a------ C:\WINDOWS\system32\expand.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:07 9216 --a------ C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:07 195072 --a------ C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:06 39424 --a------ C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:05 180224 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting> 2007-12-12 15:37:05 17920 --a------ C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:05 59392 --a------ C:\WINDOWS\system32\dvdplay.exe <Not Verified; ; Application dvdplay> 2007-12-12 15:37:04 47104 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:04 249856 --a------ C:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:03 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:03 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:03 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:02 10752 --a------ C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:02 15872 --a------ C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT> 2007-12-12 15:37:01 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:37:00 19456 --a------ C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:37:00 167936 --a------ C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Application Diskpart Microsoft Corporation> 2007-12-12 15:36:59 85504 --a------ C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:59 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. et Executive Software International, Inc.; Défragmenteur de disque Windows> 2007-12-12 15:36:58 25088 --a------ C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter> 2007-12-12 15:36:58 31744 --a------ C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:58 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services> 2007-12-12 15:36:56 98304 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host> 2007-12-12 15:36:55 13824 --a------ C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:55 8192 --a------ C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:55 27648 --a------ C:\WINDOWS\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:54 18432 --a------ C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:54 15872 --a------ C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:54 65536 --a------ C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager> 2007-12-12 15:36:53 40448 --a------ C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager> 2007-12-12 15:36:53 47104 --a------ C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager> 2007-12-12 15:36:53 400896 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:52 104448 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:52 65536 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:51 7680 --a------ C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 8192 --a------ C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 11264 --a------ C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 11776 --a------ C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:51 45056 --a------ C:\WINDOWS\system32\ChCfg.exe 2007-12-12 15:36:51 80896 --a------ C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:50 4608 --a------ C:\WINDOWS\system32\carpserv.exe <Not Verified; Conexant Systems, Inc.; Conexant carpserv> 2007-12-12 15:36:49 115200 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:49 19456 --a------ C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:48 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:48 4608 --a------ C:\WINDOWS\system32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:48 71680 --a------ C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:47 14336 --a------ C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:46 11264 --a------ C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:46 11264 --a------ C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:46 25088 --a------ C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:45 19968 --a------ C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:45 98304 --a------ C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:44 4096 --a------ C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow> 2007-12-12 15:36:44 189952 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:43 288256 --a------ C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:43 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-12-12 15:36:42 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2007-12-12 15:36:42 106496 --a------ C:\WINDOWS\UPSCR.Scr 2007-12-12 15:36:42 129024 --a------ C:\WINDOWS\UNWISE.EXE 2007-12-12 15:36:42 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; > 2007-12-12 15:36:41 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2007-12-12 15:36:41 99840 --a------ C:\WINDOWS\UninstallFirefox.exe 2007-12-12 15:36:41 304128 --a------ C:\WINDOWS\unin040c.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield Deinstaller> 2007-12-12 15:36:41 25600 --a------ C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker> 2007-12-12 15:36:40 15872 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:40 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-12-12 15:36:39 153088 --a------ C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:39 135168 --a------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519> 2007-12-12 15:36:38 70656 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:38 529408 --a------ C:\WINDOWS\mHotkey.exe <Not Verified; Chicony; Chicony Multimedia Driver> 2007-12-12 15:36:38 320512 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-12-12 15:36:37 310784 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-12-12 15:36:37 10752 --a------ C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help> 2007-12-12 15:36:36 40960 --a------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice> 2007-12-12 15:36:36 32256 --a------ C:\WINDOWS\amcap.exe 2007-12-12 15:36:36 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool> 2007-12-12 15:36:36 217088 --a------ C:\WINDOWS\Alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool> 2007-12-12 15:36:34 295424 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:33 18432 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:33 93184 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:32 57856 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:32 100352 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:31 142336 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:31 132608 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:31 75264 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:29 114176 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:28 78848 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode> 2007-12-12 15:36:28 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator> 2007-12-12 15:36:28 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®> 2007-12-12 15:36:27 150016 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:25 225280 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Gestionnaire de disque logique pour Windows NT> 2007-12-12 15:36:24 33280 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:24 5632 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:23 44544 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:22 33792 --a------ C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:22 10752 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:22 577536 --a------ C:\WINDOWS\soundman.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager> 2007-12-12 15:36:21 25088 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-12 15:36:20 15360 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-12-12 15:36:18 1037312 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2007-12-11 23:07:08 8019 --a------ C:\WINDOWS\mozver.dat 2007-12-10 01:40:00 0 d-------- C:\Program Files\AvRack 2007-12-10 01:39:54 0 d-------- C:\Program Files\Foxit Reader 2007-12-10 01:39:52 0 d-------- C:\Program Files\HP Adjustment Pattern Utility 2007-12-10 01:39:47 0 d-------- C:\Program Files\Messenger 2007-12-10 01:39:44 0 d-------- C:\Program Files\Movie Maker 2007-12-10 01:39:43 0 d-------- C:\Program Files\Opera 2007-12-10 01:39:43 0 d-------- C:\Program Files\NetDrive 2007-12-10 01:39:42 0 d-------- C:\Program Files\PDFCreator 2007-12-10 01:39:35 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Journal Viewer 2007-12-10 01:39:34 0 d-------- C:\Program Files\Warcraft III 2007-12-10 01:39:34 0 d-------- C:\Program Files\UltraISO 2007-12-09 16:12:38 504910 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-09 16:12:38 83286 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-06 23:00:41 0 d-------- C:\Documents and Settings\Raf\Application Data\Adobe 2007-12-06 22:59:00 0 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-28 16:38:03 0 d-------- C:\Program Files\skype 2007-11-27 18:53:17 0 d-------- C:\Program Files\SIM Manager Pro 2007-11-27 12:01:02 3480 --a------ C:\WINDOWS\AUTOLNCH.REG 2007-10-28 19:34:40 0 d-------- C:\Documents and Settings\Raf\Application Data\OfficeUpdate12 2007-10-28 19:27:07 0 d-------- C:\Program Files\Fichiers communs\ODBC 2007-10-21 14:55:48 0 d-------- C:\Program Files\Picasa2 2007-10-06 23:29:18 66832 --a------ C:\Documents and Settings\Raf\Application Data\GDIPFONTCACHEV1.DAT 2007-09-17 17:40:56 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [12/12/2007 15:36 C:\WINDOWS\soundman.exe] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [14/11/2007 15:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/12/2007 15:36] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) "NoSMHelp"=01000000 "NoRecentDocsMenu"=01000000 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "StartMenuLogOff"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstq.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}] AutoRun\command- E:\Autorun.exe -- End of Deckard's System Scanner: finished at 2007-12-13 22:35:42 ------------
-
up
-
VundoFix V6.7.0 Checking Java version... Scan started at 18:03:17 11/12/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... Attempting to delete C:\WINDOWS\system32\awttutq.dll C:\WINDOWS\system32\awttutq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\awttutq.dll C:\WINDOWS\system32\awttutq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\jkkli.dll C:\WINDOWS\system32\jkkli.dll Has been deleted! Performing Repairs to the registry. Done! Deckard's System Scanner v20071014.68 Run by Raf on 2007-12-11 21:50:44 Computer is in Normal Mode. -------------------------------------------------------------------------------- Je n'ai pas trouver les ligne O2 et O20 Est-ce du à ma version de HJT ou est-il corrompu ? Pourtant je les voie dans le rapport de dss -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-11 21:51:48 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\soundman.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Raf\Bureau\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R3 - URLSearchHook: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0A82D6EE-566F-4134-BA4D-B55F32AC5A18} - C:\WINDOWS\system32\jkkli.dll (file missing) O2 - BHO: {ead24ed1-1234-da1b-f7b4-d860380779b0} - {0b977083-068d-4b7f-b1ad-43211de42dae} - C:\WINDOWS\system32\dnmlafbq.dll (file missing) O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - C:\WINDOWS\system32\awttutq.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - CmdMapping - (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 8212 bytes -- Files created between 2007-11-11 and 2007-12-11 ----------------------------- 2007-12-11 21:47:30 32768 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service> 2007-12-11 21:45:56 0 d-------- C:\VundoFix Backups 2007-12-11 21:40:05 0 drahs---- C:\autorun.inf 2007-12-11 20:38:20 0 d-------- C:\Documents and Settings\Raf\Application Data\Grisoft 2007-12-11 19:12:59 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia 2007-12-11 18:53:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-11 18:53:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-11 18:48:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2007-12-11 18:39:47 0 dr-h----- C:\Documents and Settings\Raf\Recent 2007-12-10 22:29:27 0 d-------- C:\WINDOWS\ERUNT 2007-12-10 22:04:42 0 d-------- C:\hijackthis 2007-12-10 21:10:06 0 d-------- C:\SmitfraudFix 2007-12-10 02:13:03 0 d-------- C:\AVG 2007-12-10 01:43:52 0 d-------- C:\Program Files\LizardTech 2007-12-10 00:23:19 0 d-------- C:\Program Files\Alwil Software 2007-12-09 23:47:56 7340032 --a------ C:\Documents and Settings\Raf\ntuser.dat 2007-12-09 23:47:53 1400832 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2007-12-09 13:26:28 0 dr-h----- C:\Documents and Settings\Administrateur\Recent 2007-12-09 11:06:14 36352 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-09 11:06:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-12-09 11:06:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-12-09 11:06:14 58368 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-09 11:06:13 61440 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-12-09 10:48:41 1534 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 10:44:31 1046702 --a------ C:\SmitfraudFix.exe 2007-12-09 00:09:35 0 d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software 2007-12-08 19:56:36 0 d-------- C:\Program Files\Helper 2007-12-08 19:56:19 37888 -----n--- C:\WINDOWS\system32\awttutq.dll 2007-12-06 22:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-11-27 18:57:36 0 d-------- C:\Program Files\CHIPDRIVE -- Find3M Report --------------------------------------------------------------- 2007-12-10 01:40:13 0 d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-12-10 01:40:11 0 d-------- C:\Program Files\adslTV 2007-12-10 01:40:01 0 d-------- C:\Program Files\AutoGK 2007-12-10 01:40:00 0 d-------- C:\Program Files\Boilsoft ASF Converter 2007-12-10 01:40:00 0 d-------- C:\Program Files\AvRack 2007-12-10 01:39:54 0 d-------- C:\Program Files\Foxit Reader 2007-12-10 01:39:54 0 d-------- C:\Program Files\FlashGet 2007-12-10 01:39:52 0 d-------- C:\Program Files\HP Adjustment Pattern Utility 2007-12-10 01:39:47 0 d-------- C:\Program Files\Messenger 2007-12-10 01:39:44 0 d-------- C:\Program Files\Movie Maker 2007-12-10 01:39:43 0 d-------- C:\Program Files\Opera 2007-12-10 01:39:43 0 d-------- C:\Program Files\NetDrive 2007-12-10 01:39:42 0 d-------- C:\Program Files\PDFCreator 2007-12-10 01:39:41 0 d-------- C:\Program Files\Picture It! Premium 10 2007-12-10 01:39:36 0 d-------- C:\Program Files\Realtek AC97 2007-12-10 01:39:35 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Journal Viewer 2007-12-10 01:39:34 0 d-------- C:\Program Files\Warcraft III 2007-12-10 01:39:34 0 d-------- C:\Program Files\UltraISO 2007-12-10 01:07:29 0 d-------- C:\Program Files\Windows Media Connect 2007-12-09 16:12:38 504910 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-09 16:12:38 83286 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-09 11:13:54 8019 --a------ C:\WINDOWS\mozver.dat 2007-12-09 09:33:05 80384 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-12-06 23:00:41 0 d-------- C:\Documents and Settings\Raf\Application Data\Adobe 2007-12-06 22:59:00 0 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-28 16:38:03 0 d-------- C:\Program Files\skype 2007-11-28 16:38:03 0 d-------- C:\Program Files\Fichiers communs 2007-11-27 18:53:17 0 d-------- C:\Program Files\SIM Manager Pro 2007-11-27 12:01:02 3480 --a------ C:\WINDOWS\AUTOLNCH.REG 2007-10-28 19:34:40 0 d-------- C:\Documents and Settings\Raf\Application Data\OfficeUpdate12 2007-10-28 19:27:07 0 d-------- C:\Program Files\Fichiers communs\ODBC 2007-10-21 14:55:48 0 d-------- C:\Program Files\Picasa2 2007-10-06 23:29:18 66832 --a------ C:\Documents and Settings\Raf\Application Data\GDIPFONTCACHEV1.DAT 2007-09-17 17:40:56 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A82D6EE-566F-4134-BA4D-B55F32AC5A18}] C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b977083-068d-4b7f-b1ad-43211de42dae}] C:\WINDOWS\system32\dnmlafbq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}] 08/12/2007 19:56 37888 --------- C:\WINDOWS\system32\awttutq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [02/03/2006 06:22 C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 21:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) "NoSMHelp"=01000000 "NoRecentDocsMenu"=01000000 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "StartMenuLogOff"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\awttutq.dll [08/12/2007 19:56 37888] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}] AutoRun\command- E:\Autorun.exe -- End of Deckard's System Scanner: finished at 2007-12-11 21:52:13 ------------
-
dss rapport après reboot Deckard's System Scanner v20071014.68 Run by Raf on 2007-12-11 21:31:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-11 21:32:17 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\soundman.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Raf\Bureau\dss.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R3 - URLSearchHook: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0A82D6EE-566F-4134-BA4D-B55F32AC5A18} - C:\WINDOWS\system32\jkkli.dll O2 - BHO: {ead24ed1-1234-da1b-f7b4-d860380779b0} - {0b977083-068d-4b7f-b1ad-43211de42dae} - C:\WINDOWS\system32\dnmlafbq.dll (file missing) O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - C:\WINDOWS\system32\awttutq.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [847368e1] rundll32.exe "C:\WINDOWS\system32\exytgqjs.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - CmdMapping - (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: awttutq - C:\WINDOWS\system32\awttutq.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 8499 bytes -- Files created between 2007-11-11 and 2007-12-11 ----------------------------- 2007-12-11 20:38:20 0 d-------- C:\Documents and Settings\Raf\Application Data\Grisoft 2007-12-11 19:12:59 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia 2007-12-11 18:53:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-11 18:53:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-11 18:48:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2007-12-11 18:39:47 0 dr-h----- C:\Documents and Settings\Raf\Recent 2007-12-11 18:03:17 0 d-------- C:\VundoFix Backups 2007-12-10 22:29:27 0 d-------- C:\WINDOWS\ERUNT 2007-12-10 22:04:42 0 d-------- C:\hijackthis 2007-12-10 21:10:06 0 d-------- C:\SmitfraudFix 2007-12-10 02:13:03 0 d-------- C:\AVG 2007-12-10 01:43:52 0 d-------- C:\Program Files\LizardTech 2007-12-10 00:23:19 0 d-------- C:\Program Files\Alwil Software 2007-12-09 23:47:56 7340032 --a------ C:\Documents and Settings\Raf\ntuser.dat 2007-12-09 23:47:53 1400832 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2007-12-09 13:35:35 335968 --a------ C:\WINDOWS\system32\jkkli.dll 2007-12-09 13:26:28 0 dr-h----- C:\Documents and Settings\Administrateur\Recent 2007-12-09 11:06:14 36352 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-09 11:06:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-12-09 11:06:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-12-09 11:06:14 58368 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-09 11:06:13 61440 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-12-09 10:48:41 1534 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 10:44:31 1046702 --a------ C:\SmitfraudFix.exe 2007-12-09 00:09:35 0 d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software 2007-12-08 19:56:36 0 d-------- C:\Program Files\Helper 2007-12-08 19:56:19 37888 --a------ C:\WINDOWS\system32\awttutq.dll 2007-12-06 22:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-11-27 18:57:36 0 d-------- C:\Program Files\CHIPDRIVE -- Find3M Report --------------------------------------------------------------- 2007-12-10 01:40:13 0 d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-12-10 01:40:11 0 d-------- C:\Program Files\adslTV 2007-12-10 01:40:01 0 d-------- C:\Program Files\AutoGK 2007-12-10 01:40:00 0 d-------- C:\Program Files\Boilsoft ASF Converter 2007-12-10 01:40:00 0 d-------- C:\Program Files\AvRack 2007-12-10 01:39:54 0 d-------- C:\Program Files\Foxit Reader 2007-12-10 01:39:54 0 d-------- C:\Program Files\FlashGet 2007-12-10 01:39:52 0 d-------- C:\Program Files\HP Adjustment Pattern Utility 2007-12-10 01:39:47 0 d-------- C:\Program Files\Messenger 2007-12-10 01:39:44 0 d-------- C:\Program Files\Movie Maker 2007-12-10 01:39:43 0 d-------- C:\Program Files\Opera 2007-12-10 01:39:43 0 d-------- C:\Program Files\NetDrive 2007-12-10 01:39:42 0 d-------- C:\Program Files\PDFCreator 2007-12-10 01:39:41 0 d-------- C:\Program Files\Picture It! Premium 10 2007-12-10 01:39:36 0 d-------- C:\Program Files\Realtek AC97 2007-12-10 01:39:35 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Journal Viewer 2007-12-10 01:39:34 0 d-------- C:\Program Files\Warcraft III 2007-12-10 01:39:34 0 d-------- C:\Program Files\UltraISO 2007-12-10 01:07:29 0 d-------- C:\Program Files\Windows Media Connect 2007-12-09 16:12:38 504910 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-09 16:12:38 83286 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-09 11:13:54 8019 --a------ C:\WINDOWS\mozver.dat 2007-12-09 09:33:05 80384 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-12-06 23:00:41 0 d-------- C:\Documents and Settings\Raf\Application Data\Adobe 2007-12-06 22:59:00 0 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-28 16:38:03 0 d-------- C:\Program Files\skype 2007-11-28 16:38:03 0 d-------- C:\Program Files\Fichiers communs 2007-11-27 18:53:17 0 d-------- C:\Program Files\SIM Manager Pro 2007-11-27 12:01:02 3480 --a------ C:\WINDOWS\AUTOLNCH.REG 2007-10-28 19:34:40 0 d-------- C:\Documents and Settings\Raf\Application Data\OfficeUpdate12 2007-10-28 19:27:07 0 d-------- C:\Program Files\Fichiers communs\ODBC 2007-10-21 14:55:48 0 d-------- C:\Program Files\Picasa2 2007-10-06 23:29:18 66832 --a------ C:\Documents and Settings\Raf\Application Data\GDIPFONTCACHEV1.DAT 2007-09-17 17:40:56 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A82D6EE-566F-4134-BA4D-B55F32AC5A18}] 09/12/2007 13:35 335968 --a------ C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b977083-068d-4b7f-b1ad-43211de42dae}] C:\WINDOWS\system32\dnmlafbq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}] 08/12/2007 19:56 37888 --a------ C:\WINDOWS\system32\awttutq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [02/03/2006 06:22 C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "847368e1"="C:\WINDOWS\system32\exytgqjs.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 21:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) "NoSMHelp"=01000000 "NoRecentDocsMenu"=01000000 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "StartMenuLogOff"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\awttutq.dll [08/12/2007 19:56 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttutq] awttutq.dll 08/12/2007 19:56 37888 C:\WINDOWS\system32\awttutq.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}] AutoRun\command- E:\Autorun.exe -- End of Deckard's System Scanner: finished at 2007-12-11 21:32:44 ------------
-
OTMoveit ma demandé de redémarrer, j'ai répondu yes comme tu me l'as demandé. Le PC a rebooté j'ai eu message concernant un .dll : C:\windows\system32\exytgqs.dll Le rapport OTMoveit DllUnregisterServer procedure not found in C:\WINDOWS\system32\exytgqjs.dll C:\WINDOWS\system32\exytgqjs.dll NOT unregistered. C:\WINDOWS\system32\exytgqjs.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\dnmlafbq.dll C:\WINDOWS\system32\dnmlafbq.dll NOT unregistered. C:\WINDOWS\system32\dnmlafbq.dll moved successfully. C:\WINDOWS\system32\ilkkj.bak2 moved successfully. C:\WINDOWS\system32\ilkkj.bak1 moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkli.dll C:\WINDOWS\system32\jkkli.dll NOT unregistered. File move failed. C:\WINDOWS\system32\jkkli.dll scheduled to be moved on reboot. DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvuvwtt.dll C:\WINDOWS\system32\wvuvwtt.dll NOT unregistered. C:\WINDOWS\system32\wvuvwtt.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\awttutq.dll C:\WINDOWS\system32\awttutq.dll NOT unregistered. File move failed. C:\WINDOWS\system32\awttutq.dll scheduled to be moved on reboot. C:\Program Files\Foxit moved successfully. Created on 12/11/2007 21:23:16 HJT Logfile of HijackThis v1.99.1 Scan saved at 21:29:28, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [847368e1] rundll32.exe "C:\WINDOWS\system32\exytgqjs.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe je reboot
-
SDFix report SDFix: Version 1.118 Run by Raf on 11/12/2007 at 20:59 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\COMBOFIX.EXE - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-11 21:08:35 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG08.00.00.01WORKSTATION"="19645FFA519F18357B00A2524004475F6B151DE5561C5C26B55CD70F43C41AB2FB190435D28A0304ABB9A9506F2FCA9889C15E3BB07E56E4BFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB34526659381282546FCDC3F769B9B33E4F77E91A4CA8C8DFB22A88AF8EDBBD6D04173F2774560B73B0AF8E25AF2FFC5AA7320E5075B3D2F62058FB2E7A8E3A2F300C9A082B8E8B2937A8DBEB40EEE71417D9DAB29C399571B87AAF1C80B13880EB9104F788D753AA06D103E2FD742289E2371810F735B9F62AA977224B607C32E733FB18CC10E18F724653C3DDFE88BB29187E5BD1E999117683988B9A008176AB7F742A4B5AF0D2A9A60DE9E892B010584D3DA787DBC9AE6FA9CEC6C0B3F5650F88D797EC9EE8D6281464D5BB78E051B4A974B18C548AA240C2496525E63AFA4166026C2F07E95FC1B8032E88BC15AA5507BBD4E6E057A165762CA043C762954433C0579F83C5941D3F07BA142FFC2EA7C29D15B052DB472E738C522B48BAF8EC0DDAAD65468203B5577EE8B864FBD2693C959617BD7792406BF5F87F20BE4C65178766B7C75B1B583571C86234A9EF2FD718A45FFBC064159468B77646211B2B77711DE143BD31AA105710923AD1C4617F0A2D5C2B7E057927D455DD7CC5D41059B9134536CE7DA0231E1760D6F270BA9F4641FA2B2E9D0C62A5BC1341494D3AEB742BD565E11D862EA5DAF1AEC1FA4C281A963822803BC407327D895E753B23602A6D1CD6838F7BF4C3FC072AA54C788EC708A67958536ADA4CC9C85BCE3A99EDD585B356713970404241EF7439B1F74A8513EB5DD0BA9928B579EC8609CA3D4FE7C3CD721E64AE5ADC92917ECC5D56597CD9C2BF34AB44BB250623738E4E0544C31C2E7F313BCE93C4FAE6FB63E3733C4BA2F9D484C4AD66C60FB0F7FC0E3C8DC2262D14044FC0BF1FACFA6535BE82F685D573177588F000B858ECAD25B37D73301E370B251447B585FDF0F52DCB8B912F8226C170DC78610EC641F20D50BD3F4C644B82D763F8D084E5FC2FEB4CEB1A42D99B58110D86E64E67AE696ED541C04A7B805F9278BFF19C82E755C365CF212D33F09DA7C62F74746848F7361D214AD20C7C497E73DB7C4414116F3CA0BE3A53865A1D399D5B6EEE1B344886E0CB3283E27C2A7CD9DE5762FE674A11EC0FFE09F39DA2FE06C73E22F8AEC8B3C08352E8ED51301C93316FD64D7175B298EB8B98BA153F645B0651639B07AC493F5E0C0AC2DED0A76D0CB2EFABC8C5435B5501C0C2AD490A5D791AFDC120E784C444BE5E191CC11617FE96746A1AD21B4E20843316EBD7C5ABDB8EB1CEF136541CF4D3CF4B177D9725EB919CFE2679C5EDF23D956064C99E4F39" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 21 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Wed 2 Nov 2005 56 ..SHR --- "C:\WINDOWS\system32\D995BCB293.sys" Sun 9 Dec 2007 6,495 ..SH. --- "C:\WINDOWS\system32\ilkkj.bak1" Tue 11 Dec 2007 62,580 ..SH. --- "C:\WINDOWS\system32\ilkkj.bak2" Wed 2 Nov 2005 10,856 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Wed 1 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 1 Mar 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak" Fri 13 Aug 2004 1,961,984 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe" Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll" Fri 13 Aug 2004 101,376 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe" Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll" Fri 13 Aug 2004 28,672 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe" Sun 9 Dec 2007 79,872 A..H. --- "C:\Swsetup\Monitors\SP31623\hpinsx64.exe" Tue 11 Dec 2007 85,504 ..SH. --- "C:\Documents and Settings\Administrateur\Local Settings\Temp\pfjliraf.exe" Mon 25 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! HJT report Logfile of HijackThis v1.99.1 Scan saved at 21:11:34, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [847368e1] rundll32.exe "C:\WINDOWS\system32\exytgqjs.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: E404Helper - {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
-
Re le log Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Édition familiale (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: AMD Athlon 64 Processor 3400+ Percentage of Memory in Use: 25% Physical Memory (total/avail): 1535.48 MiB / 1141.43 MiB Pagefile Memory (total/avail): 2921.89 MiB / 2628.74 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.12 MiB C: is Fixed (NTFS) - 272.46 GiB total, 229.05 GiB free. D: is Fixed (FAT32) - 2.05 GiB total, 0.71 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is CDROM (No Media) I: is Removable (No Media) J: is Removable (No Media) K: is Removable (No Media) L: is Removable (No Media) Z: is Network (WebDrive) \\.\PHYSICALDRIVE0 - Maxtor 6B300S0 - 279.47 GiB - 3 partitions \PARTITION0 (bootable) - Système de fichiers installable - 272.46 GiB - C: \PARTITION1 - Unknown - 2.05 GiB - D: \PARTITION2 - Unknown - 4.96 GiB \\.\PHYSICALDRIVE4 - SCM CF Card Reader USB Device \\.\PHYSICALDRIVE1 - SCM MS Card Reader USB Device \\.\PHYSICALDRIVE2 - SCM SD Card Reader USB Device \\.\PHYSICALDRIVE3 - SCM SM Card Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. FirstRunDisabled is set. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Raf\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=AMD64 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Raf LOGONSERVER=\\AMD64 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Fichiers communs\Ulead Systems\DVD;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0f00 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Raf\LOCALS~1\Temp TMP=C:\DOCUME~1\Raf\LOCALS~1\Temp USERDOMAIN=AMD64 USERNAME=Raf USERPROFILE=C:\Documents and Settings\Raf windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Raf (admin) Administrateur (admin) Invité (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x40c --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07} AC-3 ACM Decompressor --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf AC3+DTS XForm (remove only) --> "C:\Program Files\AC3+DTS XForm\uninstall.exe" Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} adsl TV --> C:\Program Files\adslTV\Uninstal.exe Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Auto Gordian Knot 2.40 beta --> C:\Program Files\AutoGK\uninst.exe AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe" Boilsoft ASF Converter 2.68 --> "C:\Program Files\Boilsoft ASF Converter\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CDXA Image Reader Filter (SVCD/XCD) (remove only) --> "C:\Program Files\CDXA Image Reader Filter (SVCDXCD)\uninstall.exe" CHIPDRIVE SIM Manager Pro v3.3 --> "C:\Program Files\CHIPDRIVE\SIM Manager Pro\unins000.exe" DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2} DVD de bonus Studio 10 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x40c UNINSTALL EVEREST Home Edition v2.01 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" FlashGet 1.8.2.1002 --> C:\Program Files\FlashGet\uninst.exe FM-56PCI-HSFi-AB --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F02&SUBSYS_000B1767 Foxit PDF Editor --> C:\Program Files\Foxit Software\PDF Editor\uninstall.exe Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Foxit Toolbar --> C:\PROGRA~1\Foxit\UNWISE.EXE C:\PROGRA~1\Foxit\INSTALL.LOG HijackThis 1.99.1 --> C:\hijackthis\HijackThis.exe /uninstall HP PrecisionScan --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPUninstallIs.dll" Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} K-Lite Codec Pack 3.2.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7} Microsoft Photo Premium 10 --> "C:\Program Files\Fichiers communs\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Word 2002 --> MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL Nero Suite --> C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL NetDrive --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31} OpenSource MPEG Splitter (remove only) --> "C:\Program Files\OpenSource MPEG Splitter\uninstall.exe" OpenSource OGG Splitter (remove only) --> "C:\Program Files\OpenSource OGG Splitter\uninstall.exe" Opera 9.23 --> MsiExec.exe /X{45A54FAD-AADB-4CD2-9E56-2507A15F013D} PDFCreator --> C:\Program Files\PDFCreator\unins000.exe Philips SPC 900NC PC Camera --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}\setup.exe" -l0x40c Philips VLounge --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}\Setup.exe" -l0x40c Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\uninstal.log Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x40c UNINSTALL proDAD Heroglyph 2.0 --> "C:\Program Files\proDAD\Heroglyph-2.0\uninstall.exe" uninstall spcp PATHVERSION 2.0 MAINNAME Heroglyph RadLight OptimFROG DirectShow Filter (remove only) --> "C:\WINDOWS\system32\RadLightOFRUninstall.exe" RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C} Real Alternative 1.48 --> "C:\Program Files\Real Alternative\unins000.exe" RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log SIPPS --> C:\WINDOWS\UNSIPPS.exe /UNINSTALL Smart Card Reader Driver Installation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}\SETUP.EXE" -l0x9 SmartSound Quicktracks Plugin --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} SONY Photosizetool --> MsiExec.exe /X{05920D61-7B23-47ED-A3F5-6B1936A95AE0} SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Studio 10 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe" -l0x40c UNINSTALL Studio 10.5 Patch --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}\setup.exe" -l0x40c UNINSTALL Studio 10.5.2 Patch --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED775CE1-E9F7-41C4-BE91-C925E6D5F513}\setup.exe" -l0x40c UNINSTALL -removeonly Sélecteur d'installation de Microsoft Works 2005 --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\ TeLL me More --> "C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui" TreeSize Free V1.77 --> "C:\Program Files\JAM Software\TreeSize\unins000.exe" TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Ulead COOL 360 1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\setup.exe" -l0x40c -uninst Ulead Photo Explorer 8.0 SE Basic --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\setup.exe" -l0x40c UltraISO Premium V8.62 --> "C:\Program Files\UltraISO\unins000.exe" Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004" USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6054F774-FEF0-46C6-9311-EC97FC576FC5}\SETUP.EXE" -l0x40c Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe" Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Presentation Foundation Language Pack (FRA) --> MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows Workflow Foundation FR Language Pack --> MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XML Paper Specification Shared Components Pack 1.0 --> XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe" ZyDAS IEEE 802.11g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9 -- Application Event Log ------------------------------------------------------- Event Record #/Type6712 / Error Event Submitted/Written: 12/11/2007 06:42:41 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante hijackthis.exe, version 1.99.0.1, module défaillant jkkli.dll, version 0.0.0.0, adresse de défaillance 0x0005f5e3. Traitement de l'événement propre au support pour [hijackthis.exe!ws!] Event Record #/Type6711 / Error Event Submitted/Written: 12/11/2007 06:42:27 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante hijackthis.exe, version 1.99.0.1, module défaillant jkkli.dll, version 0.0.0.0, adresse de défaillance 0x0005f5e3. Traitement de l'événement propre au support pour [hijackthis.exe!ws!] Event Record #/Type6685 / Error Event Submitted/Written: 12/09/2007 11:27:38 PM Event ID/Source: 1004 / Application Error Event Description: Application défaillante mpnotify.exe, version 5.1.2600.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x005b0406. Erreur lors de la création du PEAP-TLV résultat en réponse au PEAP-TLV reçu (mpnotify.exe!ld!). Event Record #/Type6680 / Error Event Submitted/Written: 12/09/2007 11:23:27 PM Event ID/Source: 1000 / Application Error Event Description: Application défaillante mpnotify.exe, version 5.1.2600.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x005b0406. Traitement de l'événement propre au support pour [mpnotify.exe!ws!] Event Record #/Type6660 / Warning Event Submitted/Written: 12/09/2007 01:23:09 PM Event ID/Source: 1015 / MsiInstaller Event Description: La connexion au serveur est impossible. Erreur : 0x8007043C -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type30702 / Error Event Submitted/Written: 12/11/2007 08:37:43 PM Event ID/Source: 7001 / Service Control Manager Event Description: Le service Service Partage réseau du Lecteur Windows Media dépend du service Hôte de périphérique universel Plug-and-Play qui n'a pas pu démarrer en raison de l'erreur : %%1058 Event Record #/Type30701 / Error Event Submitted/Written: 12/11/2007 08:37:43 PM Event ID/Source: 7009 / Service Control Manager Event Description: Délai (30000 millisecondes) d'attente pour une connexion du service Carte à puce. Event Record #/Type30700 / Error Event Submitted/Written: 12/11/2007 08:37:43 PM Event ID/Source: 7000 / Service Control Manager Event Description: Le service Spouleur d'impression n'a pas pu démarrer en raison de l'erreur : %%1053 Event Record #/Type30699 / Error Event Submitted/Written: 12/11/2007 08:37:43 PM Event ID/Source: 7009 / Service Control Manager Event Description: Délai (30000 millisecondes) d'attente pour une connexion du service Spouleur d'impression. Event Record #/Type30692 / Error Event Submitted/Written: 12/11/2007 08:36:36 PM Event ID/Source: 10005 / DCOM Event Description: DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF} -- End of Deckard's System Scanner: finished at 2007-12-11 20:43:05 ------------ le log precedent s'appelle extra.txt et celui-ci main.txt (car je crois que HJT est corrompu lui aussi) Deckard's System Scanner v20071014.68 Run by Raf on 2007-12-11 20:40:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 1 Restore Point(s) -- 1: 2007-12-11 19:40:24 UTC - RP376 - Deckard's System Scanner Restore Point Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-11 20:42:08 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetDrive\wdService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\soundman.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Raf\Bureau\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.targa.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {ead24ed1-1234-da1b-f7b4-d860380779b0} - {0b977083-068d-4b7f-b1ad-43211de42dae} - C:\WINDOWS\system32\dnmlafbq.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B4A5B280-1700-4B72-A8E0-CC5F0DA8DFFA} - C:\WINDOWS\system32\jkkli.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - C:\WINDOWS\system32\awttutq.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [847368e1] rundll32.exe "C:\WINDOWS\system32\exytgqjs.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - CmdMapping - (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: awttutq - C:\WINDOWS\system32\awttutq.dll O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\system32\winhoq32.dll (file missing) O21 - SSODL: E404Helper - {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe -- End of file - 8744 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive> R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\netdrive\rffsd.sys R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete> S3 catchme - c:\docume~1\raf\locals~1\temp\catchme.sys (file missing) S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing) S3 METROP (Hewlett-Packard ScanJet 5300C/5370C) - c:\windows\system32\drivers\hp53pw2k.sys <Not Verified; Hewlett Packard Inc.; Hewlett Packard Inc.HP53PW2K> S3 ovt519 (VGA USB Camera) - c:\windows\system32\drivers\ov519vid.sys (file missing) S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing) S3 STV680 (STV0680 Camera) - c:\windows\system32\drivers\stv680.sys <Not Verified; STMicroelectronics; ST-VIBU STV680 Camera Driver> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 WebDriveService (WebDrive Service) - c:\program files\netdrive\wdservice.exe S3 WmcCdsLs (Aide de Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-11-11 and 2007-12-11 ----------------------------- 2007-12-11 20:38:20 0 d-------- C:\Documents and Settings\Raf\Application Data\Grisoft 2007-12-11 19:12:59 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia 2007-12-11 18:53:57 85568 --a------ C:\WINDOWS\system32\exytgqjs.dll 2007-12-11 18:53:57 80448 --a------ C:\WINDOWS\system32\dnmlafbq.dll 2007-12-11 18:53:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-11 18:53:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-11 18:52:32 62580 ---hs---- C:\WINDOWS\system32\ilkkj.bak2 2007-12-11 18:48:43 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2007-12-11 18:39:47 0 dr-h----- C:\Documents and Settings\Raf\Recent 2007-12-11 18:26:33 0 --a------ C:\ComboFix.exe 2007-12-11 18:03:17 0 d-------- C:\VundoFix Backups 2007-12-10 22:29:27 0 d-------- C:\WINDOWS\ERUNT 2007-12-10 22:04:42 0 d-------- C:\hijackthis 2007-12-10 21:10:06 0 d-------- C:\SmitfraudFix 2007-12-10 02:13:03 0 d-------- C:\AVG 2007-12-10 01:43:52 0 d-------- C:\Program Files\LizardTech 2007-12-10 00:23:19 0 d-------- C:\Program Files\Alwil Software 2007-12-09 23:47:56 7340032 --a------ C:\Documents and Settings\Raf\ntuser.dat 2007-12-09 23:47:53 1400832 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2007-12-09 13:35:55 6495 ---hs---- C:\WINDOWS\system32\ilkkj.bak1 2007-12-09 13:35:35 335968 --a------ C:\WINDOWS\system32\jkkli.dll 2007-12-09 13:26:28 0 dr-h----- C:\Documents and Settings\Administrateur\Recent 2007-12-09 11:06:14 36352 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-09 11:06:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2007-12-09 11:06:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-12-09 11:06:14 58368 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-09 11:06:13 61440 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-12-09 10:48:41 1534 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 10:44:31 1046702 --a------ C:\SmitfraudFix.exe 2007-12-09 00:09:35 0 d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software 2007-12-08 19:58:56 37888 --a------ C:\WINDOWS\system32\wvuvwtt.dll 2007-12-08 19:56:36 0 d-------- C:\Program Files\Helper 2007-12-08 19:56:19 37888 --a------ C:\WINDOWS\system32\awttutq.dll 2007-12-06 22:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-12-06 22:47:14 0 d-------- C:\Program Files\Foxit 2007-11-27 18:57:36 0 d-------- C:\Program Files\CHIPDRIVE -- Find3M Report --------------------------------------------------------------- 2007-12-10 01:40:13 0 d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition 2007-12-10 01:40:11 0 d-------- C:\Program Files\adslTV 2007-12-10 01:40:01 0 d-------- C:\Program Files\AutoGK 2007-12-10 01:40:00 0 d-------- C:\Program Files\Boilsoft ASF Converter 2007-12-10 01:40:00 0 d-------- C:\Program Files\AvRack 2007-12-10 01:39:54 0 d-------- C:\Program Files\Foxit Reader 2007-12-10 01:39:54 0 d-------- C:\Program Files\FlashGet 2007-12-10 01:39:52 0 d-------- C:\Program Files\HP Adjustment Pattern Utility 2007-12-10 01:39:47 0 d-------- C:\Program Files\Messenger 2007-12-10 01:39:44 0 d-------- C:\Program Files\Movie Maker 2007-12-10 01:39:43 0 d-------- C:\Program Files\Opera 2007-12-10 01:39:43 0 d-------- C:\Program Files\NetDrive 2007-12-10 01:39:42 0 d-------- C:\Program Files\PDFCreator 2007-12-10 01:39:41 0 d-------- C:\Program Files\Picture It! Premium 10 2007-12-10 01:39:36 0 d-------- C:\Program Files\Realtek AC97 2007-12-10 01:39:35 0 d-------- C:\Program Files\TuneUp Utilities 2007 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-10 01:39:34 0 d-------- C:\Program Files\Windows Journal Viewer 2007-12-10 01:39:34 0 d-------- C:\Program Files\Warcraft III 2007-12-10 01:39:34 0 d-------- C:\Program Files\UltraISO 2007-12-10 01:07:29 0 d-------- C:\Program Files\Windows Media Connect 2007-12-09 16:12:38 504910 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-12-09 16:12:38 83286 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-12-09 11:13:54 8019 --a------ C:\WINDOWS\mozver.dat 2007-12-09 09:33:05 80384 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2007-12-06 23:00:41 0 d-------- C:\Documents and Settings\Raf\Application Data\Adobe 2007-12-06 22:59:00 0 d-------- C:\Program Files\Fichiers communs\Adobe 2007-11-28 16:38:03 0 d-------- C:\Program Files\skype 2007-11-28 16:38:03 0 d-------- C:\Program Files\Fichiers communs 2007-11-27 18:53:17 0 d-------- C:\Program Files\SIM Manager Pro 2007-11-27 12:01:02 3480 --a------ C:\WINDOWS\AUTOLNCH.REG 2007-10-28 19:34:40 0 d-------- C:\Documents and Settings\Raf\Application Data\OfficeUpdate12 2007-10-28 19:27:07 0 d-------- C:\Program Files\Fichiers communs\ODBC 2007-10-21 14:55:48 0 d-------- C:\Program Files\Picasa2 2007-10-06 23:29:18 66832 --a------ C:\Documents and Settings\Raf\Application Data\GDIPFONTCACHEV1.DAT 2007-09-17 17:40:56 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b977083-068d-4b7f-b1ad-43211de42dae}] 11/12/2007 18:53 80448 --a------ C:\WINDOWS\system32\dnmlafbq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}] 25/11/2007 16:48 1498136 --a------ C:\Program Files\Foxit\tbFoxi.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4A5B280-1700-4B72-A8E0-CC5F0DA8DFFA}] 09/12/2007 13:35 335968 --a------ C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}] 08/12/2007 19:56 37888 --a------ C:\WINDOWS\system32\awttutq.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= C:\Program Files\Foxit\tbFoxi.dll [25/11/2007 16:48 1498136] [-HKEY_CLASSES_ROOT\CLSID\{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [02/03/2006 06:22 C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "847368e1"="C:\WINDOWS\system32\exytgqjs.dll" [11/12/2007 18:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 21:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=1 (0x1) "NoSMHelp"=01000000 "NoRecentDocsMenu"=01000000 "NoSMMyDocs"=01000000 "NoSMMyPictures"=01000000 "StartMenuLogOff"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FED51DF2-9644-4C58-9104-90244EDD6EEC}"= C:\WINDOWS\system32\awttutq.dll [08/12/2007 19:56 37888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "E404Helper"= {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttutq] awttutq.dll 08/12/2007 19:56 37888 C:\WINDOWS\system32\awttutq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32] winhoq32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkli.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf9ec1c1-6a2f-11d9-92be-806d6172696f}] AutoRun\command- E:\Autorun.exe *Newly Created Service* - AVGASCLN -- Hosts ----------------------------------------------------------------------- 127.0.0.1 NtKrnlpa.info -- End of Deckard's System Scanner: finished at 2007-12-11 20:43:05 ------------
-
Impossible de le lancer : ComboFiw n'est pas une application Win32 valide !!
-
Bonjour, Depuis maintenant une semaine je me bats contre ce truc qui reviens sans cesse en lisant les forum. J'ai bien lu les post it du forum pour un pré-nettoyage mais voià mon soucis Impossible d'installer antivir, au moment de l'install problem de CRC du à l'infection. -en mode normal -en mode sans echec -via un CD. Rien à faire. Petit historique : Après un passage de Spy boot détection des intrus suivants : torping Win32:virtob win32.Delc.uc j'avais nod32 mais il n'a rien vu. J'ai désinstaller nod32 car il bloquait le demarrage après passage de spyboot En passant par le mode sans échec + passage de rmvirut + Smitfraudfix + SDFix +ATF J'ai pu me débarrasser de torping +virtob (enfin je pense puisque spyboot ne les voit plus) Mais win32.Delf.uc rien à faire. J'ai essayer de réinstaller nod32, mais il détecte tous mes .exe comme infectés et me propose de les supprimer uniquement. J'ai rien fait. N'étant pas un expert je vous demande votre soutien. Ne sachant pas lire le rapport de hijackthis, je vous demande voter aide Voici le rapport : Logfile of HijackThis v1.99.1 Scan saved at 18:46:27, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1190466270562 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{73D9BB0A-7F66-48CE-B56C-6DB4641B5E9A}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: E404Helper - {38ad1a2e-0918-47e6-9f4a-5056a530e65d} - e404d.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe Merci pour votre aide