-
Compteur de contenus
45 -
Inscription
-
Dernière visite
Messages posté(e)s par arriabelle
-
-
Je ne suis pas toute à faite certaine de poser ma question dans la bonne section, mais celle-ci me semblais la plus appropriée.
Voila mon problème, présentement j'ai l'internet avec Cogeco qui fournis un modem qui ne peut pas faire routeur wifi. Cependant j'ai un vieux routeur 2wire de Bell. Le routeur est désactivé depuis longtemps, mais quand l'installateur de Cogeco est venu et qu'il m'as demandé si j'avais un vieux routeur Bell, je ne me souvenait même plus que j'avais celui-là, je l'ai découvert en faisant des boites. Bref, je me disait que si l'installateur de Cogeco pouvait visiblement configurer le routeur Bell uniquement comme un routeur que c'était une chose faisable. J'aimerais beaucoup le faire pour me permettre d'avoir le wifi partout dans mon appartement. Si jamais quelqu'un sait comment faire je lui en serais vraiment très reconnaissante de me l'expliquer.
Merci beaucoup d'avance
-
Alors voici le rapport:
Comme il n'y a aucunes icones sur le bureau je dois passer par le gestionnaire de tâches pour ouvrir OTL qui se trouves sur une clef USB.
-
Alors voici le log combofix, je tiens à préciser que malgré le fait que le PC était connecté à un modem internet fonctionnel (je pouvais surfer sur le web à partir de ce réseau sur mon iPod touch tout en étant assise devant le pc), Combofix me disait toujours que l'ordinateur n'était pas connecté au net, j'ai quand même fait le scan:
ComboFix 11-12-06.01 - claudine simard 2011-12-06 22:35:13.2.1 - x86Lancé depuis: F:\ComboFix.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Exécution préalable -------
.
c:\documents and settings\All Users.WINDOWS\Application Data\amqnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\eavnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\kzrnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\onwnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\qyonaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\umtnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\yaynaaa.tmp
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\1.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\a.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\b.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\c.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\d.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\e.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\f.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\g.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\h.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\i.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\J.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\k.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\l.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\m.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\n.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\o.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\p.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\q.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\r.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\s.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\t.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\u.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\v.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\w.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\x.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\y.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\z.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\WINDOWS
c:\documents and settings\oliv gab\WINDOWS
c:\program files\ScanQuery
c:\windows\expl.dat
c:\windows\system32\Cache
c:\windows\system32\config\systemprofile\Application Data\PriceGong
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1391.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2046.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2229.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2256.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4256.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4402.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\5597.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6590.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6783.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6927.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\7030.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9355.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9387.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9480.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9837.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\a.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\b.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\c.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\d.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\e.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\f.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\g.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\h.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\i.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\j.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\k.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\l.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\m.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\n.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\o.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\p.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\q.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\r.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\s.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\t.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\u.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\v.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\w.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\wlu.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\x.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\y.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\z.txt
c:\windows\system32\dllc.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-11-07 au 2011-12-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-12-06 21:31 . 2011-12-06 21:37 -------- d-----w- C:\ZHP
2011-12-06 21:25 . 2011-12-06 21:37 -------- d-----w- c:\program files\ZHPDiag
2011-12-05 20:47 . 2011-12-05 20:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-05 05:07 . 2011-12-06 22:56 -------- d-----w- C:\WinFileReplace
2011-12-05 02:45 . 2011-12-05 02:45 -------- d-----w- c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira
2011-12-05 02:37 . 2011-07-21 17:22 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-05 02:37 . 2011-07-21 17:22 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-05 02:37 . 2010-06-17 20:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-12-05 02:37 . 2010-06-17 20:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-12-05 02:37 . 2011-12-05 02:37 -------- d-----w- c:\program files\Avira
2011-11-13 14:09 . 2011-11-13 14:09 -------- d-----w- c:\program files\Fichiers communs\Adobe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 19:21 . 2011-10-30 19:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:23 . 2011-03-26 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2011-03-26 18:28 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-03-26 18:29 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 15:41 . 2008-07-29 18:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2011-03-26 18:29 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 12:00 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
.
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll
[-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-10-03 . 04B3377227CD337F740A1BE05A33E6D7 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 87AD8BE7B6A2AA21BD05BAEEC42ADE1C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 8B82D452F8BFCDC50D1C003957EB4C24 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\mshtml.dll
[-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\mshtml.dll
[-] 2010-12-20 . 2F7D3FEEB64619984478CBB095461AA3 . 3099136 . . [6.00.2900.6058] . . c:\windows\ie8\mshtml.dll
[-] 2010-12-20 . E8B6DCBC1A066368C307FC19790349F2 . 3099136 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\mshtml.dll
[-] 2010-05-06 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
.
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 39424 . . [------] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll
[-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-08-22 . 96F7E8DFF026E48DD7655DBFC47E7944 . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 8B466303E57E69AC1F82849006BADAAD . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 77C66BD5CED4E555919A5FB713322CDD . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\wininet.dll
[-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\wininet.dll
[-] 2010-12-20 . 7C135A11B4DA7C4F05EE8C75210B9A87 . 671232 . . [6.00.2900.6058] . . c:\windows\ie8\wininet.dll
[-] 2010-12-20 . 6D9C7A3F1C21F2B1F3332D151140C405 . 672768 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\wininet.dll
[-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\wininet.dll
[-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB2482017$\wininet.dll
.
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 1062400 . . [------] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 210E7ADFEFA2879115612E5C02D410D6 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
.
[-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . A044F43EACDB453AE6DA308DE9BBD51E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 8B9167A0A9E18E22F31FB4EE2563019A . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-13 . C8B7941F9824E9F4D3D7B9B9BAE14FEE . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
.
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2008-04-14 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 09:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2008-04-14 12:00 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
[-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
.
[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
.
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
c:\windows\System32\svchost.exe ... manque !!
c:\windows\explorer.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-30 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-04-21 12:55 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-28 08:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-13 05:27 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-10 01:58 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"Spooler"=2 (0x2)
"SeaPort"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtLmSsp"=3 (0x3)
"NMSAccess"=2 (0x2)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"fsssvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Eventlog"=2 (0x2)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Boonty Games"=3 (0x3)
"aspnet_state"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
.
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 135664]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - HELPSVC
*NewlyCreated* - WUAUSERV
.
Contenu du dossier 'Tâches planifiées'
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]
.
2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-06 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\
.
Heure de fin: 2011-12-06 23:12:46
ComboFix-quarantined-files.txt 2011-12-07 04:12
.
Avant-CF: 21 825 302 528 octets libres
Après-CF: 21 809 262 592 octets libres
.
- - End Of File - - 3AD32AE230AF89D250C113AE77A0BD20
-
Bonjour à tous,
Je résumes un peu les symptômes de ce pc (il n'est pas à moi) qui est visiblement infecté par au moins 2 infections différentes. J'ai fait un scan avec Antivir qui m'as dis que le processus Winlogon.exe et Explorer.exe sont infectés par TROJ/Patched.gen. Il me dis aussi que Svchost est infecté par un adware suivi de tout plein de chiffres. J'ai aussi essayer Rescue me d'antivir qui lui me dis qu'il y a une infection adware/RegRevive.A dans une ligne contenant application data/opencandy/pleins de chiffres. Il m'as dis qu'il y avais un exploit java dans un fichier nommé apache/adidas.class. Il y avais aussi une autre infection dont je me rappelles pas, je n'ai pas été capable de terminer le scan avec Rescue me parce-qu'après un moment il me disait que je manquais de mémoire vive.
Les symptômes autres que le fait de ne plus avoir de processus Explorer.exe et de ne pas être capable de l'éxécuter comme nouvelle tâche, on entendais des publicités qui n'étaient pas visibles et le pc fermais de manière aléatoire.
Voici le rapport HJT:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:14:03, on 2011-12-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\taskmgr.exe
F:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll
O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFixCombobatch.bat
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1301171279171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301161140734
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
--
End of file - 4473 bytes
et le rapport OTL:
OTL logfile created on: 2011-12-05 22:44:45 - Run 2OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
511,42 Mb Total Physical Memory | 288,23 Mb Available Physical Memory | 56,36% Memory free
1,22 Gb Paging File | 1,04 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 20,29 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,63 Gb Free Space | 83,46% Space Free | Partition Type: FAT
Computer Name: CLOCLO-4D55E9C4 | User Name: claudine simard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-12-04 23:15:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-07-21 12:20:29 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011-04-21 07:55:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
========== Modules (No Company Name) ==========
MOD - [2011-07-21 15:12:32 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
========== Win32 Services (SafeList) ==========
SRV - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-04-21 07:55:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010-03-04 21:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
========== Driver Services (SafeList) ==========
DRV - [2011-07-21 12:22:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-07-21 12:22:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010-04-28 01:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010-02-11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-11-12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F8 F2 E8 F9 EB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-13 00:28:19 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011-12-05 15:50:18 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1301171279171 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301161140734 (MUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C8A5F89-4020-4D25-8874-62DDE846FA48}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-03-22 23:19:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011-12-05 15:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\RK_Quarantine
[2011-12-05 14:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-12-05 14:09:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-12-05 14:09:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-12-05 14:09:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-12-05 14:09:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-12-05 14:08:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-12-05 00:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-12-05 00:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-12-05 00:07:23 | 000,000,000 | ---D | C] -- C:\WinFileReplace
[2011-12-04 21:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira
[2011-12-04 21:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Avira
[2011-12-04 21:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011-12-04 21:37:21 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011-12-04 21:37:21 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011-12-04 21:37:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011-12-04 21:37:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011-11-23 18:48:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe
[2011-11-21 17:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment
[2011-11-21 17:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\GameTop.com
[2011-11-21 17:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2011-11-21 17:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3024
[2011-11-21 16:36:27 | 088,496,128 | ---- | C] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir
[2011-11-21 15:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\AdobeUM
[2011-11-17 13:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft
[2011-11-13 09:10:06 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Documents\kbd32.dll
[2011-11-13 09:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Mes documents\My eBooks
[2011-11-13 09:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2011-11-11 17:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Nouveau dossier (2)
[2010-03-25 03:28:46 | 401,790,922 | ---- | C] (Games ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HauntedManorCE.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011-12-05 22:51:43 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-12-05 22:40:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-12-05 22:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-12-05 15:59:33 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011-12-05 15:50:18 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-12-05 01:36:55 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011-12-04 21:54:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-12-04 21:54:07 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job
[2011-12-04 21:37:41 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk
[2011-12-04 21:31:11 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
[2011-12-04 21:31:09 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-12-04 21:31:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011-11-23 18:45:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe
[2011-11-23 18:37:00 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe
[2011-11-23 11:42:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
[2011-11-21 17:48:37 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011-11-21 16:41:46 | 088,496,128 | ---- | M] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir
[2011-11-19 17:57:04 | 016,636,444 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\06 SEROPOSITIF BOOGIE.mp3
[2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\RegRevive.job
[2011-11-10 12:27:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-11-08 14:58:33 | 000,502,986 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011-11-08 14:58:33 | 000,434,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-08 14:58:33 | 000,082,360 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011-11-08 14:58:33 | 000,068,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-06 04:25:52 | 000,001,097 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011-12-05 15:47:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011-12-05 14:09:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-12-05 14:09:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-12-05 14:09:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-12-05 14:09:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-12-05 14:09:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-12-04 21:37:41 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk
[2011-11-23 18:49:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe
[2011-11-20 19:40:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011-11-20 19:40:49 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011-11-06 04:25:52 | 000,001,097 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk
[2011-06-29 17:12:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011-05-16 05:11:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011-05-06 01:14:23 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Options
[2011-04-14 18:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011-03-29 00:48:28 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-27 08:08:27 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-03-26 20:52:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-03-26 13:30:48 | 000,502,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2011-03-26 13:30:48 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2011-03-26 13:30:48 | 000,082,360 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2011-03-26 13:30:48 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2011-03-26 13:30:12 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe
[2011-03-26 13:29:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011-03-26 13:29:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\sdbinnst.exe
[2011-03-26 13:29:32 | 000,434,324 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-26 13:29:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011-03-26 13:29:32 | 000,068,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-26 13:29:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011-03-26 13:29:29 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011-03-26 13:29:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011-03-26 13:29:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011-03-26 13:29:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011-03-26 13:29:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011-03-26 13:28:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lprheelp.dll
[2011-03-26 13:28:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011-03-26 13:28:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011-03-26 13:28:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\assr_pfu.exe
[2011-03-26 10:30:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011-03-26 10:30:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-03-26 09:51:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-03-26 09:49:54 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-26 09:42:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-03-26 09:34:14 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-01-13 21:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010-01-13 21:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2001-07-12 16:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe
[1998-10-10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
========== LOP Check ==========
[2011-05-16 01:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011-04-13 00:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Fish Games
[2011-04-06 02:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
[2011-06-29 17:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Casual Arts
[2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DragonsEye Studios
[2011-04-26 16:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dying for Daylight
[2011-08-22 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fenomen Games
[2011-05-17 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2011-05-28 11:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
[2011-04-06 02:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
[2011-04-10 10:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear
[2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LittleGamesCompany
[2011-03-28 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
[2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maximize Games
[2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Merscom
[2011-05-16 08:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
[2011-05-04 00:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Namco
[2011-05-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Particles
[2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2011-05-16 07:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayPond
[2011-04-08 04:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Registry Helper
[2011-03-28 05:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegRevive
[2011-05-10 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SOS
[2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Top Evidence
[2011-04-03 11:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2011-03-26 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
[2011-11-17 13:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft
[2011-05-02 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\A Gypsy's Tale - The Tower of Secrets
[2011-04-10 04:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Application Data
[2011-04-13 14:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artifex Mundi
[2011-05-11 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artogon
[2011-04-13 14:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Awem
[2011-03-28 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\BabylonToolbar
[2011-04-03 05:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Big Fish Games
[2011-08-23 06:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Blue Tea Games
[2011-06-29 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Canneverbe Limited
[2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Casual Arts
[2011-03-28 06:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Clickteam
[2011-04-03 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\CrazyLoader
[2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\DragonsEye Studios
[2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight
[2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight Shared
[2011-05-28 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enki Games
[2011-05-16 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enlightenus
[2011-06-01 19:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS G-Studio
[2011-09-15 07:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS Game Studios
[2011-06-17 00:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Frogwares
[2011-04-09 05:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\FrostWire
[2011-05-16 07:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Fugazo
[2011-04-10 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHouse
[2011-04-10 04:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHousev1002
[2011-05-16 05:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameMill Entertainment
[2011-05-16 05:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Ghost Ship Studios
[2011-03-27 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HdO Adventure
[2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\LittleGamesCompany
[2011-07-01 04:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA
[2011-08-17 05:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA2
[2011-04-26 15:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\margrave3_full
[2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Maximize Games
[2011-03-27 08:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Meridian93
[2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Merscom
[2011-09-14 07:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Monkey Barrel Games
[2011-04-09 00:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MSNInstaller
[2011-03-28 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\OpenCandy
[2011-07-08 12:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Orneon
[2011-07-07 23:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Phantasmat_bf_ce1
[2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayFirst
[2011-06-01 08:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayPond
[2011-11-21 17:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment
[2011-04-08 04:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\RegistryKeys
[2011-04-15 01:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\report
[2011-06-08 22:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SerpentOfIsis
[2011-03-27 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SpinTop
[2011-03-27 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\TikisLab
[2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Top Evidence
[2011-06-02 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Total Eclipse
[2011-04-04 01:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\UseNeXT
[2011-12-04 21:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\uTorrent
[2011-04-08 18:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vast Studios
[2011-05-06 01:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vogat Interactive
[2011-03-26 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Zylom
[2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\RegRevive.job
[2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job
========== Purity Check ==========
< End of report >
Merci beaucoup de prendre le temps de lire mon message.
-
Salut tout le monde,
Alors pour résumer un peu j'ai reçu un appel d'un indien parlant seulement en anglais qui me disait travailler sur microsoft et qui téléphonait en disant qu'ils avaient reçus beaucoup de messages d'erreur provenant de mon pc... bref il m'as fait faire 2-3 trucs sur mon ordi avant que je ne commences vraiment à me douter que son truc était vraiment louche. Il m'a fait downloader un programme, je l'ai fait analyser par mon antivirus avant de l'ouvrir, j'ai vraiment eu peur et j'ai commencé à essayer de racrocher après que mon curseur de souris ne se mettes à bouger tout seul. J'ai tout de suite fermé le programme, je l'ai supprimé et j'ai déconnecté mon internet jusqu'à ce que je puisse venir poser ma question ici. Je voudrais juste faire vérifier mon rapport HTJ pour être certaine qu'il ne restes pas quelque chose de pas net sur mon ordi. Je sais que j'ai été un peu naive sur ce coup-là, mais je ne voudrais quand même pas que ça compromettes mon pc.
-
Salut à tous,
Mon pc ne va particulièrement mal, mais RUBotted me dis qu'il détectes un Bot sans me dire où et sans me donner d'autres options que de nettoyer avec HouseCall. Je sais pas si ça peut éventuellement vous servir à quelque chose, mais j'aimerais bien avoir une petite analyse HJT histoire de savoir si tout est normal.
Merci beaucoup d'avance:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 01:34:31, on 2002-01-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lclock.exe
C:\Documents and Settings\Wolfy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {587358e3-e95b-4446-af29-13d6ce820e9c} - C:\Program Files\Pirates - FB\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: FCTBPos00Pos - {064F9A9F-3A73-41A1-8F33-D0660836FA8B} - C:\Program Files\Pirates - FB\Toolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pirates - FB - {FCD92A5D-0984-4850-BE14-BDFA192150FF} - C:\Program Files\Pirates - FB\Toolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Wolfy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
--
End of file - 7252 bytes
-
Voila le log après redémarrage:
All processes killedError: Unable to interpret <:first> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named 90467A66.exe was found!
No active process named DE3A4BB5.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver 90467A66 deleted successfully.
Service\Driver DE3A4BB5 deleted successfully.
Service\Driver LQPDB deleted successfully.
Service\Driver OOXJGQ deleted successfully.
Service\Driver QDAIPWCHCREU deleted successfully.
Service\Driver SjyPkt stopped successfully.
Service\Driver SjyPkt deleted successfully.
Service\Driver ancnwq9f not found.
Service\Driver ancnwq9f not found.
Service\Driver ancnwq9f not found.
Service\Driver mbr deleted successfully.
Service\Driver ancnwq9f not found.
Service\Driver rkhdrv40 deleted successfully.
Service\Driver ancnwq9f not found.
Service\Driver SBRE deleted successfully.
Service\Driver ancnwq9f not found.
Service\Driver catchme deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\90467A66.exe moved successfully.
C:\WINDOWS\system32\DE3A4BB5.exe moved successfully.
C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe moved successfully.
C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe moved successfully.
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe moved successfully.
C:\WINDOWS\System32\Drivers\SjyPkt.sys moved successfully.
File/Folder C:\WINDOWS\system32\drivers\ancnwq9f.sys not found.
File/Folder C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys not found.
File/Folder C:\WINDOWS\system32\drivers\rkhdrv40.sys not found.
File/Folder C:\WINDOWS\system32\drivers\SBREdrv.sys not found.
File/Folder C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys not found.
C:\WINDOWS\NIRCMD.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\SDFix\backups moved successfully.
C:\SDFix\apps\Replace\xp moved successfully.
C:\SDFix\apps\Replace\w2k moved successfully.
C:\SDFix\apps\Replace moved successfully.
C:\SDFix\apps moved successfully.
C:\SDFix moved successfully.
C:\ComboFix\N_ moved successfully.
C:\ComboFix moved successfully.
C:\Qoobox\TestC moved successfully.
C:\Qoobox\Test moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Claude\Application Data moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Claude moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\LastRun moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
C:\WINDOWS\system32\CF25764.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 53248 bytes
->Temporary Internet Files folder emptied: 1471609 bytes
->FireFox cache emptied: 11746568 bytes
User: All Users
User: Claude
->Temp folder emptied: 621277 bytes
->Temporary Internet Files folder emptied: 18401763 bytes
->Java cache emptied: 1057655 bytes
->FireFox cache emptied: 41442501 bytes
->Apple Safari cache emptied: 37632096 bytes
->Opera cache emptied: 3890748 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\7104189AC5924A56AC9E7C0CA135DA3C.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 2289230 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 113,15 mb
OTM by OldTimer - Version 3.0.0.2 log created on 06282009_170522
Files moved on Reboot...
Registry entries deleted on Reboot...
-
Fichier 90467A66.exe reçu le 2009.06.28 13:28:45 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.28 Trojan-Spy.Agent.NJP!IK
AhnLab-V3 5.0.0.2 2009.06.27 Win-Trojan/Agent.6656.FJ
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 Trojan/Win32.OnLineGames.gen
Authentium 5.1.2.4 2009.06.27 -
Avast 4.8.1335.0 2009.06.28 -
AVG 8.5.0.339 2009.06.27 -
BitDefender 7.2 2009.06.28 -
CAT-QuickHeal 10.00 2009.06.26 Trojan.Agent.IRC
ClamAV 0.94.1 2009.06.28 Trojan.Spy-44942
Comodo 1470 2009.06.28 TrojWare.Win32.Agent.~GAJ
DrWeb 5.0.0.12182 2009.06.28 -
eSafe 7.0.17.0 2009.06.28 -
eTrust-Vet 31.6.6582 2009.06.26 Win32/PcClient.FW
F-Prot 4.4.4.56 2009.06.27 -
F-Secure 8.0.14470.0 2009.06.27 Trojan:W32/Agent.IKS
Fortinet 3.117.0.0 2009.06.28 W32/Agent.1EA9!tr
GData 19 2009.06.28 -
Ikarus T3.1.1.64.0 2009.06.28 Trojan-Spy.Agent.NJP
Jiangmin 11.0.706 2009.06.28 TrojanSpy.Agent.dja
K7AntiVirus 7.10.768 2009.06.19 Trojan-Spy.Win32.Agent.NJP
Kaspersky 7.0.0.125 2009.06.28 -
McAfee 5659 2009.06.27 Generic PWS.y
McAfee+Artemis 5659 2009.06.27 Generic PWS.y
McAfee-GW-Edition 6.7.6 2009.06.27 -
Microsoft 1.4803 2009.06.28 -
NOD32 4194 2009.06.28 -
Norman 6.01.09 2009.06.26 W32/Agent.MJJN
nProtect 2009.1.8.0 2009.06.28 Trojan-Spy/W32.Agent.6656.C
Panda 10.0.0.16 2009.06.28 -
PCTools 4.4.2.0 2009.06.28 -
Rising 21.35.62.00 2009.06.28 -
Sophos 4.43.0 2009.06.28 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.27 Bulk Trojan
Symantec 1.4.4.12 2009.06.28 Trojan Horse
TheHacker 6.3.4.3.356 2009.06.27 Trojan/Agent.gen
TrendMicro 8.950.0.1094 2009.06.28 -
VBA32 3.12.10.7 2009.06.28 -
ViRobot 2009.6.27.1808 2009.06.27 -
VirusBuster 4.6.5.0 2009.06.27 -
Information additionnelle
File size: 6656 bytes
MD5...: 2d2cfd52b636a3acdd036b74e55b9a7a
SHA1..: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9
SHA256: 61c4b83ca42cd72e90ac46557547994c1aa4a49412e7b1190c610d1837ef8819
ssdeep: 48:OEPDnVTXagwDAk70wmXAp4byWHgs8SHpG89HWBFdLTmtcQ9wkIZMHBYnO3O7E<br>1J:nPDnFXApTsL889aFhicCPGO3Og1<br>
PEiD..: -
TrID..: File type identification<br>-
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1c1d<br>timedatestamp.....: 0x4649d618 (Tue May 15 15:47:36 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0xc2c 0xe00 5.70 3dd073383b20c611a463431861c16973<br>DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc<br>BSS 0x3000 0xa22f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xa6000 0x2d8 0x400 3.57 1ca6e665e111aa0d5ca04c130721765d<br>.reloc 0xa7000 0x10c 0x200 3.99 ce7e4bf50b046fae2ca28edba741b101<br><br>( 4 imports ) <br>> kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, OutputDebugStringW, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetCurrentProcess, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess<br>> ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString<br>> advapi32.dll: StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW<br>> kernel32.dll: FindNextFileW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a''>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>
Fichier DE3A4BB5.exe reçu le 2009.06.28 13:32:52 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.28 Trojan-Spy.Agent.NJP!IK
AhnLab-V3 5.0.0.2 2009.06.27 Win-Trojan/Agent.6656.FJ
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 Trojan/Win32.OnLineGames.gen
Authentium 5.1.2.4 2009.06.27 -
Avast 4.8.1335.0 2009.06.28 -
AVG 8.5.0.339 2009.06.27 -
BitDefender 7.2 2009.06.28 -
CAT-QuickHeal 10.00 2009.06.26 Trojan.Agent.IRC
ClamAV 0.94.1 2009.06.28 Trojan.Spy-44942
Comodo 1470 2009.06.28 TrojWare.Win32.Agent.~GAJ
DrWeb 5.0.0.12182 2009.06.28 -
eSafe 7.0.17.0 2009.06.28 -
eTrust-Vet 31.6.6582 2009.06.26 Win32/PcClient.FW
F-Prot 4.4.4.56 2009.06.27 -
F-Secure 8.0.14470.0 2009.06.27 Trojan:W32/Agent.IKS
Fortinet 3.117.0.0 2009.06.28 W32/Agent.1EA9!tr
GData 19 2009.06.28 -
Ikarus T3.1.1.64.0 2009.06.28 Trojan-Spy.Agent.NJP
Jiangmin 11.0.706 2009.06.28 TrojanSpy.Agent.dja
K7AntiVirus 7.10.768 2009.06.19 Trojan-Spy.Win32.Agent.NJP
Kaspersky 7.0.0.125 2009.06.28 -
McAfee 5659 2009.06.27 Generic PWS.y
McAfee+Artemis 5659 2009.06.27 Generic PWS.y
McAfee-GW-Edition 6.7.6 2009.06.27 -
Microsoft 1.4803 2009.06.28 -
NOD32 4194 2009.06.28 -
Norman 6.01.09 2009.06.26 W32/Agent.MJJN
nProtect 2009.1.8.0 2009.06.28 Trojan-Spy/W32.Agent.6656.C
Panda 10.0.0.16 2009.06.28 -
PCTools 4.4.2.0 2009.06.28 -
Prevx 3.0 2009.06.28 -
Rising 21.35.62.00 2009.06.28 -
Sophos 4.43.0 2009.06.28 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.27 Bulk Trojan
Symantec 1.4.4.12 2009.06.28 Trojan Horse
TheHacker 6.3.4.3.356 2009.06.27 Trojan/Agent.gen
TrendMicro 8.950.0.1094 2009.06.28 -
VBA32 3.12.10.7 2009.06.28 -
ViRobot 2009.6.27.1808 2009.06.27 -
VirusBuster 4.6.5.0 2009.06.27 -
Information additionnelle
File size: 6656 bytes
MD5...: 2d2cfd52b636a3acdd036b74e55b9a7a
SHA1..: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9
SHA256: 61c4b83ca42cd72e90ac46557547994c1aa4a49412e7b1190c610d1837ef8819
ssdeep: 48:OEPDnVTXagwDAk70wmXAp4byWHgs8SHpG89HWBFdLTmtcQ9wkIZMHBYnO3O7E<br>1J:nPDnFXApTsL889aFhicCPGO3Og1<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1c1d<br>timedatestamp.....: 0x4649d618 (Tue May 15 15:47:36 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0xc2c 0xe00 5.70 3dd073383b20c611a463431861c16973<br>DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc<br>BSS 0x3000 0xa22f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xa6000 0x2d8 0x400 3.57 1ca6e665e111aa0d5ca04c130721765d<br>.reloc 0xa7000 0x10c 0x200 3.99 ce7e4bf50b046fae2ca28edba741b101<br><br>( 4 imports ) <br>> kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, OutputDebugStringW, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetCurrentProcess, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess<br>> ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString<br>> advapi32.dll: StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW<br>> kernel32.dll: FindNextFileW<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>
-
Log MBAM
Malwarebytes' Anti-Malware 1.38Version de la base de données: 2343
Windows 5.1.2600 Service Pack 2
2009-06-27 17:35:13
mbam-log-2009-06-27 (17-35-13).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 138890
Temps écoulé: 42 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Logfile of random's system information tool 1.06 (written by random/random)Run by Claude at 2009-06-27 17:35:24
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (31%) free of 30 GB
Total RAM: 511 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:30, on 2009-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Claude\Bureau\RSIT.exe
C:\Program Files\trend micro\Claude.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O23 - Service: 90467A66 - Unknown owner - C:\WINDOWS\system32\90467A66.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DE3A4BB5 - Unknown owner - C:\WINDOWS\system32\DE3A4BB5.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LQPDB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OOXJGQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe
O23 - Service: QDAIPWCHCREU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe
--
End of file - 5160 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E92107B0-4FCC-4557-AC7C-B82121FEF231}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-17 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-17 34816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"DevconDefaultDB"=C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-01-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]
C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-26 548864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\Profiler.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
C:\WINDOWS\MIDIDef.exe [2002-01-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-17 136600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
C:\WINDOWS\vVX1000.exe [2007-04-10 709992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
C:\PROGRA~1\BRODER~1\PRINTM~1\PMremind.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude^Menu Démarrer^Programmes^Démarrage^FMZilla.lnk]
C:\PROGRA~1\FREEMU~1\FMZilla.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk]
C:\PROGRA~1\FREEMU~1\FMZilla.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"usnjsvc"=3
"StarWindServiceAE"=2
"ose"=3
"odserv"=3
"NVSvc"=2
"Nero BackItUp Scheduler 4.0"=2
"MSCamSvc"=2
"JavaQuickStarterService"=2
"iPod Service"=3
"InCDsrv"=2
"idsvc"=3
"IDriverT"=3
"FLEXnet Licensing Service"=3
"Bonjour Service"=2
"avast! Web Scanner"=3
"avast! Mail Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2
"Apple Mobile Device"=2
"ACDaemon"=2
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoAutoUpdate"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2009-06-27 16:53:37 ----D---- C:\Program Files\trend micro
2009-06-27 16:53:35 ----D---- C:\rsit
2009-06-27 15:45:03 ----A---- C:\WINDOWS\system32\90467A66.exe
2009-06-24 21:01:36 ----A---- C:\WINDOWS\system32\DE3A4BB5.exe
2009-06-24 19:41:52 ----D---- C:\WINDOWS\ERUNT
2009-06-24 19:38:40 ----D---- C:\SDFix
2009-06-24 07:47:07 ----SHD---- C:\RECYCLER
2009-06-24 07:47:00 ----SD---- C:\ComboFix
2009-06-24 07:46:59 ----A---- C:\WINDOWS\system32\CF25764.exe
2009-06-24 07:32:47 ----A---- C:\WINDOWS\wininit.ini
2009-06-24 06:48:37 ----D---- C:\WINDOWS\temp
2009-06-24 06:48:35 ----A---- C:\ComboFix.txt
2009-06-24 06:08:21 ----SHD---- C:\WINDOWS\CSC
2009-06-24 05:21:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-24 05:19:22 ----A---- C:\Boot.bak
2009-06-24 05:19:17 ----RASHD---- C:\cmdcons
2009-06-24 05:03:30 ----A---- C:\resultat.txt
2009-06-24 04:20:30 ----D---- C:\WINDOWS\system32\NtmsData
2009-06-24 00:53:06 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\zip.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWSC.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWREG.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\sed.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\PEV.exe
2009-06-24 00:53:05 ----A---- C:\WINDOWS\grep.exe
2009-06-24 00:52:04 ----D---- C:\WINDOWS\ERDNT
2009-06-24 00:51:59 ----D---- C:\Qoobox
2009-06-23 22:02:03 ----D---- C:\Program Files\Avira
2009-06-23 22:02:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-06-23 20:43:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\SFMS32.DLL
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\sfman32.dll
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\REGPLIB.EXE
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\PIAPROXY.DLL
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\KILLAPPS.EXE
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\KILL.INI
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\EAXAC3.DLL
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\READREG.EXE
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\PSCONV.EXE
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\MIDIDEF.EXE
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\DEVREG.DLL
2009-06-23 13:42:55 ----AC---- C:\WINDOWS\CTDCRES.DLL
2009-06-23 13:42:55 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTSPKHLP.DLL
2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTSBLFX.DLL
2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTOSUSER.DLL
2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTHELPER.EXE
2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTEMUPIA.DLL
2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTDPROXY.DLL
2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTDEVCON.DLL
2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTASIO.DLL
2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTAGENT.DLL
2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\COMMONFX.DLL
2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\AC3API.DLL
2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\px.dll
2009-06-23 12:19:43 ----D---- C:\Program Files\Winamp
2009-06-23 12:19:43 ----D---- C:\Documents and Settings\Claude\Application Data\Winamp
2009-06-23 12:12:55 ----D---- C:\Documents and Settings\Claude\Application Data\Opera
2009-06-23 09:07:18 ----D---- C:\Documents and Settings\Claude\Application Data\AVS4YOU
2009-06-23 09:06:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-06-23 08:46:14 ----D---- C:\Program Files\Safari
2009-06-23 08:45:29 ----D---- C:\Program Files\Bonjour
2009-06-23 08:45:09 ----D---- C:\Program Files\Apple Software Update
2009-06-23 08:44:33 ----D---- C:\Program Files\Opera
2009-06-23 08:43:53 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2009-06-23 08:43:52 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2009-06-23 08:38:48 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-06-23 08:38:47 ----D---- C:\Program Files\AVS4YOU
2009-06-22 12:24:49 ----D---- C:\Program Files\Realtek AC97
2009-06-22 09:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-21 23:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-21 23:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-21 23:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-21 23:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-21 22:59:14 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-06-21 22:47:17 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-06-21 22:47:11 ----D---- C:\Program Files\MSXML 6.0
2009-06-21 22:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-06-21 22:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-21 22:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-21 22:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-21 22:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-21 22:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-21 22:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-21 22:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-21 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-21 22:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-06-21 22:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-06-21 22:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-06-21 22:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-06-21 22:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-06-21 22:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-06-21 22:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-06-21 22:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-06-21 22:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-06-21 22:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-06-21 22:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-06-21 22:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-06-21 22:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-06-21 22:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-06-21 22:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-06-21 22:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-06-21 22:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-06-21 22:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-06-21 22:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-06-21 22:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-06-21 22:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-06-21 22:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-06-21 22:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-06-21 22:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-06-21 22:37:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-06-21 22:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-06-21 22:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-06-21 22:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-06-21 22:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-06-21 22:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-06-21 22:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-06-21 22:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-06-21 22:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-06-21 22:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-06-21 22:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-06-21 21:02:47 ----HD---- C:\WINDOWS\msdownld.tmp
2009-06-21 21:02:14 ----D---- C:\WINDOWS\ie8updates
2009-06-21 21:01:47 ----A---- C:\WINDOWS\imsins.BAK
2009-06-21 21:00:53 ----HDC---- C:\WINDOWS\ie8
2009-06-21 09:06:45 ----D---- C:\Program Files\Fichiers communs\Logishrd
2009-06-21 09:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-06-21 08:58:08 ----D---- C:\Program Files\CCleaner
2009-06-21 08:44:16 ----D---- C:\Program Files\IDETOOL
2009-06-21 08:25:41 ----D---- C:\Program Files\VIA
2009-06-21 07:50:21 ----D---- C:\Program Files\SystemRequirementsLab
2009-06-21 07:50:09 ----D---- C:\Documents and Settings\Claude\Application Data\SystemRequirementsLab
2009-06-21 07:33:08 ----D---- C:\WINDOWS\Prefetch
2009-06-20 20:38:35 ----D---- C:\Program Files\CyberDBS Key Grabber 4.0
2009-06-20 20:36:59 ----D---- C:\Program Files\CyberDBS Key Grabber 4.1
2009-06-20 01:37:47 ----D---- C:\Program Files\PhotoFiltre Studio
2009-06-20 01:28:39 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-06-20 01:27:54 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-06-20 01:27:52 ----A---- C:\WINDOWS\soundman.exe
2009-06-20 01:27:51 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-06-20 01:27:50 ----A---- C:\WINDOWS\alcupd.exe
2009-06-20 01:27:50 ----A---- C:\WINDOWS\Alcrmv.exe
2009-06-19 22:54:32 ----D---- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
2009-06-19 22:54:30 ----D---- C:\Documents and Settings\Claude\Application Data\InstallShield
2009-06-19 22:53:29 ----D---- C:\WINDOWS\Drivers
2009-06-19 22:12:49 ----D---- C:\Program Files\ma-config.com
2009-06-19 22:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-06-19 21:55:18 ----D---- C:\Documents and Settings\Claude\Application Data\Mozilla
2009-06-19 21:54:06 ----D---- C:\Program Files\Mozilla Firefox
2009-06-19 20:55:47 ----D---- C:\Documents and Settings\Claude\Application Data\Malwarebytes
2009-06-19 20:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-19 20:55:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-19 19:55:59 ----A---- C:\WINDOWS\RTacDbg.txt
2009-06-19 19:54:54 ----D---- C:\WINDOWS\OPTIONS
2009-06-19 19:54:54 ----D---- C:\Program Files\TRENDnet
======List of files/folders modified in the last 1 months======
2009-06-27 16:58:11 ----D---- C:\WINDOWS\system32\drivers
2009-06-27 16:53:37 ----D---- C:\Program Files
2009-06-27 16:48:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-27 16:47:53 ----D---- C:\WINDOWS
2009-06-27 16:20:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-27 15:46:25 ----D---- C:\WINDOWS\system32
2009-06-27 14:33:48 ----HD---- C:\WINDOWS\inf
2009-06-24 19:43:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-24 15:52:34 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-24 14:46:01 ----D---- C:\Documents and Settings\Claude\Application Data\GameHouse
2009-06-24 14:29:37 ----SHD---- C:\WINDOWS\Installer
2009-06-24 14:29:36 ----HD---- C:\Config.Msi
2009-06-24 06:45:37 ----A---- C:\WINDOWS\system.ini
2009-06-24 06:43:05 ----D---- C:\WINDOWS\system32\config
2009-06-24 06:41:04 ----D---- C:\WINDOWS\AppPatch
2009-06-24 06:41:02 ----D---- C:\Program Files\Fichiers communs
2009-06-24 06:08:28 ----D---- C:\Documents and Settings
2009-06-24 05:19:23 ----RASH---- C:\boot.ini
2009-06-23 22:01:31 ----D---- C:\WINDOWS\WinSxS
2009-06-23 20:36:44 ----RD---- C:\WINDOWS\Web
2009-06-23 20:36:40 ----D---- C:\WINDOWS\SHELLNEW
2009-06-23 13:47:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-23 13:43:17 ----D---- C:\WINDOWS\system32\Defaults
2009-06-23 13:42:30 ----D---- C:\WINDOWS\Media
2009-06-23 12:13:06 ----D---- C:\Documents and Settings\Claude\Application Data\Apple Computer
2009-06-23 08:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-23 08:45:20 ----SD---- C:\WINDOWS\Tasks
2009-06-23 08:43:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-23 08:22:39 ----D---- C:\Downloads
2009-06-23 08:14:37 ----SHD---- C:\System Volume Information
2009-06-23 08:14:37 ----D---- C:\WINDOWS\system32\Restore
2009-06-22 22:30:38 ----D---- C:\WINDOWS\system32\Macromed
2009-06-22 12:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-22 09:39:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-22 09:38:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-21 23:40:29 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-21 23:37:15 ----D---- C:\WINDOWS\system32\wbem
2009-06-21 23:37:15 ----D---- C:\WINDOWS\msagent
2009-06-21 23:19:02 ----RSD---- C:\WINDOWS\assembly
2009-06-21 23:14:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-21 23:09:46 ----RSD---- C:\WINDOWS\Fonts
2009-06-21 23:09:36 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-21 23:08:43 ----D---- C:\Program Files\Microsoft Works
2009-06-21 23:05:28 ----AC---- C:\WINDOWS\win.ini
2009-06-21 22:59:01 ----D---- C:\WINDOWS\system32\XPSViewer
2009-06-21 22:58:40 ----D---- C:\WINDOWS\system32\mui
2009-06-21 22:52:17 ----D---- C:\WINDOWS\system32\en-us
2009-06-21 22:49:13 ----D---- C:\Program Files\Internet Explorer
2009-06-21 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-21 22:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-21 22:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-21 22:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-21 22:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-21 22:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-21 22:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-21 22:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-21 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-21 22:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-21 22:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-21 22:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-21 22:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-21 22:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-21 22:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-21 22:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-21 21:06:21 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-21 21:06:20 ----D---- C:\WINDOWS\Help
2009-06-21 20:57:30 ----D---- C:\WINDOWS\Debug
2009-06-21 10:25:26 ----D---- C:\WINDOWS\nview
2009-06-21 08:52:22 ----D---- C:\Program Files\Windows Media Connect 2
2009-06-21 08:52:20 ----D---- C:\Program Files\lg_fwupdate
2009-06-21 08:44:16 ----A---- C:\AUTOEXEC.BAT
2009-06-21 07:56:24 ----D---- C:\WINDOWS\security
2009-06-21 07:32:51 ----D---- C:\WINDOWS\system32\Setup
2009-06-21 07:32:49 ----D---- C:\Program Files\Messenger
2009-06-21 07:20:54 ----D---- C:\WINDOWS\system32\usmt
2009-06-21 07:20:48 ----D---- C:\WINDOWS\system32\oobe
2009-06-21 07:20:47 ----D---- C:\WINDOWS\system32\npp
2009-06-21 07:18:39 ----D---- C:\WINDOWS\system32\Com
2009-06-21 07:16:27 ----D---- C:\WINDOWS\system
2009-06-21 07:16:27 ----D---- C:\WINDOWS\srchasst
2009-06-21 07:16:25 ----D---- C:\WINDOWS\PeerNet
2009-06-21 07:16:18 ----D---- C:\WINDOWS\ime
2009-06-21 07:16:10 ----D---- C:\Program Files\Windows Media Player
2009-06-21 07:16:10 ----D---- C:\Program Files\Outlook Express
2009-06-21 07:16:08 ----D---- C:\Program Files\NetMeeting
2009-06-21 07:15:28 ----D---- C:\Program Files\Fichiers communs\System
2009-06-21 07:15:11 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-21 07:15:11 ----D---- C:\WINDOWS\system32\fr
2009-06-21 07:15:09 ----D---- C:\WINDOWS\system32\bits
2009-06-21 07:15:00 ----D---- C:\WINDOWS\network diagnostic
2009-06-21 07:15:00 ----D---- C:\WINDOWS\l2schemas
2009-06-21 07:15:00 ----D---- C:\WINDOWS\ehome
2009-06-21 07:15:00 ----D---- C:\Program Files\movie maker
2009-06-20 21:14:53 ----SD---- C:\Documents and Settings\Claude\Application Data\Microsoft
2009-06-20 14:54:43 ----D---- C:\Program Files\HP
2009-06-20 14:54:05 ----D---- C:\Program Files\Nestopia RPlus!
2009-06-20 14:52:44 ----D---- C:\Program Files\Windows Live
2009-06-20 14:46:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-20 09:02:12 ----D---- C:\Documents and Settings\Claude\Application Data\dvdcss
2009-06-20 05:54:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-06-20 05:42:33 ----D---- C:\Program Files\Fichiers communs\Designer
2009-06-20 05:39:45 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2009-06-20 05:39:45 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-06-20 05:37:54 ----D---- C:\Documents and Settings\Claude\Application Data\Adobe
2009-06-20 05:35:40 ----D---- C:\Program Files\Adobe
2009-06-20 05:34:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-19 21:45:45 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-06-19 20:17:50 ----D---- C:\Program Files\Google
2009-06-19 19:58:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-19 19:57:44 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-19 19:56:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-01 09:51:14 ----AC---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-01-09 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-23 28520]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-19 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-07-26 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-07-26 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-01 47360]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-06-26 335104]
R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2005-07-26 14848]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
S3 ancnwq9f;ancnwq9f; C:\WINDOWS\system32\drivers\ancnwq9f.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-07-26 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
S3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2005-07-26 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2005-07-26 283904]
S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2005-07-26 6912]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2005-07-26 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 mbr;mbr; \??\C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-07-26 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-07-26 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2005-07-26 10880]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 SaiHFF0C;SaiHFF0C; C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-06 15616]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-06 26752]
S3 SaiUFF0C;SaiUFF0C; C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2005-07-26 36480]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2005-07-26 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2005-07-26 15360]
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2005-07-26 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-07-26 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-23 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-23 185089]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S3 90467A66;90467A66; C:\WINDOWS\system32\90467A66.exe [2009-06-27 6656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DE3A4BB5;DE3A4BB5; C:\WINDOWS\system32\DE3A4BB5.exe [2009-06-24 6656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LQPDB;LQPDB; C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe [2009-06-24 400256]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OOXJGQ;OOXJGQ; C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe [2009-06-27 453504]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 QDAIPWCHCREU;QDAIPWCHCREU; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe [2009-06-24 437120]
S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe []
S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-17 152984]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-06-27 17:35:33======Uninstall list======
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /L:FRN
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ConvertXtoDVD 3.3.4.106e-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
CyberDBS Key Grabber 4.0-->"C:\Program Files\CyberDBS Key Grabber 4.0\unins000.exe"
CyberDBS Key Grabber 4.1-->"C:\Program Files\CyberDBS Key Grabber 4.1\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
HijackThis 2.0.2-->"C:\Documents and Settings\Claude\Mes documents\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Mega Codec Pack 4.4.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero MediaHome 4-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-019C-TTET-880Z-5PUM-6XA2-5MEC-35WM"
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PrintMaster ClickArt-->C:\WINDOWS\UNIN040C.EXE -f"C:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x40C
Safari-->MsiExec.exe /I{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x40c
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Font Thing-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher\The Font Thing\DeIsL1.isu" -c"C:\Program Files\Fisher\The Font Thing\_ISREG32.DLL"
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VIA Bus Master Ultra ATA Driver (Remove)-->RunDll32 VIAIDECO.dll,UninstallIDE
VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: XPSP2-8AA5A695E
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 154
Source Name: Application Popup
Time Written: 20090620143231.000000-240
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 26
Message: Application popup : : Machine Check:
Record Number: 153
Source Name: Application Popup
Time Written: 20090620143231.000000-240
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 152
Source Name: Application Popup
Time Written: 20090620143231.000000-240
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 26
Message: Application popup : : Machine Check:
Record Number: 151
Source Name: Application Popup
Time Written: 20090620143231.000000-240
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 150
Source Name: Application Popup
Time Written: 20090620143231.000000-240
Event Type: Informations
User:
=====Application event log=====
Computer Name: XPSP2-8AA5A695E
Event Code: 1002
Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré.
Record Number: 1462
Source Name: Winlogon
Time Written: 20090116183137.000000-300
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 701
Message: MsnMsgr (2632) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.
Record Number: 1461
Source Name: ESENT
Time Written: 20090116180057.000000-300
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 700
Message: MsnMsgr (2632) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.
Record Number: 1460
Source Name: ESENT
Time Written: 20090116180057.000000-300
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 701
Message: MsnMsgr (2632) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.
Record Number: 1459
Source Name: ESENT
Time Written: 20090116170057.000000-300
Event Type: Informations
User:
Computer Name: XPSP2-8AA5A695E
Event Code: 700
Message: MsnMsgr (2632) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.
Record Number: 1458
Source Name: ESENT
Time Written: 20090116170057.000000-300
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
-
Salut tout le monde,
Je ne sais pas de quoi il s'agit, mais mon ordi gèles très souvent et j'ai la fenêtre de ReadReg.exe qui apparais quelques secondes au démarrage de windows. Cependant, je ne vois rien dans le rapport Hijackthis....
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:53:02, on 2009-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IDETOOL\IDETOOL.EXE
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Claude\Mes documents\wolfounette.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab
O23 - Service: 90467A66 - Unknown owner - C:\WINDOWS\system32\90467A66.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DE3A4BB5 - Unknown owner - C:\WINDOWS\system32\DE3A4BB5.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LQPDB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OOXJGQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe
O23 - Service: QDAIPWCHCREU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe
--
End of file - 5443 bytes
-
Bonjour tout le monde,
Je sais que ce n'est probablement pas grand chose, mais j'ai un problème à l'ouverture d'Internet Explorer depuis que j'ai désinstallé le SP3. À chaque fois que j'essaye d'aller sur une page web, quelle qu'elle soit, Windows Update inclus, je reçois toujours le même message d'erreur suivant:
J'ai déjà Firefox et la restauration système était désactivée quand j'ai supprimé le SP3.
Merci beaucoup d'avance.
-
Salut tout le monde,
Voici mon problème aujourd'hui, je suis chez mon père et ses deux pcs étaient infectés par Antivirus 2009. J'ai réussi à me débarasser de la plaie sur le premier en faisant scanner l'antivirus qui était déjà installé (Avast) ça m'as permis de supprimer une partie de l'infection et de pouvoir aller télécharger Antivir et MBAM. Sur celui sur lequel je me trouves présentement cependant, je ne suis pas capable d'aller sur aucun site d'antivirus, ni sur malekal, en fait je suis très surprise de pouvoir me connecter ici. Une chance que je peux parce que sinon je n'aurais pas pu télécharger Antivir. Je le configures et puis je le fais scanner, je verrais ce que ça donnes, et bien entendu j'ai besoin de vos conseils.
Merci d'avance.
-
Merci beaucoup.
-
C'est sur que ça va mieux aller avec les logs... ^^' Oui oui encore moi, comme je lis pleins de trucs sur la manière dont les malwares infectes le système, je finis toujours par regarder ce qui se trouves sur mon pc et probablement que je paniques pour rien au fond^^'. J'ai trouvés deux drivers bizarres aussi dans ma base de registre (j'y ai pas touché, juste regardé comment c'est fait) Isdrv122 qui selon ce que j'ai trouvé sur google, est pas très très gentil et MchInjDrv.sys, lui non plus pas très très gentil comme j'ai pu voir. Voici les clés de registre, suivies des logs Gmer.
- HKEY_LOCAL_MACHINE\CurrentControlSet\SYSTEM\Enum\Root\LEGACY_ISDRV122
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_MCHINJDRV
MODE NORMALGMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-13 22:24:44
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT F904D71C ZwCreateThread
SSDT F904D708 ZwOpenProcess
SSDT F904D70D ZwOpenThread
SSDT F904D717 ZwTerminateProcess
SSDT F904D712 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1604] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.14 ----
File C:\Documents and Settings\Usager\Local Settings\Temporary Internet Files\Content.IE5\KL63OXA3\videoByTag[4].xml 0 bytes
---- EOF - GMER 1.0.14 ----
Comme le log en mode sans échec est trop long pour pouvoir le poster ici, voici le lien pour le voir: http://www.woofiles.com/dl-181364-S64fcW9M-gmer.log
-
Bonjour tout le monde,
J'ai fait un scan avec Gmer en mode sans échec et en mode normal, les deux rapports sont complètement différents. J'aurais aimé que quelqu'un analyse les rapports pour me dire si je suis rootkitée ou pas. Merci beaucoup d'avance.
-
Je ne peux plus me connecter à internet en utilisant Opera maintenant et on dirais que même si il dis être à jour que mon antivirus (Antivir) ne détectes aucun virus... j'ai fait scanner un fichier sur virustotal et j'ai eu 26/35 comme détection, Antivir détectais le fichier comme un downloader mais quand j'ai fait scanner le dit fichier par antivir sur mon pc il n'as rien vu....
-
Non, en plus le démarrage est assez long. En plus mon ordinateur est presque toujours à 100% de perfomance du pcu....
-
Log.txt
Logfile of random's system information tool 1.02 (written by random/random)
Run by Usager at 2008-10-06 02:55:12
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 23 GB (79%) free of 29 GB
Total RAM: 639 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:59:19, on 2008-10-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\Usager\Bureau\RSIT.exe
C:\Program Files\trend micro\Usager.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 1490 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Schedule Task Weekly.job
======Registry dump======
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\WINDOWS\system32\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCPL"=0
"NoDispCPL"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoDevMgrPage"=0
"NoConfigPage"=0
"NoVirtMemPage"=0
"NoFileSysPage"=0
"NoNetSetup"=0
"NoNetSetupIDPage"=0
"NoNetSetupSecurityPage"=0
"NoWorkgroupContents"=0
"NoEntireNetwork"=0
"NoFileSharingControl"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDesktop"=0
"NoFolderOptions"=0
"RestrictRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"NoFolderOptions"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\eMule\emule.exe"="G:\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2008-10-05 22:54:37 ----D---- C:\Documents and Settings\Usager\Application Data\Help
2008-10-05 02:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-05 02:30:17 ----D---- C:\Program Files\Google
2008-10-05 02:29:12 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-04 12:49:47 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-04 02:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-03 17:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-30 17:50:09 ----A---- C:\iaa23_multi.exe
2008-09-30 12:53:36 ----HD---- C:\WINDOWS\PIF
2008-09-30 02:54:01 ----D---- C:\Program Files\Registry Easy
2008-09-29 23:32:30 ----SHD---- C:\RECYCLER
2008-09-29 21:29:04 ----A---- C:\ComboFix.txt
2008-09-29 20:55:29 ----D---- C:\WINDOWS\erdnt
2008-09-29 20:53:28 ----D---- C:\QooBox
2008-09-29 20:52:41 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-29 20:52:40 ----A---- C:\WINDOWS\zip.exe
2008-09-29 20:52:40 ----A---- C:\WINDOWS\swreg.exe
2008-09-29 20:52:40 ----A---- C:\WINDOWS\grep.exe
2008-09-29 20:52:39 ----A---- C:\WINDOWS\VFind.exe
2008-09-29 20:52:39 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-29 20:52:39 ----A---- C:\WINDOWS\SWSC.exe
2008-09-29 20:52:39 ----A---- C:\WINDOWS\sed.exe
2008-09-29 20:52:39 ----A---- C:\WINDOWS\fdsv.exe
2008-09-29 20:45:48 ----N---- C:\WINDOWS\SDUnInst.exe
2008-09-29 20:45:42 ----D---- C:\Program Files\Software by Design
2008-09-29 17:40:36 ----D---- C:\Program Files\trend micro
2008-09-29 11:36:32 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-09-29 11:36:31 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-29 11:36:30 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-29 11:36:29 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-29 11:36:28 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-29 11:36:27 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-29 11:36:26 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-29 11:36:25 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-29 11:36:23 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-29 11:36:22 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-29 11:36:20 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-28 18:59:45 ----D---- C:\WINDOWS\Sun
2008-09-28 18:54:33 ----D---- C:\rsit
2008-09-28 13:58:40 ----D---- C:\getservice
2008-09-28 13:42:48 ----A---- C:\WINDOWS\gmer.ini
2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer.dll
2008-09-28 13:42:43 ----A---- C:\WINDOWS\gmer.exe
2008-09-28 13:28:20 ----A---- C:\fixnavi.txt
2008-09-28 12:40:00 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-28 10:59:59 ----D---- C:\WINDOWS\CSC
2008-09-28 10:49:09 ----A---- C:\rapport.txt
2008-09-28 07:47:59 ----D---- C:\9297595297c71119df7abe
2008-09-28 07:40:08 ----D---- C:\WINDOWS\Prefetch
2008-09-28 05:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-28 05:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-28 05:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-28 05:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-28 04:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 04:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-28 04:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-28 04:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-28 04:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-28 04:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-28 04:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\fr-fr
2008-09-28 03:32:10 ----D---- C:\WINDOWS\l2schemas
2008-09-28 03:32:02 ----D---- C:\WINDOWS\system32\fr
2008-09-28 03:31:57 ----D---- C:\WINDOWS\system32\bits
2008-09-28 03:16:19 ----D---- C:\Program Files\Navilog1
2008-09-28 03:00:42 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-28 01:52:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-27 12:08:48 ----D---- C:\Program Files\CCleaner
2008-09-27 02:41:21 ----D---- C:\Documents and Settings\Usager\Application Data\Malwarebytes
2008-09-27 02:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 23:53:42 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-26 09:44:46 ----D---- C:\Program Files\Mozilla Firefox
2008-09-25 23:04:22 ----D---- C:\Program Files\Trillian
2008-09-25 22:26:06 ----D---- C:\Documents and Settings\Usager\Application Data\Media Player Classic
2008-09-25 18:16:38 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-25 18:15:52 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\unicows.dll
2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2008-09-25 18:15:18 ----A---- C:\WINDOWS\system32\oeminfo.ini
2008-09-25 18:10:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-25 18:09:59 ----N---- C:\WINDOWS\system32\ImagX7.dll
2008-09-25 18:09:58 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2008-09-25 18:09:51 ----D---- C:\Program Files\Fichiers communs\Ahead
2008-09-25 18:09:50 ----D---- C:\Program Files\Ahead
2008-09-25 18:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-09-25 17:24:58 ----D---- C:\Program Files\MSXML 4.0
2008-09-25 16:48:41 ----D---- C:\Program Files\Microsoft
2008-09-25 16:44:12 ----D---- C:\Program Files\Fichiers communs\Windows Live
2008-09-25 16:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-25 16:38:00 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-09-25 16:37:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2008-09-25 16:37:44 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-25 16:37:43 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-09-25 16:35:42 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-25 16:35:41 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-25 16:35:23 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-25 16:35:17 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-25 16:35:17 ----D---- C:\Program Files\Zone Labs
2008-09-25 16:35:17 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-25 16:35:16 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-25 16:33:51 ----D---- C:\WINDOWS\Internet Logs
2008-09-25 16:33:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-25 16:31:46 ----D---- C:\Program Files\Windows Live
2008-09-25 12:06:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-25 12:06:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 02:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-09-25 01:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-09-25 01:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-09-25 01:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-25 01:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\WMAFile.dll
2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\inetfr.DLL
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\AudFile.dll
2008-09-25 00:44:24 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-09-25 00:44:22 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-09-25 00:44:21 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-09-24 17:59:26 ----D---- C:\Documents and Settings\Usager\Application Data\MSNInstaller
2008-09-24 17:55:49 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-24 17:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-09-24 17:53:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-09-24 17:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-09-24 17:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-09-24 17:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-09-24 17:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-09-24 17:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-09-24 17:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-09-24 17:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-09-24 17:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-09-24 17:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-09-24 17:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-09-24 17:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-09-24 17:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-09-24 17:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-09-24 17:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-09-24 17:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-09-24 17:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-09-24 17:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-09-24 17:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-09-24 17:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-09-24 17:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-09-24 17:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-09-24 17:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2008-09-24 14:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-09-24 14:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-09-24 14:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-09-24 14:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-09-24 14:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-09-24 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-09-24 14:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-09-24 14:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-09-24 14:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-09-24 14:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-09-24 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-09-24 14:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-09-24 14:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-09-24 14:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-09-24 14:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-09-24 14:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-09-24 14:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-09-24 14:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-09-24 14:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-09-24 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-09-24 14:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-09-24 14:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-09-24 14:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-09-24 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-09-24 14:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-09-24 14:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-09-24 14:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-09-24 14:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-09-24 14:08:30 ----N---- C:\WINDOWS\system32\difxapi.dll
2008-09-24 14:08:29 ----D---- C:\Program Files\VIA
2008-09-24 14:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-09-24 14:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-09-24 14:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-09-24 14:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-09-24 14:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-09-24 14:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-09-24 14:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-09-24 14:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-09-24 14:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-09-24 14:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-09-24 14:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-09-24 14:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-09-24 14:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-09-24 14:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-09-24 14:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-09-24 14:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-09-24 14:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-09-24 14:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-09-24 14:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-09-24 13:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-09-24 13:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-09-24 13:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-09-24 11:36:06 ----D---- C:\Documents and Settings\Usager\Application Data\Apple Computer
2008-09-24 11:35:21 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-24 11:30:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-24 11:28:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-23 19:56:20 ----SHD---- C:\WINDOWS\ftpcache
2008-09-23 15:16:45 ----D---- C:\Documents and Settings\Usager\Application Data\LimeWire
2008-09-23 14:19:38 ----A---- C:\WINDOWS\winamp.ini
2008-09-23 14:09:37 ----D---- C:\Documents and Settings\Usager\Application Data\Desktop Maestro
2008-09-23 11:47:35 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-23 11:01:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-09-23 10:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-23 10:07:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 10:07:19 ----D---- C:\Program Files\Registry Mechanic
2008-09-23 09:03:25 ----D---- C:\WINDOWS\Minidump
2008-09-23 08:52:03 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-23 08:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-22 22:25:21 ----D---- C:\Documents and Settings\Usager\Application Data\Opera
2008-09-22 22:24:28 ----D---- C:\Program Files\Opera
2008-09-21 23:43:06 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-09-21 23:42:20 ----D---- C:\Program Files\ATI Technologies
2008-09-21 23:42:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-21 23:40:32 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-09-21 23:39:36 ----D---- C:\ATI
2008-09-21 23:37:53 ----A---- C:\WINDOWS\CTRegRun.exe
2008-09-21 23:36:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-21 23:36:38 ----A---- C:\WINDOWS\SBWIN.INI
2008-09-21 23:36:29 ----A---- C:\WINDOWS\system32\Ahqcpres.dll
2008-09-21 23:35:56 ----D---- C:\Program Files\Creative
2008-09-21 23:35:55 ----A---- C:\WINDOWS\IsUninst.exe
2008-09-21 23:29:30 ----D---- C:\Program Files\ma-config.com
2008-09-21 23:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-21 21:05:21 ----D---- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2008-09-21 21:00:39 ----D---- C:\Program Files\ReflexiveArcade
2008-09-21 20:57:25 ----D---- C:\Documents and Settings\Usager\Application Data\Gaijin Ent
2008-09-21 20:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-21 20:54:56 ----D---- C:\Program Files\BFG
2008-09-21 20:50:09 ----D---- C:\Documents and Settings\Usager\Application Data\WinRAR
2008-09-21 04:03:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-09-20 13:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-09-20 13:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-20 13:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-20 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-20 13:19:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-09-20 13:18:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-09-20 13:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-09-20 13:17:27 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-20 13:14:34 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-20 13:14:22 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 13:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-09-20 13:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-09-20 13:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-20 13:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-09-20 13:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-09-20 13:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-20 13:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-20 13:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$
2008-09-20 13:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-09-20 13:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-09-20 13:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-20 13:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-09-20 01:48:08 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-20 01:48:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-20 01:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-20 01:47:16 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-20 01:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-20 01:47:12 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-19 23:31:22 ----D---- C:\Documents and Settings\Usager\Application Data\Macromedia
2008-09-19 23:31:21 ----D---- C:\Documents and Settings\Usager\Application Data\Adobe
2008-09-19 23:28:13 ----D---- C:\Program Files\PhotoFiltre Studio
2008-09-19 23:27:06 ----D---- C:\Program Files\WinRAR
2008-09-19 23:13:46 ----A---- C:\WINDOWS\iun6002.exe
2008-09-19 16:28:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-19 11:30:51 ----D---- C:\Documents and Settings\Usager\Application Data\Mozilla
2008-09-19 11:28:49 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-09-19 11:28:49 ----D---- C:\Program Files\Adobe
2008-09-19 11:17:11 ----D---- C:\Program Files\Avira
2008-09-19 11:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-19 10:49:47 ----A---- C:\WINDOWS\system32\sfman32.dll
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\sblfx.dll
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devldr32.exe
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devcon32.dll
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\ctwdm32.dll
2008-09-19 07:38:37 ----A---- C:\WINDOWS\system32\atiraged.dll
======List of files/folders modified in the last 1 months======
2008-10-06 02:37:26 ----D---- C:\Program Files\Fichiers communs\Services
2008-10-06 01:55:27 ----D---- C:\WINDOWS\Temp
2008-10-05 23:09:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-05 22:54:58 ----A---- C:\WINDOWS\win.ini
2008-10-05 22:51:29 ----D---- C:\WINDOWS\system32\drivers
2008-10-05 18:47:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-05 16:13:28 ----HD---- C:\WINDOWS\inf
2008-10-05 03:01:53 ----SHD---- C:\WINDOWS\Installer
2008-10-05 02:59:02 ----RD---- C:\Program Files
2008-10-05 02:59:02 ----D---- C:\Program Files\Fichiers communs
2008-10-04 14:37:47 ----D---- C:\WINDOWS
2008-10-04 13:23:18 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-04 13:23:16 ----D---- C:\WINDOWS\system32
2008-10-04 00:49:03 ----A---- C:\WINDOWS\system.ini
2008-10-03 18:44:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-03 18:26:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-30 02:54:19 ----SD---- C:\WINDOWS\Tasks
2008-09-30 01:31:41 ----D---- C:\WINDOWS\Debug
2008-09-29 21:10:32 ----D---- C:\WINDOWS\AppPatch
2008-09-29 20:53:47 ----SHD---- C:\System Volume Information
2008-09-29 20:53:47 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 13:24:46 ----RD---- C:\WINDOWS\Web
2008-09-28 07:38:48 ----D---- C:\WINDOWS\system32\Setup
2008-09-28 07:38:46 ----D---- C:\WINDOWS\system32\wbem
2008-09-28 07:38:44 ----RSD---- C:\WINDOWS\Fonts
2008-09-28 04:47:12 ----D---- C:\Program Files\Messenger
2008-09-28 04:47:01 ----D---- C:\WINDOWS\security
2008-09-28 03:48:09 ----D---- C:\WINDOWS\WinSxS
2008-09-28 03:40:37 ----D---- C:\Program Files\Windows Media Player
2008-09-28 03:40:06 ----D---- C:\WINDOWS\Help
2008-09-28 03:36:12 ----D---- C:\WINDOWS\ehome
2008-09-28 03:35:49 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-28 03:35:41 ----D---- C:\WINDOWS\ime
2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\usmt
2008-09-28 03:32:20 ----D---- C:\Program Files\Internet Explorer
2008-09-28 03:31:57 ----D---- C:\WINDOWS\PeerNet
2008-09-28 03:31:53 ----D---- C:\Program Files\Movie Maker
2008-09-28 02:58:25 ----D---- C:\WINDOWS\system32\npp
2008-09-28 02:58:12 ----D---- C:\WINDOWS\msagent
2008-09-28 02:58:03 ----D---- C:\WINDOWS\srchasst
2008-09-28 02:57:55 ----D---- C:\Program Files\NetMeeting
2008-09-28 02:57:48 ----D---- C:\WINDOWS\system32\Com
2008-09-28 02:57:35 ----D---- C:\Program Files\Windows NT
2008-09-28 02:57:35 ----D---- C:\Program Files\Outlook Express
2008-09-28 02:57:12 ----D---- C:\Program Files\Fichiers communs\System
2008-09-28 02:53:58 ----D---- C:\WINDOWS\system32\oobe
2008-09-28 02:52:36 ----D---- C:\WINDOWS\system
2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\Usager\Application Data\Microsoft
2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-26 03:54:41 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-09-25 23:32:41 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-25 16:46:09 ----D---- C:\WINDOWS\pchealth
2008-09-25 12:59:19 ----D---- C:\Program Files\MSN
2008-09-23 11:00:18 ----D---- C:\WINDOWS\system32\config
2008-09-23 10:34:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-23 09:56:56 ----RASH---- C:\boot.ini
2008-09-21 23:36:30 ----D---- C:\WINDOWS\Media
2008-09-19 11:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DLH5X;Pilote NT de carte à base D-Link DL10050; C:\WINDOWS\system32\DRIVERS\DLH5XND5.sys [2001-08-17 26698]
R3 emu10k;Creative SB Live! series(WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 46848]
S3 atirage;atirage; C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-23 70784]
S3 azt2320;Pilote audio Aztech 2320 (WDM); C:\WINDOWS\system32\drivers\aztw2320.sys [2001-08-17 36992]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-28 85969]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
-----------------EOF-----------------
Info.txtinfo.txt logfile of random's system information tool 1.02 2008-09-29 17:44:06
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudioHQ-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
eMule-->"G:\eMule\Uninstall.exe"
Hidden Expedition Titanic-->G:\jeux\hidden expedition titanic\Uninstal.exe
Hide And Secret-->"G:\jeux\Hide And Secret\ReflexiveArcade\unins000.exe"
HijackThis 2.0.2-->"F:\setups\Sécurité\HijackThis.exe" /uninstall
Insaniquarium Deluxe 1.0-->C:\WINDOWS\iun6002.exe "G:\jeux\irunin.ini"
Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}
Mah Jong Quest-->"G:\jeux\Mah Jong Quest\unins000.exe"
Mahjong Towers II-->C:\WINDOWS\iun6002.exe "G:\jeux\Mahjong Towers II\irunin.ini"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Mystery Case Files - Ravenhearst (remove only)-->G:\jeux\Mystery Case Files - Ravenhearst\Uninstall.exe
Navilog1 3.6.5-->"C:\Program Files\Navilog1\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
VIA Le gestionnaire du dispositif de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
-----------------EOF-----------------
-
Hum je n'ai plus de redirections en ouvrant internet explorer, mais je n'ai aucune icones à côté de l'horloge et je suis toujours incapable d'installer MSN Live Messenger et IE7. Voici un nouveau rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:06:03, on 2008-10-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\Usager\Bureau\arria.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 1531 bytes
Je me demandais ce qu'est la ligne 018... ?
-
Désolée pour les fixs, je ne pensait pas mal faire. :\ Je vais faire le scan avec MBAM tout de suite.
EDIT: MBAM n'as rien trouvé.
-
Voici les rapports de RSIT
Logfile of random's system information tool 1.02 (written by random/random)Run by Usager at 2008-09-29 17:40:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 23 GB (78%) free of 29 GB
Total RAM: 639 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:39, on 2008-09-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Usager\Bureau\RSIT.exe
C:\Program Files\trend micro\Usager.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3722 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-01-29 501384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\WINDOWS\system32\
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\
C:\Documents and Settings\Usager\Menu Démarrer\Programmes\Démarrage
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\eMule\emule.exe"="G:\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"G:\LimeWire\LimeWire.exe"="G:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2008-09-29 17:40:36 ----D---- C:\Program Files\trend micro
2008-09-29 11:36:32 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-09-29 11:36:31 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-29 11:36:30 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-29 11:36:29 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-29 11:36:28 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-29 11:36:27 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-29 11:36:26 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-29 11:36:25 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-29 11:36:24 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-29 11:36:23 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-29 11:36:22 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-29 11:36:22 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-29 11:36:20 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-29 11:36:20 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-28 20:50:00 ----D---- C:\WINDOWS\LastGood
2008-09-28 18:59:45 ----D---- C:\WINDOWS\Sun
2008-09-28 18:54:33 ----D---- C:\rsit
2008-09-28 13:58:40 ----D---- C:\getservice
2008-09-28 13:42:48 ----A---- C:\WINDOWS\gmer.ini
2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer.dll
2008-09-28 13:42:43 ----A---- C:\WINDOWS\gmer.exe
2008-09-28 13:28:20 ----A---- C:\fixnavi.txt
2008-09-28 12:40:00 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-28 10:59:59 ----D---- C:\WINDOWS\CSC
2008-09-28 10:59:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-28 10:49:09 ----A---- C:\rapport.txt
2008-09-28 08:02:10 ----D---- C:\2bf411e5c9bd4bac97bdf6ef
2008-09-28 07:47:59 ----D---- C:\9297595297c71119df7abe
2008-09-28 07:43:47 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-28 07:40:08 ----D---- C:\WINDOWS\Prefetch
2008-09-28 05:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-28 05:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-28 05:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-28 05:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-28 04:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 04:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-28 04:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-28 04:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-28 04:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-28 04:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-28 04:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-28 04:10:04 ----A---- C:\WINDOWS\setuplog.txt
2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\fr-fr
2008-09-28 03:32:10 ----D---- C:\WINDOWS\l2schemas
2008-09-28 03:32:02 ----D---- C:\WINDOWS\system32\fr
2008-09-28 03:31:57 ----D---- C:\WINDOWS\system32\bits
2008-09-28 03:16:19 ----D---- C:\Program Files\Navilog1
2008-09-28 03:00:42 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-28 01:52:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-27 23:50:14 ----D---- C:\c5a40d4938989864c712edd096c5
2008-09-27 12:08:48 ----D---- C:\Program Files\CCleaner
2008-09-27 02:41:21 ----D---- C:\Documents and Settings\Usager\Application Data\Malwarebytes
2008-09-27 02:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 02:40:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 23:53:42 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-26 09:44:46 ----D---- C:\Program Files\Mozilla Firefox
2008-09-25 23:04:22 ----D---- C:\Program Files\Trillian
2008-09-25 22:26:06 ----D---- C:\Documents and Settings\Usager\Application Data\Media Player Classic
2008-09-25 18:16:38 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-25 18:15:52 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\unicows.dll
2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2008-09-25 18:15:18 ----A---- C:\WINDOWS\system32\oeminfo.ini
2008-09-25 18:10:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-25 18:09:59 ----N---- C:\WINDOWS\system32\ImagX7.dll
2008-09-25 18:09:58 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2008-09-25 18:09:51 ----D---- C:\Program Files\Fichiers communs\Ahead
2008-09-25 18:09:50 ----D---- C:\Program Files\Ahead
2008-09-25 18:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-09-25 17:24:58 ----D---- C:\Program Files\MSXML 4.0
2008-09-25 16:48:41 ----D---- C:\Program Files\Microsoft
2008-09-25 16:44:12 ----D---- C:\Program Files\Fichiers communs\Windows Live
2008-09-25 16:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-25 16:38:00 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-09-25 16:37:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2008-09-25 16:37:44 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-25 16:37:43 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-09-25 16:35:42 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-25 16:35:41 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-25 16:35:23 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-25 16:35:17 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-09-25 16:35:17 ----D---- C:\Program Files\Zone Labs
2008-09-25 16:35:17 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-25 16:35:16 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-25 16:33:51 ----D---- C:\WINDOWS\Internet Logs
2008-09-25 16:33:51 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-25 16:31:46 ----D---- C:\Program Files\Windows Live
2008-09-25 12:06:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-25 12:06:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 02:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-09-25 01:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-09-25 01:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-09-25 01:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-25 01:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\WMAFile.dll
2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\inetfr.DLL
2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\AudFile.dll
2008-09-25 00:44:24 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-09-25 00:44:22 ----A---- C:\WINDOWS\system32\msxml4r.dll
2008-09-25 00:44:21 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-09-24 17:59:26 ----D---- C:\Documents and Settings\Usager\Application Data\MSNInstaller
2008-09-24 17:55:49 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-24 17:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-09-24 17:53:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-09-24 17:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-09-24 17:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-09-24 17:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-09-24 17:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-09-24 17:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-09-24 17:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-09-24 17:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-09-24 17:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-09-24 17:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-09-24 17:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-09-24 17:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-09-24 17:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-09-24 17:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-09-24 17:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-09-24 17:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-09-24 17:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-09-24 17:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-09-24 17:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-09-24 17:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-09-24 17:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-09-24 17:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-09-24 17:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2008-09-24 14:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-09-24 14:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-09-24 14:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-09-24 14:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-09-24 14:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-09-24 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-09-24 14:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-09-24 14:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-09-24 14:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-09-24 14:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-09-24 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-09-24 14:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-09-24 14:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-09-24 14:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-09-24 14:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-09-24 14:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-09-24 14:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-09-24 14:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-09-24 14:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-09-24 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-09-24 14:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-09-24 14:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-09-24 14:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-09-24 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-09-24 14:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-09-24 14:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-09-24 14:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-09-24 14:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-09-24 14:08:30 ----N---- C:\WINDOWS\system32\difxapi.dll
2008-09-24 14:08:29 ----D---- C:\Program Files\VIA
2008-09-24 14:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-09-24 14:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-09-24 14:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-09-24 14:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-09-24 14:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-09-24 14:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-09-24 14:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-09-24 14:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-09-24 14:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-09-24 14:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-09-24 14:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-09-24 14:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-09-24 14:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-09-24 14:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-09-24 14:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-09-24 14:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-09-24 14:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-09-24 14:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-09-24 14:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-09-24 13:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-09-24 13:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-09-24 13:58:42 ----A---- C:\WINDOWS\imsins.BAK
2008-09-24 13:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-09-24 11:36:06 ----D---- C:\Documents and Settings\Usager\Application Data\Apple Computer
2008-09-24 11:35:21 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-24 11:30:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-24 11:28:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\muweb.dll
2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-23 19:56:20 ----SHD---- C:\WINDOWS\ftpcache
2008-09-23 15:16:45 ----D---- C:\Documents and Settings\Usager\Application Data\LimeWire
2008-09-23 14:19:38 ----A---- C:\WINDOWS\winamp.ini
2008-09-23 14:09:37 ----D---- C:\Documents and Settings\Usager\Application Data\Desktop Maestro
2008-09-23 11:47:35 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-23 11:01:55 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-09-23 10:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-23 10:07:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 10:07:19 ----D---- C:\Program Files\Registry Mechanic
2008-09-23 09:03:25 ----D---- C:\WINDOWS\Minidump
2008-09-23 08:52:03 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-23 08:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-22 22:25:21 ----D---- C:\Documents and Settings\Usager\Application Data\Opera
2008-09-22 22:24:28 ----D---- C:\Program Files\Opera
2008-09-21 23:43:06 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-09-21 23:42:20 ----D---- C:\Program Files\ATI Technologies
2008-09-21 23:42:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-21 23:40:32 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-09-21 23:39:36 ----D---- C:\ATI
2008-09-21 23:37:53 ----A---- C:\WINDOWS\CTRegRun.exe
2008-09-21 23:36:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-21 23:36:38 ----A---- C:\WINDOWS\SBWIN.INI
2008-09-21 23:36:29 ----A---- C:\WINDOWS\system32\Ahqcpres.dll
2008-09-21 23:35:56 ----D---- C:\Program Files\Creative
2008-09-21 23:35:55 ----A---- C:\WINDOWS\IsUninst.exe
2008-09-21 23:29:30 ----D---- C:\Program Files\ma-config.com
2008-09-21 23:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-21 21:05:21 ----D---- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2008-09-21 21:00:39 ----D---- C:\Program Files\ReflexiveArcade
2008-09-21 20:57:25 ----D---- C:\Documents and Settings\Usager\Application Data\Gaijin Ent
2008-09-21 20:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-21 20:54:56 ----D---- C:\Program Files\BFG
2008-09-21 20:50:09 ----D---- C:\Documents and Settings\Usager\Application Data\WinRAR
2008-09-21 04:03:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-09-20 13:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-09-20 13:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-20 13:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-20 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-20 13:19:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-09-20 13:18:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-09-20 13:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-09-20 13:17:27 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-20 13:14:34 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-20 13:14:22 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 13:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-09-20 13:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-09-20 13:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-20 13:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-09-20 13:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-09-20 13:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-20 13:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-20 13:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$
2008-09-20 13:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-09-20 13:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-09-20 13:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-20 13:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-09-20 01:48:08 ----D---- C:\WINDOWS\system32\PreInstall
2008-09-20 01:48:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-09-20 01:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-20 01:47:16 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-20 01:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-20 01:47:12 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-19 23:31:22 ----D---- C:\Documents and Settings\Usager\Application Data\Macromedia
2008-09-19 23:31:21 ----D---- C:\Documents and Settings\Usager\Application Data\Adobe
2008-09-19 23:28:13 ----D---- C:\Program Files\PhotoFiltre Studio
2008-09-19 23:27:06 ----D---- C:\Program Files\WinRAR
2008-09-19 23:13:46 ----A---- C:\WINDOWS\iun6002.exe
2008-09-19 16:28:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-19 11:30:51 ----D---- C:\Documents and Settings\Usager\Application Data\Mozilla
2008-09-19 11:28:49 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-09-19 11:28:49 ----D---- C:\Program Files\Adobe
2008-09-19 11:17:11 ----D---- C:\Program Files\Avira
2008-09-19 11:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-19 10:49:47 ----A---- C:\WINDOWS\system32\sfman32.dll
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\sblfx.dll
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devldr32.exe
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devcon32.dll
2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\ctwdm32.dll
2008-09-19 07:38:37 ----A---- C:\WINDOWS\system32\atiraged.dll
======List of files/folders modified in the last 1 months======
2008-09-29 17:40:36 ----RD---- C:\Program Files
2008-09-29 14:27:07 ----D---- C:\WINDOWS\Temp
2008-09-29 11:54:08 ----D---- C:\WINDOWS\system32
2008-09-28 20:57:50 ----HD---- C:\WINDOWS\inf
2008-09-28 20:50:00 ----D---- C:\WINDOWS
2008-09-28 20:49:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-28 18:24:49 ----D---- C:\WINDOWS\system32\drivers
2008-09-28 13:25:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-28 13:24:46 ----RD---- C:\WINDOWS\Web
2008-09-28 10:58:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 08:02:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-28 07:45:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-28 07:44:22 ----SHD---- C:\WINDOWS\Installer
2008-09-28 07:43:16 ----D---- C:\WINDOWS\Debug
2008-09-28 07:38:48 ----D---- C:\WINDOWS\system32\Setup
2008-09-28 07:38:47 ----D---- C:\WINDOWS\AppPatch
2008-09-28 07:38:46 ----D---- C:\WINDOWS\system32\wbem
2008-09-28 07:38:44 ----RSD---- C:\WINDOWS\Fonts
2008-09-28 04:47:12 ----D---- C:\Program Files\Messenger
2008-09-28 04:47:01 ----D---- C:\WINDOWS\security
2008-09-28 03:48:09 ----D---- C:\WINDOWS\WinSxS
2008-09-28 03:40:37 ----D---- C:\Program Files\Windows Media Player
2008-09-28 03:40:06 ----D---- C:\WINDOWS\Help
2008-09-28 03:36:12 ----D---- C:\WINDOWS\ehome
2008-09-28 03:35:49 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-28 03:35:41 ----D---- C:\WINDOWS\ime
2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\usmt
2008-09-28 03:32:20 ----D---- C:\Program Files\Internet Explorer
2008-09-28 03:31:57 ----D---- C:\WINDOWS\PeerNet
2008-09-28 03:31:53 ----D---- C:\Program Files\Movie Maker
2008-09-28 02:58:27 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 02:58:25 ----D---- C:\WINDOWS\system32\npp
2008-09-28 02:58:12 ----D---- C:\WINDOWS\msagent
2008-09-28 02:58:03 ----D---- C:\WINDOWS\srchasst
2008-09-28 02:57:55 ----D---- C:\Program Files\NetMeeting
2008-09-28 02:57:48 ----D---- C:\WINDOWS\system32\Com
2008-09-28 02:57:35 ----D---- C:\Program Files\Windows NT
2008-09-28 02:57:35 ----D---- C:\Program Files\Outlook Express
2008-09-28 02:57:12 ----D---- C:\Program Files\Fichiers communs\System
2008-09-28 02:53:58 ----D---- C:\WINDOWS\system32\oobe
2008-09-28 02:52:36 ----D---- C:\WINDOWS\system
2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\Usager\Application Data\Microsoft
2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-26 03:54:41 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-09-26 00:37:27 ----A---- C:\WINDOWS\win.ini
2008-09-25 23:32:41 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-25 18:09:51 ----D---- C:\Program Files\Fichiers communs
2008-09-25 16:46:09 ----D---- C:\WINDOWS\pchealth
2008-09-25 12:59:19 ----D---- C:\Program Files\MSN
2008-09-24 22:04:12 ----SD---- C:\WINDOWS\Tasks
2008-09-23 11:00:18 ----D---- C:\WINDOWS\system32\config
2008-09-23 10:34:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-23 09:59:53 ----SHD---- C:\System Volume Information
2008-09-23 09:56:56 ----RASH---- C:\boot.ini
2008-09-21 23:36:30 ----D---- C:\WINDOWS\Media
2008-09-19 11:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! series(WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 46848]
S3 atirage;atirage; C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-23 70784]
S3 catchme;catchme; \??\C:\DOCUME~1\Usager\LOCALS~1\Temp\catchme.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-28 85969]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
-----------------EOF-----------------
Info.txt
info.txt logfile of random's system information tool 1.02 2008-09-29 17:44:06======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudioHQ-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
eMule-->"G:\eMule\Uninstall.exe"
Hidden Expedition Titanic-->G:\jeux\hidden expedition titanic\Uninstal.exe
Hide And Secret-->"G:\jeux\Hide And Secret\ReflexiveArcade\unins000.exe"
HijackThis 2.0.2-->"F:\setups\Sécurité\HijackThis.exe" /uninstall
Insaniquarium Deluxe 1.0-->C:\WINDOWS\iun6002.exe "G:\jeux\irunin.ini"
Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}
Mah Jong Quest-->"G:\jeux\Mah Jong Quest\unins000.exe"
Mahjong Towers II-->C:\WINDOWS\iun6002.exe "G:\jeux\Mahjong Towers II\irunin.ini"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Mystery Case Files - Ravenhearst (remove only)-->G:\jeux\Mystery Case Files - Ravenhearst\Uninstall.exe
Navilog1 3.6.5-->"C:\Program Files\Navilog1\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
VIA Le gestionnaire du dispositif de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
-----------------EOF-----------------
-
Pour le rapport Hijackthis il est resté identique excepté qu'au lieu d'avoir
C:\Documents and Settings\Usager\Bureau\HiJackThis.exeC:\Documents and Settings\Usager\Bureau\arria.exeBon je vais faire l'analyse avec RSIT et le scan sur secunia. Voici le rapport Smitfraudfix en attendant:
SmitFraudFix v2.354Rapport fait à 11:52:30,32, 2008-09-29
Executé à partir de F:\setups\S‚curit‚\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Usager\Bureau\arria.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Usager
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Usager\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Usager\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet PCI Kingston EtheRx KNE100TX (21143-PD) #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 207.164.234.129
DNS Server Search Order: 207.164.234.193
Description: Carte Fast Ethernet PCI Kingston EtheRx KNE100TX (21143-PD) #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1
Description: Carte Fast Ethernet PCI Kingston EtheRx KNE100TX (21143-PD) #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193
HKLM\SYSTEM\CS2\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
-
Bonjour à tous,
Pour résumer mon problème, c'est que mon ordinateur se comportes un peu bizarrement depuis hier, j'ai téléchargé Ice Sword et je m'amusait à regarder les diverses sections sans poser aucune action et j'ai remarqué une clef de registre zarbie (hkey_current_user -> S -> P) P contient 3 dossiers au nom composé de chiffres aléatoire qui eux contiennes tous les trois la clef MsgPrivacy mis a 0x1 et Prompt mis à 0x0. Il y a aussi 3 dossiers avec les mêmes noms qui sont apparus sur mon disque dur systeme. Ils contiennent des fichiers pour IE7, il y a plusieurs fichiers à double extension. J'ai aussi de drôles de problèmes avec Internet Explorer, je ne l'utilises qu'en cas d'ultime nécessité, ce matin quand je l'ai ouvert pour aller faire un scan en-ligne sur Kapersky je suis tombée sur une page erreur 404 qui me parraissait complètement falsifié. J'ai fermé IE et ouvert Firefox qui s'est ouvert sur sa page d'accueil habituelle, prouvant que mon accès internet était actif. Tout à l'heure j'ai ouvert IE pour examiner la page d'erreur un peu plus attentivement et je suis tombée sur http://v11 . www . msn . com. Je me doutes que c'est une redirection. Je ne vois rien d'extraordinairement anormal dans le rapport Hijackthis et mon antivirus (Antivir) et MBAM n'ont rien trouvé. Pour l'instant mis à part les problèmes avec IE que je n'utilises pas de toute manière et quelques redémarrages aléatoires aujourd'hui il n'y a pas de symptômes bien dérangeants.
Voici le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:28:41, on 2008-09-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Usager\Bureau\HiJackThis.exe
F:\ProcessExplorer\procexp.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3731 bytes
-
Salut,
Voila j'ai aidé mon ami a supprimer plusieurs rogues qui étaient installés il y a 2 jours, les scans d'Antivir et Spy-bot en mode sans échec ont déclarés avoir supprimées toutes les infections, mais maintenant impossible de mettre le niveau de sécurité de IE à moyen, il se remets automatiquement à faible après le redémarrage. J'ai fait un rapport Hijackthis et il y a quelques lignes 04 qui ressemblent beaucoup à des suites de lettres aléatoires. Bon, je postes le rapport et rends le controle de l'ordinateur à son propriétaire, c'est lui qui feras le reste de la désinfection avec vous.
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:54:31, on 2008-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cynthia\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=2061021
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.as...;l=FR&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=2061021
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [jdizpvkuvetwtcpn] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\eeoirjgiaq.dll" EntryPoint
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [bM1ff7c9b1] Rundll32.exe "C:\WINDOWS\system32\hitjhuai.dll",s
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://punkybrody.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ab52cbf1d03f7fff.spaces.live.co...ad/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/har...on.cab?version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spinpalace/FlashAX.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries/egacc..._1073_em_XP.cab
O20 - AppInit_DLLs: vfnfwf.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Cynthia\Bureau\Photo SKF\Cynthia En Chinois.gif
O24 - Desktop Component 1: (no name) - http://www.bid.com/Assets/ProductImages/88...185948E08AA.jpg
--
End of file - 8022 bytes
Mode VGA sur téléviseur plus supporté
dans Hardware
Posté(e)
Salut à tous,
Alors voici mon problème, j'ai un téléviseur HDTV Digistar sur lequel j'avais branché mon pc par la prise VGA. J'ai joué dessus pendant presque toute une nuit et alors que j'essayais de changer la résolution d'écran pour que la grosseur des trucs sur l'écran 42" de la télé soit raisonnable, je crois que j'ai accroché le bouton enter pendant que l'écran me disait que je vennais d'essayer d'installer une résolution non supportée par la télé. J'ai essayé de mettre mon pc en 1024*768 avant de le fermer et d'aller le brancher sur la télé. J'ai une image jusqu'au moment où Windows me donnes l'écran avec les sessions utilisateurs. Vous avez une idée de ce que je pourrais faire pour pouvoir remettre mon pc sur la télé? J'ai chercher dans le menu et les options de la télé et nulle part il n'y a de truc soit pour remettre les settings par défaut ou pour que la télé auto-ajustes l'image.
Merci beaucoup d'avance.