Aller au contenu

arriabelle

Membres
  • Compteur de contenus

    45
  • Inscription

  • Dernière visite

Messages posté(e)s par arriabelle

  1. Salut à tous,

     

    Alors voici mon problème, j'ai un téléviseur HDTV Digistar sur lequel j'avais branché mon pc par la prise VGA. J'ai joué dessus pendant presque toute une nuit et alors que j'essayais de changer la résolution d'écran pour que la grosseur des trucs sur l'écran 42" de la télé soit raisonnable, je crois que j'ai accroché le bouton enter pendant que l'écran me disait que je vennais d'essayer d'installer une résolution non supportée par la télé. J'ai essayé de mettre mon pc en 1024*768 avant de le fermer et d'aller le brancher sur la télé. J'ai une image jusqu'au moment où Windows me donnes l'écran avec les sessions utilisateurs. Vous avez une idée de ce que je pourrais faire pour pouvoir remettre mon pc sur la télé? J'ai chercher dans le menu et les options de la télé et nulle part il n'y a de truc soit pour remettre les settings par défaut ou pour que la télé auto-ajustes l'image.

     

    Merci beaucoup d'avance.

  2. Je ne suis pas toute à faite certaine de poser ma question dans la bonne section, mais celle-ci me semblais la plus appropriée.

     

    Voila mon problème, présentement j'ai l'internet avec Cogeco qui fournis un modem qui ne peut pas faire routeur wifi. Cependant j'ai un vieux routeur 2wire de Bell. Le routeur est désactivé depuis longtemps, mais quand l'installateur de Cogeco est venu et qu'il m'as demandé si j'avais un vieux routeur Bell, je ne me souvenait même plus que j'avais celui-là, je l'ai découvert en faisant des boites. Bref, je me disait que si l'installateur de Cogeco pouvait visiblement configurer le routeur Bell uniquement comme un routeur que c'était une chose faisable. J'aimerais beaucoup le faire pour me permettre d'avoir le wifi partout dans mon appartement. Si jamais quelqu'un sait comment faire je lui en serais vraiment très reconnaissante de me l'expliquer.

     

    Merci beaucoup d'avance

  3. Alors voici le log combofix, je tiens à préciser que malgré le fait que le PC était connecté à un modem internet fonctionnel (je pouvais surfer sur le web à partir de ce réseau sur mon iPod touch tout en étant assise devant le pc), Combofix me disait toujours que l'ordinateur n'était pas connecté au net, j'ai quand même fait le scan:

     

      Citation
    ComboFix 11-12-06.01 - claudine simard 2011-12-06 22:35:13.2.1 - x86

    Lancé depuis: F:\ComboFix.exe

    .

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    .

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\windows\system32\404Fix.exe

    c:\windows\system32\Agent.OMZ.Fix.exe

    c:\windows\system32\dumphive.exe

    c:\windows\system32\IEDFix.C.exe

    c:\windows\system32\IEDFix.exe

    c:\windows\system32\o4Patch.exe

    c:\windows\system32\Process.exe

    c:\windows\system32\SrchSTS.exe

    c:\windows\system32\tmp.reg

    c:\windows\system32\VACFix.exe

    c:\windows\system32\VCCLSID.exe

    c:\windows\system32\WS2Fix.exe

    .

    ---- Exécution préalable -------

    .

    c:\documents and settings\All Users.WINDOWS\Application Data\amqnaaa.tmp

    c:\documents and settings\All Users.WINDOWS\Application Data\eavnaaa.tmp

    c:\documents and settings\All Users.WINDOWS\Application Data\kzrnaaa.tmp

    c:\documents and settings\All Users.WINDOWS\Application Data\onwnaaa.tmp

    c:\documents and settings\All Users.WINDOWS\Application Data\qyonaaa.tmp

    c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

    c:\documents and settings\All Users.WINDOWS\Application Data\umtnaaa.tmp

    c:\documents and settings\All Users.WINDOWS\Application Data\yaynaaa.tmp

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\1.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\a.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\b.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\c.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\d.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\e.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\f.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\g.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\h.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\i.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\J.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\k.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\l.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\m.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\mru.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\n.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\o.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\p.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\q.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\r.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\s.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\t.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\u.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\v.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\w.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\x.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\y.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\z.xml

    c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\WINDOWS

    c:\documents and settings\oliv gab\WINDOWS

    c:\program files\ScanQuery

    c:\windows\expl.dat

    c:\windows\system32\Cache

    c:\windows\system32\config\systemprofile\Application Data\PriceGong

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1391.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2046.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2229.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2256.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4256.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4402.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\5597.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6590.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6783.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6927.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\7030.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9355.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9387.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9480.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9837.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\a.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\b.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\c.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\d.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\e.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\f.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\g.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\h.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\i.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\j.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\k.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\l.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\m.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\n.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\o.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\p.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\q.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\r.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\s.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\t.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\u.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\v.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\w.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\wlu.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\x.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\y.txt

    c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\z.txt

    c:\windows\system32\dllc.dat

    c:\windows\system32\svch.dat

    c:\windows\system32\winl.dat

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_BOONTY_GAMES

    -------\Service_Boonty Games

    .

    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2011-11-07 au 2011-12-07 ))))))))))))))))))))))))))))))))))))

    .

    .

    2011-12-06 21:31 . 2011-12-06 21:37 -------- d-----w- C:\ZHP

    2011-12-06 21:25 . 2011-12-06 21:37 -------- d-----w- c:\program files\ZHPDiag

    2011-12-05 20:47 . 2011-12-05 20:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

    2011-12-05 05:07 . 2011-12-06 22:56 -------- d-----w- C:\WinFileReplace

    2011-12-05 02:45 . 2011-12-05 02:45 -------- d-----w- c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira

    2011-12-05 02:37 . 2011-07-21 17:22 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2011-12-05 02:37 . 2011-07-21 17:22 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2011-12-05 02:37 . 2010-06-17 20:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

    2011-12-05 02:37 . 2010-06-17 20:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

    2011-12-05 02:37 . 2011-12-05 02:37 -------- d-----w- c:\program files\Avira

    2011-11-13 14:09 . 2011-11-13 14:09 -------- d-----w- c:\program files\Fichiers communs\Adobe

    .

    .

    .

    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-10-30 19:21 . 2011-10-30 19:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-10-10 14:23 . 2011-03-26 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll

    2011-09-28 07:06 . 2011-03-26 18:28 606208 ----a-w- c:\windows\system32\crypt32.dll

    2011-09-26 15:41 . 2011-03-26 18:29 22528 ----a-w- c:\windows\system32\oleaccrc.dll

    2011-09-26 15:41 . 2008-07-29 18:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll

    2011-09-26 15:41 . 2011-03-26 18:29 220160 ----a-w- c:\windows\system32\oleacc.dll

    .

    .

    ------- Sigcheck -------

    Note: Unsigned files aren't necessarily malware.

    .

    [-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

    .

    [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

    [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

    .

    [-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

    [-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

    .

    [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

    .

    [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

    [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

    .

    [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys

    [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

    .

    [-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

    [-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

    .

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

    [-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

    .

    [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

    [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

    .

    [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

    [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

    .

    [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

    [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

    .

    [-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

    [-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

    .

    [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

    [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

    .

    [-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

    [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

    [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

    [-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

    .

    [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

    [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

    [-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

    [-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

    .

    [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

    [-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

    .

    [-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\winlogon.exe

    [-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\dllcache\winlogon.exe

    .

    [-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

    [-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

    [-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

    [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

    [-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

    [-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

    .

    [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

    [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

    .

    [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

    [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

    [-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

    [-] 2008-04-14 12:00 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

    .

    [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

    [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

    .

    [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

    [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

    [-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

    [-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

    .

    [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

    [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

    .

    [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

    [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

    .

    [-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll

    [-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll

    [-] 2011-10-03 . 04B3377227CD337F740A1BE05A33E6D7 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll

    [-] 2011-02-22 . 87AD8BE7B6A2AA21BD05BAEEC42ADE1C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

    [-] 2011-02-22 . 8B82D452F8BFCDC50D1C003957EB4C24 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll

    [-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll

    [-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\mshtml.dll

    [-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll

    [-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\mshtml.dll

    [-] 2010-12-20 . 2F7D3FEEB64619984478CBB095461AA3 . 3099136 . . [6.00.2900.6058] . . c:\windows\ie8\mshtml.dll

    [-] 2010-12-20 . E8B6DCBC1A066368C307FC19790349F2 . 3099136 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\mshtml.dll

    [-] 2010-05-06 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll

    .

    [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

    [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

    [-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

    [-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

    .

    [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

    [-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

    [-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

    [-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

    [-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

    [-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

    .

    [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

    [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

    .

    [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

    [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

    .

    [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

    [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

    .

    [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

    [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

    .

    [-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 39424 . . [------] . . c:\windows\system32\dllcache\svchost.exe

    .

    [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

    [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

    .

    [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

    [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

    .

    [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

    [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

    .

    [-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll

    [-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll

    [-] 2011-08-22 . 96F7E8DFF026E48DD7655DBFC47E7944 . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll

    [-] 2011-02-22 . 8B466303E57E69AC1F82849006BADAAD . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll

    [-] 2011-02-22 . 77C66BD5CED4E555919A5FB713322CDD . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll

    [-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll

    [-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\wininet.dll

    [-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll

    [-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\wininet.dll

    [-] 2010-12-20 . 7C135A11B4DA7C4F05EE8C75210B9A87 . 671232 . . [6.00.2900.6058] . . c:\windows\ie8\wininet.dll

    [-] 2010-12-20 . 6D9C7A3F1C21F2B1F3332D151140C405 . 672768 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\wininet.dll

    [-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll

    [-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\wininet.dll

    [-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

    [-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\wininet.dll

    [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll

    [-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB2482017$\wininet.dll

    .

    [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

    [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

    .

    [-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

    [-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

    .

    [-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 1062400 . . [------] . . c:\windows\system32\dllcache\explorer.exe

    .

    [-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\regedit.exe

    [-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

    .

    [-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll

    [-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll

    [-] 2010-07-16 . 210E7ADFEFA2879115612E5C02D410D6 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

    [-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

    .

    [-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

    [-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

    [-] 2010-04-16 . A044F43EACDB453AE6DA308DE9BBD51E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

    [-] 2008-04-14 . 8B9167A0A9E18E22F31FB4EE2563019A . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

    .

    [-] 2008-04-13 . C8B7941F9824E9F4D3D7B9B9BAE14FEE . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

    .

    [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

    [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

    .

    [-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

    [-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

    [-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

    [-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

    .

    [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

    [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

    .

    [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

    [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

    .

    [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

    [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

    .

    [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

    [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

    .

    [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

    [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

    .

    [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

    [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

    .

    [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

    [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

    .

    [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

    [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

    .

    [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

    [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

    .

    [-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

    [-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll

    .

    [-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

    [-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

    .

    [-] 2008-04-14 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

    .

    [-] 2008-04-13 09:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

    .

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS

    .

    [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

    [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

    .

    [-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

    [-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

    [-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

    [-] 2008-04-14 12:00 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

    .

    [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

    [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

    .

    [-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll

    [-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\dllcache\mspmsnsv.dll

    [-] 2008-04-14 12:00 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

    .

    [-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

    [-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

    [-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe

    [-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe

    [-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

    [-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe

    .

    [-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

    [-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

    .

    [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

    [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

    .

    [-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

    [-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

    .

    [-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

    [-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

    .

    [-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

    [-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

    .

    [-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

    [-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

    .

    [-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

    [-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

    .

    [-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

    [-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

    .

    [-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

    [-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

    [-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe

    [-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe

    [-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

    [-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe

    .

    [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

    [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

    .

    [-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

    [-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll

    .

    [-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

    [-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

    .

    [-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

    [-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll

    .

    [-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

    [-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll

    .

    c:\windows\System32\svchost.exe ... manque !!

    c:\windows\explorer.exe ... manque !!

    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\prxtbuTo2.dll" [2011-05-09 176936]

    .

    [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-30 247968]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

    2011-04-21 12:55 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    2010-04-16 21:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    2011-03-28 08:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    2011-04-13 05:27 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

    2011-04-10 01:58 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "avast! Mail Scanner"=3 (0x3)

    "avast! Antivirus"=2 (0x2)

    "avast! Web Scanner"=3 (0x3)

    "WmiApSrv"=3 (0x3)

    "VSS"=3 (0x3)

    "UPS"=3 (0x3)

    "SysmonLog"=3 (0x3)

    "SwPrv"=3 (0x3)

    "Spooler"=2 (0x2)

    "SeaPort"=2 (0x2)

    "SCardSvr"=3 (0x3)

    "SamSs"=2 (0x2)

    "RSVP"=3 (0x3)

    "RDSessMgr"=3 (0x3)

    "ProtectedStorage"=2 (0x2)

    "PolicyAgent"=2 (0x2)

    "PlugPlay"=2 (0x2)

    "NtLmSsp"=3 (0x3)

    "NMSAccess"=2 (0x2)

    "Netlogon"=3 (0x3)

    "MSIServer"=3 (0x3)

    "MSDTC"=3 (0x3)

    "mnmsrvc"=3 (0x3)

    "JavaQuickStarterService"=2 (0x2)

    "ImapiService"=3 (0x3)

    "idsvc"=3 (0x3)

    "gusvc"=3 (0x3)

    "gupdate"=2 (0x2)

    "fsssvc"=3 (0x3)

    "FontCache3.0.0.0"=3 (0x3)

    "Eventlog"=2 (0x2)

    "dmadmin"=3 (0x3)

    "COMSysApp"=3 (0x3)

    "clr_optimization_v2.0.50727_32"=3 (0x3)

    "CiSvc"=3 (0x3)

    "Boonty Games"=3 (0x3)

    "aspnet_state"=3 (0x3)

    "AntiVirService"=2 (0x2)

    "AntiVirSchedulerService"=2 (0x2)

    "ALG"=3 (0x3)

    .

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

    R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 135664]

    .

    .

    --- Autres Services/Pilotes en mémoire ---

    .

    *NewlyCreated* - HELPSVC

    *NewlyCreated* - WUAUSERV

    .

    Contenu du dossier 'Tâches planifiées'

    .

    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]

    .

    2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]

    .

    2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

    .

    2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

    .

    2011-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

    .

    2011-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

    .

    2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

    .

    .

    ------- Examen supplémentaire -------

    .

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

    TCP: DhcpNameServer = 192.168.2.1

    .

    - - - - ORPHELINS SUPPRIMES - - - -

    .

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2011-12-06 23:02

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    Recherche de processus cachés ...

    .

    Recherche d'éléments en démarrage automatique cachés ...

    .

    Recherche de fichiers cachés ...

    .

    Scan terminé avec succès

    Fichiers cachés: 0

    .

    **************************************************************************

    .

    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    .

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

    @Denied: (2) (LocalSystem)

    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\

    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\

    .

    Heure de fin: 2011-12-06 23:12:46

    ComboFix-quarantined-files.txt 2011-12-07 04:12

    .

    Avant-CF: 21 825 302 528 octets libres

    Après-CF: 21 809 262 592 octets libres

    .

    - - End Of File - - 3AD32AE230AF89D250C113AE77A0BD20

  4. Bonjour à tous,

     

    Je résumes un peu les symptômes de ce pc (il n'est pas à moi) qui est visiblement infecté par au moins 2 infections différentes. J'ai fait un scan avec Antivir qui m'as dis que le processus Winlogon.exe et Explorer.exe sont infectés par TROJ/Patched.gen. Il me dis aussi que Svchost est infecté par un adware suivi de tout plein de chiffres. J'ai aussi essayer Rescue me d'antivir qui lui me dis qu'il y a une infection adware/RegRevive.A dans une ligne contenant application data/opencandy/pleins de chiffres. Il m'as dis qu'il y avais un exploit java dans un fichier nommé apache/adidas.class. Il y avais aussi une autre infection dont je me rappelles pas, je n'ai pas été capable de terminer le scan avec Rescue me parce-qu'après un moment il me disait que je manquais de mémoire vive.

     

    Les symptômes autres que le fait de ne plus avoir de processus Explorer.exe et de ne pas être capable de l'éxécuter comme nouvelle tâche, on entendais des publicités qui n'étaient pas visibles et le pc fermais de manière aléatoire.

     

    Voici le rapport HJT:

      Citation
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:14:03, on 2011-12-05

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    C:\WINDOWS\system32\taskmgr.exe

    F:\HiJackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll

    O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFix\Combobatch.bat

    O4 - HKLM\..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFixCombobatch.bat

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User '?')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1301171279171

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301161140734

    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab

    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

     

    --

    End of file - 4473 bytes

     

    et le rapport OTL:

      Citation
    OTL logfile created on: 2011-12-05 22:44:45 - Run 2

    OTL by OldTimer - Version 3.2.31.0 Folder = F:\

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

     

    511,42 Mb Total Physical Memory | 288,23 Mb Available Physical Memory | 56,36% Memory free

    1,22 Gb Paging File | 1,04 Gb Available in Paging File | 84,93% Paging File free

    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

     

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 37,26 Gb Total Space | 20,29 Gb Free Space | 54,46% Space Free | Partition Type: NTFS

    Drive F: | 1,96 Gb Total Space | 1,63 Gb Free Space | 83,46% Space Free | Partition Type: FAT

     

    Computer Name: CLOCLO-4D55E9C4 | User Name: claudine simard | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

     

    ========== Processes (SafeList) ==========

     

    PRC - [2011-12-04 23:15:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe

    PRC - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    PRC - [2011-07-21 12:20:29 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

    PRC - [2011-04-21 07:55:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    PRC - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe

    PRC - [2008-04-14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe

     

     

    ========== Modules (No Company Name) ==========

     

    MOD - [2011-07-21 15:12:32 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

    MOD - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe

     

     

    ========== Win32 Services (SafeList) ==========

     

    SRV - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

    SRV - [2011-04-21 07:55:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

    SRV - [2010-03-04 21:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

     

     

    ========== Driver Services (SafeList) ==========

     

    DRV - [2011-07-21 12:22:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

    DRV - [2011-07-21 12:22:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

    DRV - [2010-06-17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

    DRV - [2010-06-17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

    DRV - [2010-04-28 01:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

    DRV - [2010-02-11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

    DRV - [2009-11-12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

     

     

    ========== Standard Registry (SafeList) ==========

     

     

    ========== Internet Explorer ==========

     

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

     

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F8 F2 E8 F9 EB CB 01 [binary data]

    IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

     

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)

     

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-13 00:28:19 | 000,000,000 | ---D | M]

     

     

    O1 HOSTS File: ([2011-12-05 15:50:18 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O3 - HKLM\..\Toolbar: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)

    O4 - HKLM..\Run: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)

    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

    O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)

    O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1301171279171 (MUCatalogWebControl Class)

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301161140734 (MUWebControl Class)

    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab (Reg Error: Key error.)

    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx (ArmHelper Control)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C8A5F89-4020-4D25-8874-62DDE846FA48}: DhcpNameServer = 192.168.2.1

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found

    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

    O24 - Desktop WallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2011-03-22 23:19:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

     

    ========== Files/Folders - Created Within 30 Days ==========

     

    [2011-12-05 15:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\RK_Quarantine

    [2011-12-05 14:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

    [2011-12-05 14:09:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2011-12-05 14:09:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2011-12-05 14:09:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2011-12-05 14:09:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2011-12-05 14:08:25 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2011-12-05 00:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

    [2011-12-05 00:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2011-12-05 00:07:23 | 000,000,000 | ---D | C] -- C:\WinFileReplace

    [2011-12-04 21:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira

    [2011-12-04 21:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Avira

    [2011-12-04 21:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

    [2011-12-04 21:37:21 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

    [2011-12-04 21:37:21 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

    [2011-12-04 21:37:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

    [2011-12-04 21:37:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

    [2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

    [2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

    [2011-11-23 18:48:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe

    [2011-11-21 17:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment

    [2011-11-21 17:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\GameTop.com

    [2011-11-21 17:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\GameTop.com

    [2011-11-21 17:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3024

    [2011-11-21 16:36:27 | 088,496,128 | ---- | C] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir

    [2011-11-21 15:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\AdobeUM

    [2011-11-17 13:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft

    [2011-11-13 09:10:06 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Documents\kbd32.dll

    [2011-11-13 09:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Mes documents\My eBooks

    [2011-11-13 09:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe

    [2011-11-11 17:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Nouveau dossier (2)

    [2010-03-25 03:28:46 | 401,790,922 | ---- | C] (Games ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HauntedManorCE.exe

    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

     

    ========== Files - Modified Within 30 Days ==========

     

    [2011-12-05 22:51:43 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2011-12-05 22:40:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011-12-05 22:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011-12-05 15:59:33 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

    [2011-12-05 15:50:18 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

    [2011-12-05 01:36:55 | 000,000,212 | -HS- | M] () -- C:\boot.ini

    [2011-12-04 21:54:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011-12-04 21:54:07 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

    [2011-12-04 21:37:41 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk

    [2011-12-04 21:31:11 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

    [2011-12-04 21:31:09 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2011-12-04 21:31:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

    [2011-11-23 18:45:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe

    [2011-11-23 18:37:00 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe

    [2011-11-23 11:42:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job

    [2011-11-21 17:48:37 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

    [2011-11-21 16:41:46 | 088,496,128 | ---- | M] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir

    [2011-11-19 17:57:04 | 016,636,444 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\06 SEROPOSITIF BOOGIE.mp3

    [2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\RegRevive.job

    [2011-11-10 12:27:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    [2011-11-08 14:58:33 | 000,502,986 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

    [2011-11-08 14:58:33 | 000,434,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2011-11-08 14:58:33 | 000,082,360 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

    [2011-11-08 14:58:33 | 000,068,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2011-11-06 04:25:52 | 000,001,097 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk

    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

     

    ========== Files Created - No Company Name ==========

     

    [2011-12-05 15:47:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

    [2011-12-05 14:09:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2011-12-05 14:09:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2011-12-05 14:09:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2011-12-05 14:09:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2011-12-05 14:09:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2011-12-04 21:37:41 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk

    [2011-11-23 18:49:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe

    [2011-11-20 19:40:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

    [2011-11-20 19:40:49 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

    [2011-11-06 04:25:52 | 000,001,097 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk

    [2011-06-29 17:12:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

    [2011-05-16 05:11:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

    [2011-05-06 01:14:23 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Options

    [2011-04-14 18:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

    [2011-03-29 00:48:28 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011-03-27 08:08:27 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2011-03-26 20:52:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011-03-26 13:30:48 | 000,502,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

    [2011-03-26 13:30:48 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

    [2011-03-26 13:30:48 | 000,082,360 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

    [2011-03-26 13:30:48 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

    [2011-03-26 13:30:12 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe

    [2011-03-26 13:29:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2011-03-26 13:29:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\sdbinnst.exe

    [2011-03-26 13:29:32 | 000,434,324 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2011-03-26 13:29:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2011-03-26 13:29:32 | 000,068,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2011-03-26 13:29:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2011-03-26 13:29:29 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2011-03-26 13:29:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2011-03-26 13:29:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    [2011-03-26 13:29:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2011-03-26 13:29:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2011-03-26 13:28:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lprheelp.dll

    [2011-03-26 13:28:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2011-03-26 13:28:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

    [2011-03-26 13:28:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\assr_pfu.exe

    [2011-03-26 10:30:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

    [2011-03-26 10:30:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

    [2011-03-26 09:51:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2011-03-26 09:49:54 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011-03-26 09:42:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2011-03-26 09:34:14 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2010-01-13 21:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll

    [2010-01-13 21:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll

    [2001-07-12 16:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe

    [1998-10-10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

     

    ========== LOP Check ==========

     

    [2011-05-16 01:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software

    [2011-04-13 00:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Fish Games

    [2011-04-06 02:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY

    [2011-06-29 17:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited

    [2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Casual Arts

    [2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DragonsEye Studios

    [2011-04-26 16:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dying for Daylight

    [2011-08-22 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fenomen Games

    [2011-05-17 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse

    [2011-05-28 11:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii

    [2011-04-06 02:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium

    [2011-04-10 10:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear

    [2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LittleGamesCompany

    [2011-03-28 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com

    [2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maximize Games

    [2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Merscom

    [2011-05-16 08:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo

    [2011-05-04 00:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Namco

    [2011-05-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Particles

    [2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst

    [2011-05-16 07:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayPond

    [2011-04-08 04:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Registry Helper

    [2011-03-28 05:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegRevive

    [2011-05-10 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SOS

    [2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Top Evidence

    [2011-04-03 11:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip

    [2011-03-26 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom

    [2011-11-17 13:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft

    [2011-05-02 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\A Gypsy's Tale - The Tower of Secrets

    [2011-04-10 04:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Application Data

    [2011-04-13 14:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artifex Mundi

    [2011-05-11 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artogon

    [2011-04-13 14:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Awem

    [2011-03-28 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\BabylonToolbar

    [2011-04-03 05:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Big Fish Games

    [2011-08-23 06:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Blue Tea Games

    [2011-06-29 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Canneverbe Limited

    [2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Casual Arts

    [2011-03-28 06:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Clickteam

    [2011-04-03 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\CrazyLoader

    [2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\DragonsEye Studios

    [2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight

    [2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight Shared

    [2011-05-28 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enki Games

    [2011-05-16 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enlightenus

    [2011-06-01 19:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS G-Studio

    [2011-09-15 07:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS Game Studios

    [2011-06-17 00:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Frogwares

    [2011-04-09 05:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\FrostWire

    [2011-05-16 07:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Fugazo

    [2011-04-10 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHouse

    [2011-04-10 04:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHousev1002

    [2011-05-16 05:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameMill Entertainment

    [2011-05-16 05:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Ghost Ship Studios

    [2011-03-27 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HdO Adventure

    [2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\LittleGamesCompany

    [2011-07-01 04:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA

    [2011-08-17 05:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA2

    [2011-04-26 15:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\margrave3_full

    [2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Maximize Games

    [2011-03-27 08:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Meridian93

    [2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Merscom

    [2011-09-14 07:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Monkey Barrel Games

    [2011-04-09 00:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MSNInstaller

    [2011-03-28 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\OpenCandy

    [2011-07-08 12:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Orneon

    [2011-07-07 23:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Phantasmat_bf_ce1

    [2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayFirst

    [2011-06-01 08:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayPond

    [2011-11-21 17:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment

    [2011-04-08 04:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\RegistryKeys

    [2011-04-15 01:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\report

    [2011-06-08 22:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SerpentOfIsis

    [2011-03-27 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SpinTop

    [2011-03-27 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\TikisLab

    [2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Top Evidence

    [2011-06-02 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Total Eclipse

    [2011-04-04 01:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\UseNeXT

    [2011-12-04 21:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\uTorrent

    [2011-04-08 18:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vast Studios

    [2011-05-06 01:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vogat Interactive

    [2011-03-26 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Zylom

    [2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\RegRevive.job

    [2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

     

    ========== Purity Check ==========

     

     

     

    < End of report >

     

    Merci beaucoup de prendre le temps de lire mon message.

  5. Salut tout le monde,

     

    Alors pour résumer un peu j'ai reçu un appel d'un indien parlant seulement en anglais qui me disait travailler sur microsoft et qui téléphonait en disant qu'ils avaient reçus beaucoup de messages d'erreur provenant de mon pc... bref il m'as fait faire 2-3 trucs sur mon ordi avant que je ne commences vraiment à me douter que son truc était vraiment louche. Il m'a fait downloader un programme, je l'ai fait analyser par mon antivirus avant de l'ouvrir, j'ai vraiment eu peur et j'ai commencé à essayer de racrocher après que mon curseur de souris ne se mettes à bouger tout seul. J'ai tout de suite fermé le programme, je l'ai supprimé et j'ai déconnecté mon internet jusqu'à ce que je puisse venir poser ma question ici. Je voudrais juste faire vérifier mon rapport HTJ pour être certaine qu'il ne restes pas quelque chose de pas net sur mon ordi. Je sais que j'ai été un peu naive sur ce coup-là, mais je ne voudrais quand même pas que ça compromettes mon pc.

  6. Salut à tous,

     

    Mon pc ne va particulièrement mal, mais RUBotted me dis qu'il détectes un Bot sans me dire où et sans me donner d'autres options que de nettoyer avec HouseCall. Je sais pas si ça peut éventuellement vous servir à quelque chose, mais j'aimerais bien avoir une petite analyse HJT histoire de savoir si tout est normal.

     

    Merci beaucoup d'avance:

     

      Citation
    Logfile of Trend Micro HijackThis v2.0.3 (BETA)

    Scan saved at 01:34:31, on 2002-01-01

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

    C:\WINDOWS\system32\devldr32.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\lclock.exe

    C:\Documents and Settings\Wolfy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

    R3 - URLSearchHook: FCToolbarURLSearchHook Class - {587358e3-e95b-4446-af29-13d6ce820e9c} - C:\Program Files\Pirates - FB\Helper.dll

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: FCTBPos00Pos - {064F9A9F-3A73-41A1-8F33-D0660836FA8B} - C:\Program Files\Pirates - FB\Toolbar.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Pirates - FB - {FCD92A5D-0984-4850-BE14-BDFA192150FF} - C:\Program Files\Pirates - FB\Toolbar.dll

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: [LClock] lclock.exe

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Wolfy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')

    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

    O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe

    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

    O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

     

    --

    End of file - 7252 bytes

  7. Voila le log après redémarrage:

     

      Citation
    All processes killed

    Error: Unable to interpret <:first> in the current context!

    ========== PROCESSES ==========

    No active process named explorer.exe was found!

    No active process named 90467A66.exe was found!

    No active process named DE3A4BB5.exe was found!

    ========== SERVICES/DRIVERS ==========

     

    Service\Driver 90467A66 deleted successfully.

     

    Service\Driver DE3A4BB5 deleted successfully.

     

    Service\Driver LQPDB deleted successfully.

     

    Service\Driver OOXJGQ deleted successfully.

     

    Service\Driver QDAIPWCHCREU deleted successfully.

    Service\Driver SjyPkt stopped successfully.

    Service\Driver SjyPkt deleted successfully.

    Service\Driver ancnwq9f not found.

    Service\Driver ancnwq9f not found.

    Service\Driver ancnwq9f not found.

    Service\Driver mbr deleted successfully.

    Service\Driver ancnwq9f not found.

    Service\Driver rkhdrv40 deleted successfully.

    Service\Driver ancnwq9f not found.

    Service\Driver SBRE deleted successfully.

    Service\Driver ancnwq9f not found.

    Service\Driver catchme deleted successfully.

    ========== FILES ==========

    C:\WINDOWS\system32\90467A66.exe moved successfully.

    C:\WINDOWS\system32\DE3A4BB5.exe moved successfully.

    C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe moved successfully.

    C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe moved successfully.

    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe moved successfully.

    C:\WINDOWS\System32\Drivers\SjyPkt.sys moved successfully.

    File/Folder C:\WINDOWS\system32\drivers\ancnwq9f.sys not found.

    File/Folder C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys not found.

    File/Folder C:\WINDOWS\system32\drivers\rkhdrv40.sys not found.

    File/Folder C:\WINDOWS\system32\drivers\SBREdrv.sys not found.

    File/Folder C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys not found.

    C:\WINDOWS\NIRCMD.exe moved successfully.

    C:\WINDOWS\zip.exe moved successfully.

    C:\WINDOWS\SWXCACLS.exe moved successfully.

    C:\WINDOWS\SWSC.exe moved successfully.

    C:\WINDOWS\SWREG.exe moved successfully.

    C:\WINDOWS\sed.exe moved successfully.

    C:\WINDOWS\PEV.exe moved successfully.

    C:\WINDOWS\grep.exe moved successfully.

    C:\SDFix\backups moved successfully.

    C:\SDFix\apps\Replace\xp moved successfully.

    C:\SDFix\apps\Replace\w2k moved successfully.

    C:\SDFix\apps\Replace moved successfully.

    C:\SDFix\apps moved successfully.

    C:\SDFix moved successfully.

    C:\ComboFix\N_ moved successfully.

    C:\ComboFix moved successfully.

    C:\Qoobox\TestC moved successfully.

    C:\Qoobox\Test moved successfully.

    C:\Qoobox\Quarantine\Registry_backups moved successfully.

    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.

    C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.

    C:\Qoobox\Quarantine\C\WINDOWS moved successfully.

    C:\Qoobox\Quarantine\C\Documents and Settings\Claude\Application Data moved successfully.

    C:\Qoobox\Quarantine\C\Documents and Settings\Claude moved successfully.

    C:\Qoobox\Quarantine\C\Documents and Settings moved successfully.

    C:\Qoobox\Quarantine\C moved successfully.

    C:\Qoobox\Quarantine moved successfully.

    C:\Qoobox\LastRun moved successfully.

    C:\Qoobox\BackEnv moved successfully.

    C:\Qoobox moved successfully.

    C:\WINDOWS\system32\CF25764.exe moved successfully.

    ========== REGISTRY ==========

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.

    ========== COMMANDS ==========

     

    [EMPTYTEMP]

     

    User: Administrateur

    ->Temp folder emptied: 53248 bytes

    ->Temporary Internet Files folder emptied: 1471609 bytes

    ->FireFox cache emptied: 11746568 bytes

     

    User: All Users

     

    User: Claude

    ->Temp folder emptied: 621277 bytes

    ->Temporary Internet Files folder emptied: 18401763 bytes

    ->Java cache emptied: 1057655 bytes

    ->FireFox cache emptied: 41442501 bytes

    ->Apple Safari cache emptied: 37632096 bytes

    ->Opera cache emptied: 3890748 bytes

     

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

     

    User: LocalService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 67 bytes

     

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

     

    %systemdrive% .tmp files removed: 0 bytes

    C:\WINDOWS\7104189AC5924A56AC9E7C0CA135DA3C.TMP folder deleted successfully.

    C:\WINDOWS\msdownld.tmp folder deleted successfully.

    %systemroot% .tmp files removed: 2289230 bytes

    %systemroot%\System32 .tmp files removed: 3072 bytes

    Windows Temp folder emptied: 255 bytes

     

    RecycleBin emptied: 0 bytes

     

    Total Files Cleaned = 113,15 mb

     

     

    OTM by OldTimer - Version 3.0.0.2 log created on 06282009_170522

     

    Files moved on Reboot...

     

    Registry entries deleted on Reboot...

  8.   Citation
    Fichier 90467A66.exe reçu le 2009.06.28 13:28:45 (UTC)

    Antivirus Version Dernière mise à jour Résultat

    a-squared 4.5.0.18 2009.06.28 Trojan-Spy.Agent.NJP!IK

    AhnLab-V3 5.0.0.2 2009.06.27 Win-Trojan/Agent.6656.FJ

    AntiVir 7.9.0.199 2009.06.26 -

    Antiy-AVL 2.0.3.1 2009.06.26 Trojan/Win32.OnLineGames.gen

    Authentium 5.1.2.4 2009.06.27 -

    Avast 4.8.1335.0 2009.06.28 -

    AVG 8.5.0.339 2009.06.27 -

    BitDefender 7.2 2009.06.28 -

    CAT-QuickHeal 10.00 2009.06.26 Trojan.Agent.IRC

    ClamAV 0.94.1 2009.06.28 Trojan.Spy-44942

    Comodo 1470 2009.06.28 TrojWare.Win32.Agent.~GAJ

    DrWeb 5.0.0.12182 2009.06.28 -

    eSafe 7.0.17.0 2009.06.28 -

    eTrust-Vet 31.6.6582 2009.06.26 Win32/PcClient.FW

    F-Prot 4.4.4.56 2009.06.27 -

    F-Secure 8.0.14470.0 2009.06.27 Trojan:W32/Agent.IKS

    Fortinet 3.117.0.0 2009.06.28 W32/Agent.1EA9!tr

    GData 19 2009.06.28 -

    Ikarus T3.1.1.64.0 2009.06.28 Trojan-Spy.Agent.NJP

    Jiangmin 11.0.706 2009.06.28 TrojanSpy.Agent.dja

    K7AntiVirus 7.10.768 2009.06.19 Trojan-Spy.Win32.Agent.NJP

    Kaspersky 7.0.0.125 2009.06.28 -

    McAfee 5659 2009.06.27 Generic PWS.y

    McAfee+Artemis 5659 2009.06.27 Generic PWS.y

    McAfee-GW-Edition 6.7.6 2009.06.27 -

    Microsoft 1.4803 2009.06.28 -

    NOD32 4194 2009.06.28 -

    Norman 6.01.09 2009.06.26 W32/Agent.MJJN

    nProtect 2009.1.8.0 2009.06.28 Trojan-Spy/W32.Agent.6656.C

    Panda 10.0.0.16 2009.06.28 -

    PCTools 4.4.2.0 2009.06.28 -

    Rising 21.35.62.00 2009.06.28 -

    Sophos 4.43.0 2009.06.28 Mal/Generic-A

    Sunbelt 3.2.1858.2 2009.06.27 Bulk Trojan

    Symantec 1.4.4.12 2009.06.28 Trojan Horse

    TheHacker 6.3.4.3.356 2009.06.27 Trojan/Agent.gen

    TrendMicro 8.950.0.1094 2009.06.28 -

    VBA32 3.12.10.7 2009.06.28 -

    ViRobot 2009.6.27.1808 2009.06.27 -

    VirusBuster 4.6.5.0 2009.06.27 -

    Information additionnelle

    File size: 6656 bytes

    MD5...: 2d2cfd52b636a3acdd036b74e55b9a7a

    SHA1..: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9

    SHA256: 61c4b83ca42cd72e90ac46557547994c1aa4a49412e7b1190c610d1837ef8819

    ssdeep: 48:OEPDnVTXagwDAk70wmXAp4byWHgs8SHpG89HWBFdLTmtcQ9wkIZMHBYnO3O7E<br>1J:nPDnFXApTsL889aFhicCPGO3Og1<br>

    PEiD..: -

    TrID..: File type identification<br>-

    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1c1d<br>timedatestamp.....: 0x4649d618 (Tue May 15 15:47:36 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0xc2c 0xe00 5.70 3dd073383b20c611a463431861c16973<br>DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc<br>BSS 0x3000 0xa22f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xa6000 0x2d8 0x400 3.57 1ca6e665e111aa0d5ca04c130721765d<br>.reloc 0xa7000 0x10c 0x200 3.99 ce7e4bf50b046fae2ca28edba741b101<br><br>( 4 imports ) <br>> kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, OutputDebugStringW, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetCurrentProcess, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess<br>> ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString<br>> advapi32.dll: StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW<br>> kernel32.dll: FindNextFileW<br><br>( 0 exports ) <br>

    PDFiD.: -

    RDS...: NSRL Reference Data Set<br>-

    ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a''>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>

     

      Citation
    Fichier DE3A4BB5.exe reçu le 2009.06.28 13:32:52 (UTC)

    Antivirus Version Dernière mise à jour Résultat

    a-squared 4.5.0.18 2009.06.28 Trojan-Spy.Agent.NJP!IK

    AhnLab-V3 5.0.0.2 2009.06.27 Win-Trojan/Agent.6656.FJ

    AntiVir 7.9.0.199 2009.06.26 -

    Antiy-AVL 2.0.3.1 2009.06.26 Trojan/Win32.OnLineGames.gen

    Authentium 5.1.2.4 2009.06.27 -

    Avast 4.8.1335.0 2009.06.28 -

    AVG 8.5.0.339 2009.06.27 -

    BitDefender 7.2 2009.06.28 -

    CAT-QuickHeal 10.00 2009.06.26 Trojan.Agent.IRC

    ClamAV 0.94.1 2009.06.28 Trojan.Spy-44942

    Comodo 1470 2009.06.28 TrojWare.Win32.Agent.~GAJ

    DrWeb 5.0.0.12182 2009.06.28 -

    eSafe 7.0.17.0 2009.06.28 -

    eTrust-Vet 31.6.6582 2009.06.26 Win32/PcClient.FW

    F-Prot 4.4.4.56 2009.06.27 -

    F-Secure 8.0.14470.0 2009.06.27 Trojan:W32/Agent.IKS

    Fortinet 3.117.0.0 2009.06.28 W32/Agent.1EA9!tr

    GData 19 2009.06.28 -

    Ikarus T3.1.1.64.0 2009.06.28 Trojan-Spy.Agent.NJP

    Jiangmin 11.0.706 2009.06.28 TrojanSpy.Agent.dja

    K7AntiVirus 7.10.768 2009.06.19 Trojan-Spy.Win32.Agent.NJP

    Kaspersky 7.0.0.125 2009.06.28 -

    McAfee 5659 2009.06.27 Generic PWS.y

    McAfee+Artemis 5659 2009.06.27 Generic PWS.y

    McAfee-GW-Edition 6.7.6 2009.06.27 -

    Microsoft 1.4803 2009.06.28 -

    NOD32 4194 2009.06.28 -

    Norman 6.01.09 2009.06.26 W32/Agent.MJJN

    nProtect 2009.1.8.0 2009.06.28 Trojan-Spy/W32.Agent.6656.C

    Panda 10.0.0.16 2009.06.28 -

    PCTools 4.4.2.0 2009.06.28 -

    Prevx 3.0 2009.06.28 -

    Rising 21.35.62.00 2009.06.28 -

    Sophos 4.43.0 2009.06.28 Mal/Generic-A

    Sunbelt 3.2.1858.2 2009.06.27 Bulk Trojan

    Symantec 1.4.4.12 2009.06.28 Trojan Horse

    TheHacker 6.3.4.3.356 2009.06.27 Trojan/Agent.gen

    TrendMicro 8.950.0.1094 2009.06.28 -

    VBA32 3.12.10.7 2009.06.28 -

    ViRobot 2009.6.27.1808 2009.06.27 -

    VirusBuster 4.6.5.0 2009.06.27 -

    Information additionnelle

    File size: 6656 bytes

    MD5...: 2d2cfd52b636a3acdd036b74e55b9a7a

    SHA1..: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9

    SHA256: 61c4b83ca42cd72e90ac46557547994c1aa4a49412e7b1190c610d1837ef8819

    ssdeep: 48:OEPDnVTXagwDAk70wmXAp4byWHgs8SHpG89HWBFdLTmtcQ9wkIZMHBYnO3O7E<br>1J:nPDnFXApTsL889aFhicCPGO3Og1<br>

    PEiD..: -

    TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%)

    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1c1d<br>timedatestamp.....: 0x4649d618 (Tue May 15 15:47:36 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0xc2c 0xe00 5.70 3dd073383b20c611a463431861c16973<br>DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc<br>BSS 0x3000 0xa22f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0xa6000 0x2d8 0x400 3.57 1ca6e665e111aa0d5ca04c130721765d<br>.reloc 0xa7000 0x10c 0x200 3.99 ce7e4bf50b046fae2ca28edba741b101<br><br>( 4 imports ) <br>> kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, OutputDebugStringW, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetCurrentProcess, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess<br>> ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString<br>> advapi32.dll: StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW<br>> kernel32.dll: FindNextFileW<br><br>( 0 exports ) <br>

    PDFiD.: -

    RDS...: NSRL Reference Data Set<br>-

    ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>

  9. Log MBAM

      Citation
    Malwarebytes' Anti-Malware 1.38

    Version de la base de données: 2343

    Windows 5.1.2600 Service Pack 2

     

    2009-06-27 17:35:13

    mbam-log-2009-06-27 (17-35-13).txt

     

    Type de recherche: Examen complet (C:\|)

    Eléments examinés: 138890

    Temps écoulé: 42 minute(s), 0 second(s)

     

    Processus mémoire infecté(s): 0

    Module(s) mémoire infecté(s): 0

    Clé(s) du Registre infectée(s): 0

    Valeur(s) du Registre infectée(s): 0

    Elément(s) de données du Registre infecté(s): 0

    Dossier(s) infecté(s): 0

    Fichier(s) infecté(s): 0

     

    Processus mémoire infecté(s):

    (Aucun élément nuisible détecté)

     

    Module(s) mémoire infecté(s):

    (Aucun élément nuisible détecté)

     

    Clé(s) du Registre infectée(s):

    (Aucun élément nuisible détecté)

     

    Valeur(s) du Registre infectée(s):

    (Aucun élément nuisible détecté)

     

    Elément(s) de données du Registre infecté(s):

    (Aucun élément nuisible détecté)

     

    Dossier(s) infecté(s):

    (Aucun élément nuisible détecté)

     

    Fichier(s) infecté(s):

    (Aucun élément nuisible détecté)

     

      Citation
    Logfile of random's system information tool 1.06 (written by random/random)

    Run by Claude at 2009-06-27 17:35:24

    Microsoft Windows XP Professionnel Service Pack 2

    System drive C: has 9 GB (31%) free of 30 GB

    Total RAM: 511 MB (51% free)

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:35:30, on 2009-06-27

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\Winamp\winampa.exe

    C:\WINDOWS\system32\CTHELPER.EXE

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\Claude\Bureau\RSIT.exe

    C:\Program Files\trend micro\Claude.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

    O23 - Service: 90467A66 - Unknown owner - C:\WINDOWS\system32\90467A66.exe

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: DE3A4BB5 - Unknown owner - C:\WINDOWS\system32\DE3A4BB5.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: LQPDB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe

    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: OOXJGQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe

    O23 - Service: QDAIPWCHCREU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe

     

    --

    End of file - 5160 bytes

     

    ======Scheduled tasks folder======

     

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

    C:\WINDOWS\tasks\User_Feed_Synchronization-{E92107B0-4FCC-4557-AC7C-B82121FEF231}.job

     

    ======Registry dump======

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-17 320920]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-17 34816]

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

    "nwiz"=nwiz.exe /install []

    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]

    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

    "WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]

    "DevconDefaultDB"=C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS []

    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

    "SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-01-14 61440]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

    C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

    C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

    C:\Program Files\BitTorrent\bittorrent.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

    C:\Program Files\DNA\btdna.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

    C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]

    C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

    C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    C:\Program Files\iTunes\iTunesHelper.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

    C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

    C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

    C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-26 548864]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

    C:\Program Files\Microsoft LifeCam\LifeExp.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    C:\Program Files\Messenger\msmsgs.exe /background []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

    C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe /install []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]

    C:\Program Files\Saitek\Software\Profiler.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    C:\Program Files\QuickTime\qttask.exe -atboottime []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]

    C:\Program Files\Saitek\Software\SaiSmart.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

    C:\WINDOWS\MIDIDef.exe [2002-01-14 61440]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-17 136600]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

    C:\Program Files\SweetIM\Messenger\SweetIM.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

    C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

    C:\WINDOWS\vVX1000.exe [2007-04-10 709992]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

    C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]

    C:\PROGRA~1\BRODER~1\PRINTM~1\PMremind.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude^Menu Démarrer^Programmes^Démarrage^FMZilla.lnk]

    C:\PROGRA~1\FREEMU~1\FMZilla.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk]

    C:\PROGRA~1\FREEMU~1\FMZilla.exe []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "WMPNetworkSvc"=3

    "WLSetupSvc"=3

    "usnjsvc"=3

    "StarWindServiceAE"=2

    "ose"=3

    "odserv"=3

    "NVSvc"=2

    "Nero BackItUp Scheduler 4.0"=2

    "MSCamSvc"=2

    "JavaQuickStarterService"=2

    "iPod Service"=3

    "InCDsrv"=2

    "idsvc"=3

    "IDriverT"=3

    "FLEXnet Licensing Service"=3

    "Bonjour Service"=2

    "avast! Web Scanner"=3

    "avast! Mail Scanner"=3

    "avast! Antivirus"=2

    "aswUpdSv"=2

    "Apple Mobile Device"=2

    "ACDaemon"=2

     

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

    Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=323

    "MemCheckBoxInRunDlg"=1

    "NoSMBalloonTip"=1

    "NoDesktopCleanupWizard"=1

    "NoWelcomeScreen"=1

    "NoAutoUpdate"=1

    "NoDriveAutoRun"=67108863

    "NoDrives"=0

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "HonorAutoRunSetting"=

    "NoDriveAutoRun"=

    "NoDriveTypeAutoRun"=

    "NoDrives"=

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

     

    ======List of files/folders created in the last 1 months======

     

    2009-06-27 16:53:37 ----D---- C:\Program Files\trend micro

    2009-06-27 16:53:35 ----D---- C:\rsit

    2009-06-27 15:45:03 ----A---- C:\WINDOWS\system32\90467A66.exe

    2009-06-24 21:01:36 ----A---- C:\WINDOWS\system32\DE3A4BB5.exe

    2009-06-24 19:41:52 ----D---- C:\WINDOWS\ERUNT

    2009-06-24 19:38:40 ----D---- C:\SDFix

    2009-06-24 07:47:07 ----SHD---- C:\RECYCLER

    2009-06-24 07:47:00 ----SD---- C:\ComboFix

    2009-06-24 07:46:59 ----A---- C:\WINDOWS\system32\CF25764.exe

    2009-06-24 07:32:47 ----A---- C:\WINDOWS\wininit.ini

    2009-06-24 06:48:37 ----D---- C:\WINDOWS\temp

    2009-06-24 06:48:35 ----A---- C:\ComboFix.txt

    2009-06-24 06:08:21 ----SHD---- C:\WINDOWS\CSC

    2009-06-24 05:21:28 ----A---- C:\WINDOWS\ntbtlog.txt

    2009-06-24 05:19:22 ----A---- C:\Boot.bak

    2009-06-24 05:19:17 ----RASHD---- C:\cmdcons

    2009-06-24 05:03:30 ----A---- C:\resultat.txt

    2009-06-24 04:20:30 ----D---- C:\WINDOWS\system32\NtmsData

    2009-06-24 00:53:06 ----A---- C:\WINDOWS\NIRCMD.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\zip.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWXCACLS.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWSC.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWREG.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\sed.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\PEV.exe

    2009-06-24 00:53:05 ----A---- C:\WINDOWS\grep.exe

    2009-06-24 00:52:04 ----D---- C:\WINDOWS\ERDNT

    2009-06-24 00:51:59 ----D---- C:\Qoobox

    2009-06-23 22:02:03 ----D---- C:\Program Files\Avira

    2009-06-23 22:02:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

    2009-06-23 20:43:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\SFMS32.DLL

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\sfman32.dll

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\REGPLIB.EXE

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\PIAPROXY.DLL

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\KILLAPPS.EXE

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\KILL.INI

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\EAXAC3.DLL

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\READREG.EXE

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\PSCONV.EXE

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\MIDIDEF.EXE

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\DEVREG.DLL

    2009-06-23 13:42:55 ----AC---- C:\WINDOWS\CTDCRES.DLL

    2009-06-23 13:42:55 ----A---- C:\WINDOWS\system32\OpenAL32.dll

    2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTSPKHLP.DLL

    2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTSBLFX.DLL

    2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTOSUSER.DLL

    2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTHELPER.EXE

    2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTEMUPIA.DLL

    2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTDPROXY.DLL

    2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTDEVCON.DLL

    2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTASIO.DLL

    2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTAGENT.DLL

    2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\COMMONFX.DLL

    2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\AC3API.DLL

    2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxinsa64.exe

    2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxhpinst.exe

    2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxcpya64.exe

    2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxafs.dll

    2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\vxblock.dll

    2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxwave.dll

    2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxsfs.dll

    2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxmas.dll

    2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxdrv.dll

    2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\px.dll

    2009-06-23 12:19:43 ----D---- C:\Program Files\Winamp

    2009-06-23 12:19:43 ----D---- C:\Documents and Settings\Claude\Application Data\Winamp

    2009-06-23 12:12:55 ----D---- C:\Documents and Settings\Claude\Application Data\Opera

    2009-06-23 09:07:18 ----D---- C:\Documents and Settings\Claude\Application Data\AVS4YOU

    2009-06-23 09:06:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU

    2009-06-23 08:46:14 ----D---- C:\Program Files\Safari

    2009-06-23 08:45:29 ----D---- C:\Program Files\Bonjour

    2009-06-23 08:45:09 ----D---- C:\Program Files\Apple Software Update

    2009-06-23 08:44:33 ----D---- C:\Program Files\Opera

    2009-06-23 08:43:53 ----A---- C:\WINDOWS\system32\lfpng13n.dll

    2009-06-23 08:43:52 ----A---- C:\WINDOWS\system32\lfgif13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltkrn13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltimg13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltfil13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltefx13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltdis13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\lfcmp13n.dll

    2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\lfbmp13n.dll

    2009-06-23 08:38:48 ----D---- C:\Program Files\Fichiers communs\AVSMedia

    2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\msvcr70.dll

    2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\msvcp70.dll

    2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\mfc70.dll

    2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\GdiPlus.dll

    2009-06-23 08:38:47 ----D---- C:\Program Files\AVS4YOU

    2009-06-22 12:24:49 ----D---- C:\Program Files\Realtek AC97

    2009-06-22 09:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

    2009-06-21 23:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

    2009-06-21 23:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

    2009-06-21 23:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

    2009-06-21 23:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$

    2009-06-21 22:59:14 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

    2009-06-21 22:47:17 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

    2009-06-21 22:47:11 ----D---- C:\Program Files\MSXML 6.0

    2009-06-21 22:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

    2009-06-21 22:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

    2009-06-21 22:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

    2009-06-21 22:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

    2009-06-21 22:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

    2009-06-21 22:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$

    2009-06-21 22:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

    2009-06-21 22:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

    2009-06-21 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

    2009-06-21 22:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$

    2009-06-21 22:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$

    2009-06-21 22:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$

    2009-06-21 22:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$

    2009-06-21 22:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$

    2009-06-21 22:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$

    2009-06-21 22:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$

    2009-06-21 22:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$

    2009-06-21 22:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$

    2009-06-21 22:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$

    2009-06-21 22:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$

    2009-06-21 22:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$

    2009-06-21 22:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$

    2009-06-21 22:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$

    2009-06-21 22:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$

    2009-06-21 22:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$

    2009-06-21 22:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$

    2009-06-21 22:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$

    2009-06-21 22:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$

    2009-06-21 22:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

    2009-06-21 22:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$

    2009-06-21 22:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$

    2009-06-21 22:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$

    2009-06-21 22:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$

    2009-06-21 22:37:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$

    2009-06-21 22:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$

    2009-06-21 22:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$

    2009-06-21 22:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$

    2009-06-21 22:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$

    2009-06-21 22:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$

    2009-06-21 22:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$

    2009-06-21 22:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$

    2009-06-21 22:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$

    2009-06-21 22:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$

    2009-06-21 22:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$

    2009-06-21 21:02:47 ----HD---- C:\WINDOWS\msdownld.tmp

    2009-06-21 21:02:14 ----D---- C:\WINDOWS\ie8updates

    2009-06-21 21:01:47 ----A---- C:\WINDOWS\imsins.BAK

    2009-06-21 21:00:53 ----HDC---- C:\WINDOWS\ie8

    2009-06-21 09:06:45 ----D---- C:\Program Files\Fichiers communs\Logishrd

    2009-06-21 09:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd

    2009-06-21 08:58:08 ----D---- C:\Program Files\CCleaner

    2009-06-21 08:44:16 ----D---- C:\Program Files\IDETOOL

    2009-06-21 08:25:41 ----D---- C:\Program Files\VIA

    2009-06-21 07:50:21 ----D---- C:\Program Files\SystemRequirementsLab

    2009-06-21 07:50:09 ----D---- C:\Documents and Settings\Claude\Application Data\SystemRequirementsLab

    2009-06-21 07:33:08 ----D---- C:\WINDOWS\Prefetch

    2009-06-20 20:38:35 ----D---- C:\Program Files\CyberDBS Key Grabber 4.0

    2009-06-20 20:36:59 ----D---- C:\Program Files\CyberDBS Key Grabber 4.1

    2009-06-20 01:37:47 ----D---- C:\Program Files\PhotoFiltre Studio

    2009-06-20 01:28:39 ----A---- C:\WINDOWS\system32\ChCfg.exe

    2009-06-20 01:27:54 ----A---- C:\WINDOWS\system32\RTLCPL.exe

    2009-06-20 01:27:52 ----A---- C:\WINDOWS\soundman.exe

    2009-06-20 01:27:51 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll

    2009-06-20 01:27:50 ----A---- C:\WINDOWS\alcupd.exe

    2009-06-20 01:27:50 ----A---- C:\WINDOWS\Alcrmv.exe

    2009-06-19 22:54:32 ----D---- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver

    2009-06-19 22:54:30 ----D---- C:\Documents and Settings\Claude\Application Data\InstallShield

    2009-06-19 22:53:29 ----D---- C:\WINDOWS\Drivers

    2009-06-19 22:12:49 ----D---- C:\Program Files\ma-config.com

    2009-06-19 22:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

    2009-06-19 21:55:18 ----D---- C:\Documents and Settings\Claude\Application Data\Mozilla

    2009-06-19 21:54:06 ----D---- C:\Program Files\Mozilla Firefox

    2009-06-19 20:55:47 ----D---- C:\Documents and Settings\Claude\Application Data\Malwarebytes

    2009-06-19 20:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2009-06-19 20:55:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

    2009-06-19 19:55:59 ----A---- C:\WINDOWS\RTacDbg.txt

    2009-06-19 19:54:54 ----D---- C:\WINDOWS\OPTIONS

    2009-06-19 19:54:54 ----D---- C:\Program Files\TRENDnet

     

    ======List of files/folders modified in the last 1 months======

     

    2009-06-27 16:58:11 ----D---- C:\WINDOWS\system32\drivers

    2009-06-27 16:53:37 ----D---- C:\Program Files

    2009-06-27 16:48:19 ----D---- C:\WINDOWS\system32\CatRoot2

    2009-06-27 16:47:53 ----D---- C:\WINDOWS

    2009-06-27 16:20:23 ----A---- C:\WINDOWS\SchedLgU.Txt

    2009-06-27 15:46:25 ----D---- C:\WINDOWS\system32

    2009-06-27 14:33:48 ----HD---- C:\WINDOWS\inf

    2009-06-24 19:43:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2009-06-24 15:52:34 ----D---- C:\WINDOWS\Microsoft.NET

    2009-06-24 14:46:01 ----D---- C:\Documents and Settings\Claude\Application Data\GameHouse

    2009-06-24 14:29:37 ----SHD---- C:\WINDOWS\Installer

    2009-06-24 14:29:36 ----HD---- C:\Config.Msi

    2009-06-24 06:45:37 ----A---- C:\WINDOWS\system.ini

    2009-06-24 06:43:05 ----D---- C:\WINDOWS\system32\config

    2009-06-24 06:41:04 ----D---- C:\WINDOWS\AppPatch

    2009-06-24 06:41:02 ----D---- C:\Program Files\Fichiers communs

    2009-06-24 06:08:28 ----D---- C:\Documents and Settings

    2009-06-24 05:19:23 ----RASH---- C:\boot.ini

    2009-06-23 22:01:31 ----D---- C:\WINDOWS\WinSxS

    2009-06-23 20:36:44 ----RD---- C:\WINDOWS\Web

    2009-06-23 20:36:40 ----D---- C:\WINDOWS\SHELLNEW

    2009-06-23 13:47:07 ----HD---- C:\Program Files\InstallShield Installation Information

    2009-06-23 13:43:17 ----D---- C:\WINDOWS\system32\Defaults

    2009-06-23 13:42:30 ----D---- C:\WINDOWS\Media

    2009-06-23 12:13:06 ----D---- C:\Documents and Settings\Claude\Application Data\Apple Computer

    2009-06-23 08:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

    2009-06-23 08:45:20 ----SD---- C:\WINDOWS\Tasks

    2009-06-23 08:43:42 ----SD---- C:\WINDOWS\Downloaded Program Files

    2009-06-23 08:22:39 ----D---- C:\Downloads

    2009-06-23 08:14:37 ----SHD---- C:\System Volume Information

    2009-06-23 08:14:37 ----D---- C:\WINDOWS\system32\Restore

    2009-06-22 22:30:38 ----D---- C:\WINDOWS\system32\Macromed

    2009-06-22 12:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

    2009-06-22 09:39:01 ----D---- C:\WINDOWS\system32\CatRoot

    2009-06-22 09:38:29 ----HD---- C:\WINDOWS\$hf_mig$

    2009-06-21 23:40:29 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

    2009-06-21 23:37:15 ----D---- C:\WINDOWS\system32\wbem

    2009-06-21 23:37:15 ----D---- C:\WINDOWS\msagent

    2009-06-21 23:19:02 ----RSD---- C:\WINDOWS\assembly

    2009-06-21 23:14:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

    2009-06-21 23:09:46 ----RSD---- C:\WINDOWS\Fonts

    2009-06-21 23:09:36 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

    2009-06-21 23:08:43 ----D---- C:\Program Files\Microsoft Works

    2009-06-21 23:05:28 ----AC---- C:\WINDOWS\win.ini

    2009-06-21 22:59:01 ----D---- C:\WINDOWS\system32\XPSViewer

    2009-06-21 22:58:40 ----D---- C:\WINDOWS\system32\mui

    2009-06-21 22:52:17 ----D---- C:\WINDOWS\system32\en-us

    2009-06-21 22:49:13 ----D---- C:\Program Files\Internet Explorer

    2009-06-21 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

    2009-06-21 22:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

    2009-06-21 22:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

    2009-06-21 22:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

    2009-06-21 22:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

    2009-06-21 22:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

    2009-06-21 22:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

    2009-06-21 22:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

    2009-06-21 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

    2009-06-21 22:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

    2009-06-21 22:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

    2009-06-21 22:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

    2009-06-21 22:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

    2009-06-21 22:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

    2009-06-21 22:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

    2009-06-21 22:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

    2009-06-21 21:06:21 ----D---- C:\WINDOWS\system32\fr-fr

    2009-06-21 21:06:20 ----D---- C:\WINDOWS\Help

    2009-06-21 20:57:30 ----D---- C:\WINDOWS\Debug

    2009-06-21 10:25:26 ----D---- C:\WINDOWS\nview

    2009-06-21 08:52:22 ----D---- C:\Program Files\Windows Media Connect 2

    2009-06-21 08:52:20 ----D---- C:\Program Files\lg_fwupdate

    2009-06-21 08:44:16 ----A---- C:\AUTOEXEC.BAT

    2009-06-21 07:56:24 ----D---- C:\WINDOWS\security

    2009-06-21 07:32:51 ----D---- C:\WINDOWS\system32\Setup

    2009-06-21 07:32:49 ----D---- C:\Program Files\Messenger

    2009-06-21 07:20:54 ----D---- C:\WINDOWS\system32\usmt

    2009-06-21 07:20:48 ----D---- C:\WINDOWS\system32\oobe

    2009-06-21 07:20:47 ----D---- C:\WINDOWS\system32\npp

    2009-06-21 07:18:39 ----D---- C:\WINDOWS\system32\Com

    2009-06-21 07:16:27 ----D---- C:\WINDOWS\system

    2009-06-21 07:16:27 ----D---- C:\WINDOWS\srchasst

    2009-06-21 07:16:25 ----D---- C:\WINDOWS\PeerNet

    2009-06-21 07:16:18 ----D---- C:\WINDOWS\ime

    2009-06-21 07:16:10 ----D---- C:\Program Files\Windows Media Player

    2009-06-21 07:16:10 ----D---- C:\Program Files\Outlook Express

    2009-06-21 07:16:08 ----D---- C:\Program Files\NetMeeting

    2009-06-21 07:15:28 ----D---- C:\Program Files\Fichiers communs\System

    2009-06-21 07:15:11 ----D---- C:\WINDOWS\system32\inetsrv

    2009-06-21 07:15:11 ----D---- C:\WINDOWS\system32\fr

    2009-06-21 07:15:09 ----D---- C:\WINDOWS\system32\bits

    2009-06-21 07:15:00 ----D---- C:\WINDOWS\network diagnostic

    2009-06-21 07:15:00 ----D---- C:\WINDOWS\l2schemas

    2009-06-21 07:15:00 ----D---- C:\WINDOWS\ehome

    2009-06-21 07:15:00 ----D---- C:\Program Files\movie maker

    2009-06-20 21:14:53 ----SD---- C:\Documents and Settings\Claude\Application Data\Microsoft

    2009-06-20 14:54:43 ----D---- C:\Program Files\HP

    2009-06-20 14:54:05 ----D---- C:\Program Files\Nestopia RPlus!

    2009-06-20 14:52:44 ----D---- C:\Program Files\Windows Live

    2009-06-20 14:46:03 ----DC---- C:\WINDOWS\system32\DRVSTORE

    2009-06-20 09:02:12 ----D---- C:\Documents and Settings\Claude\Application Data\dvdcss

    2009-06-20 05:54:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP

    2009-06-20 05:42:33 ----D---- C:\Program Files\Fichiers communs\Designer

    2009-06-20 05:39:45 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

    2009-06-20 05:39:45 ----D---- C:\Program Files\Fichiers communs\Adobe

    2009-06-20 05:37:54 ----D---- C:\Documents and Settings\Claude\Application Data\Adobe

    2009-06-20 05:35:40 ----D---- C:\Program Files\Adobe

    2009-06-20 05:34:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

    2009-06-19 21:45:45 ----AC---- C:\WINDOWS\NeroDigital.ini

    2009-06-19 20:17:50 ----D---- C:\Program Files\Google

    2009-06-19 19:58:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google

    2009-06-19 19:57:44 ----D---- C:\WINDOWS\system32\LogFiles

    2009-06-19 19:56:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

    2009-06-01 09:51:14 ----AC---- C:\WINDOWS\system32\MRT.exe

     

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-01-09 41600]

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]

    R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]

    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-23 28520]

    R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []

    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-19 21035]

    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

    R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-07-26 9600]

    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]

    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]

    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]

    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-07-26 12288]

    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-01 47360]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-06-26 335104]

    R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []

    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]

    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2005-07-26 14848]

    S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

    S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []

    S3 ancnwq9f;ancnwq9f; C:\WINDOWS\system32\drivers\ancnwq9f.sys []

    S3 catchme;catchme; \??\C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys []

    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-07-26 17024]

    S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]

    S3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2005-07-26 3712]

    S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]

    S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]

    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2005-07-26 283904]

    S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2005-07-26 6912]

    S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]

    S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2005-07-26 27165]

    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]

    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]

    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]

    S3 mbr;mbr; \??\C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys []

    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-07-26 5504]

    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-07-26 85376]

    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2005-07-26 10880]

    S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]

    S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]

    S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []

    S3 SaiHFF0C;SaiHFF0C; C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]

    S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-06 15616]

    S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-06 26752]

    S3 SaiUFF0C;SaiUFF0C; C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]

    S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []

    S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2005-07-26 36480]

    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2005-07-26 11136]

    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2005-07-26 15360]

    S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []

    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2005-07-26 59264]

    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]

    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-07-26 19328]

    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

     

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-23 108289]

    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-23 185089]

    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

    S3 90467A66;90467A66; C:\WINDOWS\system32\90467A66.exe [2009-06-27 6656]

    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

    S3 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

    S3 DE3A4BB5;DE3A4BB5; C:\WINDOWS\system32\DE3A4BB5.exe [2009-06-24 6656]

    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

    S3 LQPDB;LQPDB; C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe [2009-06-24 400256]

    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]

    S3 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

    S3 OOXJGQ;OOXJGQ; C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe [2009-06-27 453504]

    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

    S3 QDAIPWCHCREU;QDAIPWCHCREU; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe [2009-06-24 437120]

    S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

    S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe []

    S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

    S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

    S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]

    S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-17 152984]

    S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]

    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []

    S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

     

    -----------------EOF-----------------

     

      Citation
    info.txt logfile of random's system information tool 1.06 2009-06-27 17:35:33

     

    ======Uninstall list======

     

    -->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /L:FRN

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x40c

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x40c /remove

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c /remove

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x40c

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x40c /remove

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c /remove

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

    ConvertXtoDVD 3.3.4.106e-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"

    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

    Correctif pour Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"

    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

    Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

    CyberDBS Key Grabber 4.0-->"C:\Program Files\CyberDBS Key Grabber 4.0\unins000.exe"

    CyberDBS Key Grabber 4.1-->"C:\Program Files\CyberDBS Key Grabber 4.1\unins000.exe"

    DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"

    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

    HijackThis 2.0.2-->"C:\Documents and Settings\Claude\Mes documents\HijackThis.exe" /uninstall

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

    InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL

    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

    Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

    K-Lite Mega Codec Pack 4.4.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"

    Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}

    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}

    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}

    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}

    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

    Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

    Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

    Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

    Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

    Nero MediaHome 4-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-019C-TTET-880Z-5PUM-6XA2-5MEC-35WM"

    Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

    Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

    PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

    PrintMaster ClickArt-->C:\WINDOWS\UNIN040C.EXE -f"C:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"

    ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe

    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

    REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x40C

    Safari-->MsiExec.exe /I{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29}

    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

    Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG

    Sound Blaster Live!-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x40c

    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

    The Font Thing-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher\The Font Thing\DeIsL1.isu" -c"C:\Program Files\Fisher\The Font Thing\_ISREG32.DLL"

    TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}

    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

    Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}

    Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}

    VIA Bus Master Ultra ATA Driver (Remove)-->RunDll32 VIAIDECO.dll,UninstallIDE

    VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

    Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

    Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

     

    ======Hosts File======

     

    127.0.0.1 localhost

     

    ======Security center information======

     

    AV: AntiVir Desktop

     

    ======System event log======

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 26

    Message: Application popup :  : Machine Check: Regs

     

    Record Number: 154

    Source Name: Application Popup

    Time Written: 20090620143231.000000-240

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 26

    Message: Application popup :  : Machine Check:

     

    Record Number: 153

    Source Name: Application Popup

    Time Written: 20090620143231.000000-240

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 26

    Message: Application popup :  : Machine Check: Regs

     

    Record Number: 152

    Source Name: Application Popup

    Time Written: 20090620143231.000000-240

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 26

    Message: Application popup :  : Machine Check:

     

    Record Number: 151

    Source Name: Application Popup

    Time Written: 20090620143231.000000-240

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 26

    Message: Application popup :  : Machine Check: Regs

     

    Record Number: 150

    Source Name: Application Popup

    Time Written: 20090620143231.000000-240

    Event Type: Informations

    User:

     

    =====Application event log=====

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 1002

    Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré.

     

    Record Number: 1462

    Source Name: Winlogon

    Time Written: 20090116183137.000000-300

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 701

    Message: MsnMsgr (2632) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

     

    Record Number: 1461

    Source Name: ESENT

    Time Written: 20090116180057.000000-300

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 700

    Message: MsnMsgr (2632) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

     

    Record Number: 1460

    Source Name: ESENT

    Time Written: 20090116180057.000000-300

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 701

    Message: MsnMsgr (2632) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

     

    Record Number: 1459

    Source Name: ESENT

    Time Written: 20090116170057.000000-300

    Event Type: Informations

    User:

     

    Computer Name: XPSP2-8AA5A695E

    Event Code: 700

    Message: MsnMsgr (2632) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

     

    Record Number: 1458

    Source Name: ESENT

    Time Written: 20090116170057.000000-300

    Event Type: Informations

    User:

     

    ======Environment variables======

     

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

    "windir"=%SystemRoot%

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "PROCESSOR_ARCHITECTURE"=x86

    "PROCESSOR_LEVEL"=6

    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD

    "PROCESSOR_REVISION"=0800

    "NUMBER_OF_PROCESSORS"=1

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

     

    -----------------EOF-----------------

  10. Salut tout le monde,

     

    Je ne sais pas de quoi il s'agit, mais mon ordi gèles très souvent et j'ai la fenêtre de ReadReg.exe qui apparais quelques secondes au démarrage de windows. Cependant, je ne vois rien dans le rapport Hijackthis....

     

      Citation
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:53:02, on 2009-06-27

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\Winamp\winampa.exe

    C:\WINDOWS\system32\CTHELPER.EXE

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\IDETOOL\IDETOOL.EXE

    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Live\Contacts\wlcomm.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Safari\Safari.exe

    C:\Documents and Settings\Claude\Mes documents\wolfounette.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

    O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

    O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE

    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

    O23 - Service: 90467A66 - Unknown owner - C:\WINDOWS\system32\90467A66.exe

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: DE3A4BB5 - Unknown owner - C:\WINDOWS\system32\DE3A4BB5.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

    O23 - Service: LQPDB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe

    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: OOXJGQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe

    O23 - Service: QDAIPWCHCREU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe

     

    --

    End of file - 5443 bytes

  11. Bonjour tout le monde,

     

    Je sais que ce n'est probablement pas grand chose, mais j'ai un problème à l'ouverture d'Internet Explorer depuis que j'ai désinstallé le SP3. À chaque fois que j'essaye d'aller sur une page web, quelle qu'elle soit, Windows Update inclus, je reçois toujours le même message d'erreur suivant:

    epn3pv.png

     

    J'ai déjà Firefox et la restauration système était désactivée quand j'ai supprimé le SP3.

     

    Merci beaucoup d'avance.

  12. Salut tout le monde,

     

    Voici mon problème aujourd'hui, je suis chez mon père et ses deux pcs étaient infectés par Antivirus 2009. J'ai réussi à me débarasser de la plaie sur le premier en faisant scanner l'antivirus qui était déjà installé (Avast) ça m'as permis de supprimer une partie de l'infection et de pouvoir aller télécharger Antivir et MBAM. Sur celui sur lequel je me trouves présentement cependant, je ne suis pas capable d'aller sur aucun site d'antivirus, ni sur malekal, en fait je suis très surprise de pouvoir me connecter ici. Une chance que je peux parce que sinon je n'aurais pas pu télécharger Antivir. Je le configures et puis je le fais scanner, je verrais ce que ça donnes, et bien entendu j'ai besoin de vos conseils.

     

    Merci d'avance.

  13. C'est sur que ça va mieux aller avec les logs... ^^' Oui oui encore moi, comme je lis pleins de trucs sur la manière dont les malwares infectes le système, je finis toujours par regarder ce qui se trouves sur mon pc et probablement que je paniques pour rien au fond^^'. J'ai trouvés deux drivers bizarres aussi dans ma base de registre (j'y ai pas touché, juste regardé comment c'est fait) Isdrv122 qui selon ce que j'ai trouvé sur google, est pas très très gentil et MchInjDrv.sys, lui non plus pas très très gentil comme j'ai pu voir. Voici les clés de registre, suivies des logs Gmer.

     

    - HKEY_LOCAL_MACHINE\CurrentControlSet\SYSTEM\Enum\Root\LEGACY_ISDRV122

    - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_MCHINJDRV

     

      Citation
    MODE NORMAL

     

    GMER 1.0.14.14536 - http://www.gmer.net

    Rootkit scan 2008-11-13 22:24:44

    Windows 5.1.2600 Service Pack 3

     

     

    ---- System - GMER 1.0.14 ----

     

    SSDT F904D71C ZwCreateThread

    SSDT F904D708 ZwOpenProcess

    SSDT F904D70D ZwOpenThread

    SSDT F904D717 ZwTerminateProcess

    SSDT F904D712 ZwWriteVirtualMemory

     

    ---- User code sections - GMER 1.0.14 ----

     

    .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1604] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

     

    ---- Devices - GMER 1.0.14 ----

     

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

     

    ---- Files - GMER 1.0.14 ----

     

    File C:\Documents and Settings\Usager\Local Settings\Temporary Internet Files\Content.IE5\KL63OXA3\videoByTag[4].xml 0 bytes

     

    ---- EOF - GMER 1.0.14 ----

     

    Comme le log en mode sans échec est trop long pour pouvoir le poster ici, voici le lien pour le voir: http://www.woofiles.com/dl-181364-S64fcW9M-gmer.log

  14. Je ne peux plus me connecter à internet en utilisant Opera maintenant et on dirais que même si il dis être à jour que mon antivirus (Antivir) ne détectes aucun virus... j'ai fait scanner un fichier sur virustotal et j'ai eu 26/35 comme détection, Antivir détectais le fichier comme un downloader mais quand j'ai fait scanner le dit fichier par antivir sur mon pc il n'as rien vu....

  15.   Citation
    Log.txt

     

    Logfile of random's system information tool 1.02 (written by random/random)

    Run by Usager at 2008-10-06 02:55:12

    Microsoft Windows XP Professionnel Service Pack 3

    System drive C: has 23 GB (79%) free of 29 GB

    Total RAM: 639 MB (47% free)

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 02:59:19, on 2008-10-06

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Documents and Settings\Usager\Bureau\RSIT.exe

    C:\Program Files\trend micro\Usager.exe

     

    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

     

    --

    End of file - 1490 bytes

     

    ======Scheduled tasks folder======

     

    C:\WINDOWS\tasks\Schedule Task Weekly.job

     

    ======Registry dump======

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

    C:\WINDOWS\system32\

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    C:\WINDOWS\system32\

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    C:\WINDOWS\system32\

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "NoSecCPL"=0

    "NoDispCPL"=0

    "NoDispScrSavPage"=0

    "NoDispAppearancePage"=0

    "NoDispSettingsPage"=0

    "NoDevMgrPage"=0

    "NoConfigPage"=0

    "NoVirtMemPage"=0

    "NoFileSysPage"=0

    "NoNetSetup"=0

    "NoNetSetupIDPage"=0

    "NoNetSetupSecurityPage"=0

    "NoWorkgroupContents"=0

    "NoEntireNetwork"=0

    "NoFileSharingControl"=0

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDrives"=0

    "NoDesktop"=0

    "NoFolderOptions"=0

    "RestrictRun"=0

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=

    "NoDrives"=

    "NoDriveAutoRun"=

    "NoFolderOptions"=

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "G:\eMule\emule.exe"="G:\eMule\emule.exe:*:Enabled:eMule"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

     

    ======List of files/folders created in the last 1 months======

     

    2008-10-05 22:54:37 ----D---- C:\Documents and Settings\Usager\Application Data\Help

    2008-10-05 02:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google

    2008-10-05 02:30:17 ----D---- C:\Program Files\Google

    2008-10-05 02:29:12 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

    2008-10-04 12:49:47 ----D---- C:\WINDOWS\system32\NtmsData

    2008-10-04 02:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

    2008-10-03 17:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

    2008-09-30 17:50:09 ----A---- C:\iaa23_multi.exe

    2008-09-30 12:53:36 ----HD---- C:\WINDOWS\PIF

    2008-09-30 02:54:01 ----D---- C:\Program Files\Registry Easy

    2008-09-29 23:32:30 ----SHD---- C:\RECYCLER

    2008-09-29 21:29:04 ----A---- C:\ComboFix.txt

    2008-09-29 20:55:29 ----D---- C:\WINDOWS\erdnt

    2008-09-29 20:53:28 ----D---- C:\QooBox

    2008-09-29 20:52:41 ----A---- C:\WINDOWS\Nircmd.exe

    2008-09-29 20:52:40 ----A---- C:\WINDOWS\zip.exe

    2008-09-29 20:52:40 ----A---- C:\WINDOWS\swreg.exe

    2008-09-29 20:52:40 ----A---- C:\WINDOWS\grep.exe

    2008-09-29 20:52:39 ----A---- C:\WINDOWS\VFind.exe

    2008-09-29 20:52:39 ----A---- C:\WINDOWS\swxcacls.exe

    2008-09-29 20:52:39 ----A---- C:\WINDOWS\SWSC.exe

    2008-09-29 20:52:39 ----A---- C:\WINDOWS\sed.exe

    2008-09-29 20:52:39 ----A---- C:\WINDOWS\fdsv.exe

    2008-09-29 20:45:48 ----N---- C:\WINDOWS\SDUnInst.exe

    2008-09-29 20:45:42 ----D---- C:\Program Files\Software by Design

    2008-09-29 17:40:36 ----D---- C:\Program Files\trend micro

    2008-09-29 11:36:32 ----A---- C:\WINDOWS\system32\o4Patch.exe

    2008-09-29 11:36:31 ----A---- C:\WINDOWS\system32\IEDFix.C.exe

    2008-09-29 11:36:30 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe

    2008-09-29 11:36:29 ----A---- C:\WINDOWS\system32\404Fix.exe

    2008-09-29 11:36:28 ----A---- C:\WINDOWS\system32\VACFix.exe

    2008-09-29 11:36:27 ----A---- C:\WINDOWS\system32\IEDFix.exe

    2008-09-29 11:36:26 ----A---- C:\WINDOWS\system32\WS2Fix.exe

    2008-09-29 11:36:25 ----A---- C:\WINDOWS\system32\VCCLSID.exe

    2008-09-29 11:36:23 ----A---- C:\WINDOWS\system32\dumphive.exe

    2008-09-29 11:36:22 ----A---- C:\WINDOWS\system32\SrchSTS.exe

    2008-09-29 11:36:20 ----A---- C:\WINDOWS\system32\Process.exe

    2008-09-28 18:59:45 ----D---- C:\WINDOWS\Sun

    2008-09-28 18:54:33 ----D---- C:\rsit

    2008-09-28 13:58:40 ----D---- C:\getservice

    2008-09-28 13:42:48 ----A---- C:\WINDOWS\gmer.ini

    2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd

    2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer.dll

    2008-09-28 13:42:43 ----A---- C:\WINDOWS\gmer.exe

    2008-09-28 13:28:20 ----A---- C:\fixnavi.txt

    2008-09-28 12:40:00 ----A---- C:\WINDOWS\system32\tmp.txt

    2008-09-28 10:59:59 ----D---- C:\WINDOWS\CSC

    2008-09-28 10:49:09 ----A---- C:\rapport.txt

    2008-09-28 07:47:59 ----D---- C:\9297595297c71119df7abe

    2008-09-28 07:40:08 ----D---- C:\WINDOWS\Prefetch

    2008-09-28 05:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$

    2008-09-28 05:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

    2008-09-28 05:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

    2008-09-28 05:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

    2008-09-28 04:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

    2008-09-28 04:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

    2008-09-28 04:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

    2008-09-28 04:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

    2008-09-28 04:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

    2008-09-28 04:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

    2008-09-28 04:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

    2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\fr-fr

    2008-09-28 03:32:10 ----D---- C:\WINDOWS\l2schemas

    2008-09-28 03:32:02 ----D---- C:\WINDOWS\system32\fr

    2008-09-28 03:31:57 ----D---- C:\WINDOWS\system32\bits

    2008-09-28 03:16:19 ----D---- C:\Program Files\Navilog1

    2008-09-28 03:00:42 ----D---- C:\WINDOWS\ServicePackFiles

    2008-09-28 01:52:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

    2008-09-27 12:08:48 ----D---- C:\Program Files\CCleaner

    2008-09-27 02:41:21 ----D---- C:\Documents and Settings\Usager\Application Data\Malwarebytes

    2008-09-27 02:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2008-09-26 23:53:42 ----A---- C:\WINDOWS\NeroDigital.ini

    2008-09-26 09:44:46 ----D---- C:\Program Files\Mozilla Firefox

    2008-09-25 23:04:22 ----D---- C:\Program Files\Trillian

    2008-09-25 22:26:06 ----D---- C:\Documents and Settings\Usager\Application Data\Media Player Classic

    2008-09-25 18:16:38 ----A---- C:\WINDOWS\system32\unrar.dll

    2008-09-25 18:15:52 ----A---- C:\WINDOWS\system32\msvcp71.dll

    2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\unicows.dll

    2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\cpuinf32.dll

    2008-09-25 18:15:18 ----A---- C:\WINDOWS\system32\oeminfo.ini

    2008-09-25 18:10:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll

    2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXRA7.dll

    2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXR7.dll

    2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXpr7.dll

    2008-09-25 18:09:59 ----N---- C:\WINDOWS\system32\ImagX7.dll

    2008-09-25 18:09:58 ----A---- C:\WINDOWS\system32\NeroCheck.exe

    2008-09-25 18:09:51 ----D---- C:\Program Files\Fichiers communs\Ahead

    2008-09-25 18:09:50 ----D---- C:\Program Files\Ahead

    2008-09-25 18:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

    2008-09-25 17:24:58 ----D---- C:\Program Files\MSXML 4.0

    2008-09-25 16:48:41 ----D---- C:\Program Files\Microsoft

    2008-09-25 16:44:12 ----D---- C:\Program Files\Fichiers communs\Windows Live

    2008-09-25 16:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier

    2008-09-25 16:38:00 ----A---- C:\WINDOWS\zllsputility_loc040c.dll

    2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll

    2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll

    2008-09-25 16:37:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll

    2008-09-25 16:37:44 ----A---- C:\WINDOWS\zllsputility.exe

    2008-09-25 16:37:43 ----A---- C:\WINDOWS\system32\SpOrder.dll

    2008-09-25 16:35:42 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll

    2008-09-25 16:35:41 ----A---- C:\WINDOWS\system32\vsregexp.dll

    2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcommdb.dll

    2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcomm.dll

    2008-09-25 16:35:23 ----A---- C:\WINDOWS\system32\vswmi.dll

    2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\zpeng24.dll

    2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\vsxml.dll

    2008-09-25 16:35:17 ----D---- C:\WINDOWS\system32\ZoneLabs

    2008-09-25 16:35:17 ----D---- C:\Program Files\Zone Labs

    2008-09-25 16:35:17 ----A---- C:\WINDOWS\system32\vspubapi.dll

    2008-09-25 16:35:16 ----A---- C:\WINDOWS\system32\vsmonapi.dll

    2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsinit.dll

    2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsdata.dll

    2008-09-25 16:33:51 ----D---- C:\WINDOWS\Internet Logs

    2008-09-25 16:33:51 ----A---- C:\WINDOWS\system32\vsutil.dll

    2008-09-25 16:31:46 ----D---- C:\Program Files\Windows Live

    2008-09-25 12:06:27 ----D---- C:\Program Files\Spybot - Search & Destroy

    2008-09-25 12:06:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2008-09-25 02:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$

    2008-09-25 01:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$

    2008-09-25 01:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$

    2008-09-25 01:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

    2008-09-25 01:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$

    2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\WMAFile.dll

    2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\AudioInfos.dll

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\SSubTmr6.dll

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\inetfr.DLL

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\AudFile.dll

    2008-09-25 00:44:24 ----A---- C:\WINDOWS\system32\VB6FR.DLL

    2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL

    2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL

    2008-09-25 00:44:22 ----A---- C:\WINDOWS\system32\msxml4r.dll

    2008-09-25 00:44:21 ----A---- C:\WINDOWS\system32\msxml4a.dll

    2008-09-24 17:59:26 ----D---- C:\Documents and Settings\Usager\Application Data\MSNInstaller

    2008-09-24 17:55:49 ----D---- C:\WINDOWS\system32\appmgmt

    2008-09-24 17:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$

    2008-09-24 17:53:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

    2008-09-24 17:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$

    2008-09-24 17:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$

    2008-09-24 17:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$

    2008-09-24 17:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$

    2008-09-24 17:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$

    2008-09-24 17:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$

    2008-09-24 17:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$

    2008-09-24 17:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$

    2008-09-24 17:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$

    2008-09-24 17:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$

    2008-09-24 17:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$

    2008-09-24 17:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$

    2008-09-24 17:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$

    2008-09-24 17:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$

    2008-09-24 17:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$

    2008-09-24 17:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$

    2008-09-24 17:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$

    2008-09-24 17:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$

    2008-09-24 17:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$

    2008-09-24 17:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$

    2008-09-24 17:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$

    2008-09-24 17:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$

    2008-09-24 14:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$

    2008-09-24 14:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$

    2008-09-24 14:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$

    2008-09-24 14:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$

    2008-09-24 14:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$

    2008-09-24 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$

    2008-09-24 14:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$

    2008-09-24 14:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$

    2008-09-24 14:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$

    2008-09-24 14:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$

    2008-09-24 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$

    2008-09-24 14:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$

    2008-09-24 14:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$

    2008-09-24 14:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$

    2008-09-24 14:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$

    2008-09-24 14:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$

    2008-09-24 14:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$

    2008-09-24 14:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$

    2008-09-24 14:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$

    2008-09-24 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$

    2008-09-24 14:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$

    2008-09-24 14:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$

    2008-09-24 14:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$

    2008-09-24 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$

    2008-09-24 14:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$

    2008-09-24 14:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$

    2008-09-24 14:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$

    2008-09-24 14:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$

    2008-09-24 14:08:30 ----N---- C:\WINDOWS\system32\difxapi.dll

    2008-09-24 14:08:29 ----D---- C:\Program Files\VIA

    2008-09-24 14:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$

    2008-09-24 14:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$

    2008-09-24 14:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$

    2008-09-24 14:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$

    2008-09-24 14:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$

    2008-09-24 14:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$

    2008-09-24 14:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$

    2008-09-24 14:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$

    2008-09-24 14:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$

    2008-09-24 14:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$

    2008-09-24 14:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$

    2008-09-24 14:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$

    2008-09-24 14:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$

    2008-09-24 14:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$

    2008-09-24 14:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$

    2008-09-24 14:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$

    2008-09-24 14:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$

    2008-09-24 14:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$

    2008-09-24 14:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$

    2008-09-24 13:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$

    2008-09-24 13:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$

    2008-09-24 13:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$

    2008-09-24 11:36:06 ----D---- C:\Documents and Settings\Usager\Application Data\Apple Computer

    2008-09-24 11:35:21 ----A---- C:\WINDOWS\system32\GEARAspi.dll

    2008-09-24 11:30:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

    2008-09-24 11:28:35 ----DC---- C:\WINDOWS\system32\DRVSTORE

    2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\muweb.dll

    2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

    2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll

    2008-09-23 19:56:20 ----SHD---- C:\WINDOWS\ftpcache

    2008-09-23 15:16:45 ----D---- C:\Documents and Settings\Usager\Application Data\LimeWire

    2008-09-23 14:19:38 ----A---- C:\WINDOWS\winamp.ini

    2008-09-23 14:09:37 ----D---- C:\Documents and Settings\Usager\Application Data\Desktop Maestro

    2008-09-23 11:47:35 ----A---- C:\WINDOWS\system32\wmpns.dll

    2008-09-23 11:01:55 ----HD---- C:\WINDOWS\system32\GroupPolicy

    2008-09-23 10:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools

    2008-09-23 10:07:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

    2008-09-23 10:07:19 ----D---- C:\Program Files\Registry Mechanic

    2008-09-23 09:03:25 ----D---- C:\WINDOWS\Minidump

    2008-09-23 08:52:03 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

    2008-09-23 08:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller

    2008-09-22 22:25:21 ----D---- C:\Documents and Settings\Usager\Application Data\Opera

    2008-09-22 22:24:28 ----D---- C:\Program Files\Opera

    2008-09-21 23:43:06 ----N---- C:\WINDOWS\system32\ati2sgag.exe

    2008-09-21 23:42:20 ----D---- C:\Program Files\ATI Technologies

    2008-09-21 23:42:05 ----HD---- C:\Program Files\InstallShield Installation Information

    2008-09-21 23:40:32 ----D---- C:\Program Files\Fichiers communs\InstallShield

    2008-09-21 23:39:36 ----D---- C:\ATI

    2008-09-21 23:37:53 ----A---- C:\WINDOWS\CTRegRun.exe

    2008-09-21 23:36:58 ----D---- C:\WINDOWS\system32\ReinstallBackups

    2008-09-21 23:36:38 ----A---- C:\WINDOWS\SBWIN.INI

    2008-09-21 23:36:29 ----A---- C:\WINDOWS\system32\Ahqcpres.dll

    2008-09-21 23:35:56 ----D---- C:\Program Files\Creative

    2008-09-21 23:35:55 ----A---- C:\WINDOWS\IsUninst.exe

    2008-09-21 23:29:30 ----D---- C:\Program Files\ma-config.com

    2008-09-21 23:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

    2008-09-21 21:05:21 ----D---- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio

    2008-09-21 21:00:39 ----D---- C:\Program Files\ReflexiveArcade

    2008-09-21 20:57:25 ----D---- C:\Documents and Settings\Usager\Application Data\Gaijin Ent

    2008-09-21 20:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

    2008-09-21 20:54:56 ----D---- C:\Program Files\BFG

    2008-09-21 20:50:09 ----D---- C:\Documents and Settings\Usager\Application Data\WinRAR

    2008-09-21 04:03:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

    2008-09-20 13:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$

    2008-09-20 13:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$

    2008-09-20 13:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$

    2008-09-20 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$

    2008-09-20 13:19:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

    2008-09-20 13:18:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

    2008-09-20 13:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$

    2008-09-20 13:17:27 ----N---- C:\WINDOWS\system32\xmllite.dll

    2008-09-20 13:14:34 ----A---- C:\WINDOWS\system32\MRT.exe

    2008-09-20 13:14:22 ----D---- C:\WINDOWS\network diagnostic

    2008-09-20 13:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$

    2008-09-20 13:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$

    2008-09-20 13:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$

    2008-09-20 13:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$

    2008-09-20 13:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$

    2008-09-20 13:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

    2008-09-20 13:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$

    2008-09-20 13:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$

    2008-09-20 13:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$

    2008-09-20 13:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$

    2008-09-20 13:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$

    2008-09-20 13:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

    2008-09-20 01:48:08 ----D---- C:\WINDOWS\system32\PreInstall

    2008-09-20 01:48:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe

    2008-09-20 01:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

    2008-09-20 01:47:16 ----N---- C:\WINDOWS\system32\spmsg.dll

    2008-09-20 01:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$

    2008-09-20 01:47:12 ----HD---- C:\WINDOWS\$hf_mig$

    2008-09-19 23:31:22 ----D---- C:\Documents and Settings\Usager\Application Data\Macromedia

    2008-09-19 23:31:21 ----D---- C:\Documents and Settings\Usager\Application Data\Adobe

    2008-09-19 23:28:13 ----D---- C:\Program Files\PhotoFiltre Studio

    2008-09-19 23:27:06 ----D---- C:\Program Files\WinRAR

    2008-09-19 23:13:46 ----A---- C:\WINDOWS\iun6002.exe

    2008-09-19 16:28:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution

    2008-09-19 11:30:51 ----D---- C:\Documents and Settings\Usager\Application Data\Mozilla

    2008-09-19 11:28:49 ----D---- C:\Program Files\Fichiers communs\Adobe

    2008-09-19 11:28:49 ----D---- C:\Program Files\Adobe

    2008-09-19 11:17:11 ----D---- C:\Program Files\Avira

    2008-09-19 11:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

    2008-09-19 10:49:47 ----A---- C:\WINDOWS\system32\sfman32.dll

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\sblfx.dll

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devldr32.exe

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devcon32.dll

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\ctwdm32.dll

    2008-09-19 07:38:37 ----A---- C:\WINDOWS\system32\atiraged.dll

     

    ======List of files/folders modified in the last 1 months======

     

    2008-10-06 02:37:26 ----D---- C:\Program Files\Fichiers communs\Services

    2008-10-06 01:55:27 ----D---- C:\WINDOWS\Temp

    2008-10-05 23:09:23 ----D---- C:\WINDOWS\system32\CatRoot2

    2008-10-05 22:54:58 ----A---- C:\WINDOWS\win.ini

    2008-10-05 22:51:29 ----D---- C:\WINDOWS\system32\drivers

    2008-10-05 18:47:41 ----A---- C:\WINDOWS\SchedLgU.Txt

    2008-10-05 16:13:28 ----HD---- C:\WINDOWS\inf

    2008-10-05 03:01:53 ----SHD---- C:\WINDOWS\Installer

    2008-10-05 02:59:02 ----RD---- C:\Program Files

    2008-10-05 02:59:02 ----D---- C:\Program Files\Fichiers communs

    2008-10-04 14:37:47 ----D---- C:\WINDOWS

    2008-10-04 13:23:18 ----D---- C:\WINDOWS\system32\CatRoot

    2008-10-04 13:23:16 ----D---- C:\WINDOWS\system32

    2008-10-04 00:49:03 ----A---- C:\WINDOWS\system.ini

    2008-10-03 18:44:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2008-10-03 18:26:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    2008-09-30 02:54:19 ----SD---- C:\WINDOWS\Tasks

    2008-09-30 01:31:41 ----D---- C:\WINDOWS\Debug

    2008-09-29 21:10:32 ----D---- C:\WINDOWS\AppPatch

    2008-09-29 20:53:47 ----SHD---- C:\System Volume Information

    2008-09-29 20:53:47 ----D---- C:\WINDOWS\system32\Restore

    2008-09-28 13:24:46 ----RD---- C:\WINDOWS\Web

    2008-09-28 07:38:48 ----D---- C:\WINDOWS\system32\Setup

    2008-09-28 07:38:46 ----D---- C:\WINDOWS\system32\wbem

    2008-09-28 07:38:44 ----RSD---- C:\WINDOWS\Fonts

    2008-09-28 04:47:12 ----D---- C:\Program Files\Messenger

    2008-09-28 04:47:01 ----D---- C:\WINDOWS\security

    2008-09-28 03:48:09 ----D---- C:\WINDOWS\WinSxS

    2008-09-28 03:40:37 ----D---- C:\Program Files\Windows Media Player

    2008-09-28 03:40:06 ----D---- C:\WINDOWS\Help

    2008-09-28 03:36:12 ----D---- C:\WINDOWS\ehome

    2008-09-28 03:35:49 ----D---- C:\WINDOWS\system32\inetsrv

    2008-09-28 03:35:41 ----D---- C:\WINDOWS\ime

    2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\usmt

    2008-09-28 03:32:20 ----D---- C:\Program Files\Internet Explorer

    2008-09-28 03:31:57 ----D---- C:\WINDOWS\PeerNet

    2008-09-28 03:31:53 ----D---- C:\Program Files\Movie Maker

    2008-09-28 02:58:25 ----D---- C:\WINDOWS\system32\npp

    2008-09-28 02:58:12 ----D---- C:\WINDOWS\msagent

    2008-09-28 02:58:03 ----D---- C:\WINDOWS\srchasst

    2008-09-28 02:57:55 ----D---- C:\Program Files\NetMeeting

    2008-09-28 02:57:48 ----D---- C:\WINDOWS\system32\Com

    2008-09-28 02:57:35 ----D---- C:\Program Files\Windows NT

    2008-09-28 02:57:35 ----D---- C:\Program Files\Outlook Express

    2008-09-28 02:57:12 ----D---- C:\Program Files\Fichiers communs\System

    2008-09-28 02:53:58 ----D---- C:\WINDOWS\system32\oobe

    2008-09-28 02:52:36 ----D---- C:\WINDOWS\system

    2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\Usager\Application Data\Microsoft

    2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

    2008-09-26 03:54:41 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

    2008-09-25 23:32:41 ----D---- C:\WINDOWS\SoftwareDistribution

    2008-09-25 16:46:09 ----D---- C:\WINDOWS\pchealth

    2008-09-25 12:59:19 ----D---- C:\Program Files\MSN

    2008-09-23 11:00:18 ----D---- C:\WINDOWS\system32\config

    2008-09-23 10:34:29 ----SD---- C:\WINDOWS\Downloaded Program Files

    2008-09-23 09:56:56 ----RASH---- C:\boot.ini

    2008-09-21 23:36:30 ----D---- C:\WINDOWS\Media

    2008-09-19 11:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

     

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]

    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

    R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []

    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]

    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

    R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]

    R3 DLH5X;Pilote NT de carte à base D-Link DL10050; C:\WINDOWS\system32\DRIVERS\DLH5XND5.sys [2001-08-17 26698]

    R3 emu10k;Creative SB Live! series(WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]

    R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]

    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

    R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]

    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

    S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 46848]

    S3 atirage;atirage; C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-23 70784]

    S3 azt2320;Pilote audio Aztech 2320 (WDM); C:\WINDOWS\system32\drivers\aztw2320.sys [2001-08-17 36992]

    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

    S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-28 85969]

    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

    S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]

    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

     

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]

    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]

    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]

    S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]

     

    -----------------EOF-----------------

     

     

     

      Citation
    Info.txt

     

    info.txt logfile of random's system information tool 1.02 2008-09-29 17:44:06

     

    ======Uninstall list======

     

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

    AudioHQ-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"

    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}

    Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}

    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

    eMule-->"G:\eMule\Uninstall.exe"

    Hidden Expedition Titanic-->G:\jeux\hidden expedition titanic\Uninstal.exe

    Hide And Secret-->"G:\jeux\Hide And Secret\ReflexiveArcade\unins000.exe"

    HijackThis 2.0.2-->"F:\setups\Sécurité\HijackThis.exe" /uninstall

    Insaniquarium Deluxe 1.0-->C:\WINDOWS\iun6002.exe "G:\jeux\irunin.ini"

    Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

    Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}

    Mah Jong Quest-->"G:\jeux\Mah Jong Quest\unins000.exe"

    Mahjong Towers II-->C:\WINDOWS\iun6002.exe "G:\jeux\Mahjong Towers II\irunin.ini"

    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

    Mystery Case Files - Ravenhearst (remove only)-->G:\jeux\Mystery Case Files - Ravenhearst\Uninstall.exe

    Navilog1 3.6.5-->"C:\Program Files\Navilog1\unins000.exe"

    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}

    PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

    Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall

    VIA Le gestionnaire du dispositif de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

     

    ======Hosts File======

     

    127.0.0.1 www.007guard.com

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 www.008k.com

    127.0.0.1 008k.com

    127.0.0.1 www.00hq.com

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 www.032439.com

    127.0.0.1 032439.com

     

    ======Security center information======

     

    AV: Avira AntiVir PersonalEdition

    FW: ZoneAlarm Firewall

     

    ======Environment variables======

     

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

    "windir"=%SystemRoot%

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "PROCESSOR_ARCHITECTURE"=x86

    "PROCESSOR_LEVEL"=6

    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 5, GenuineIntel

    "PROCESSOR_REVISION"=0605

    "NUMBER_OF_PROCESSORS"=1

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "tvdumpflags"=8

     

    -----------------EOF-----------------

  16. Hum je n'ai plus de redirections en ouvrant internet explorer, mais je n'ai aucune icones à côté de l'horloge et je suis toujours incapable d'installer MSN Live Messenger et IE7. Voici un nouveau rapport Hijackthis

     

      Citation
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 03:06:03, on 2008-10-05

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe

    C:\Documents and Settings\Usager\Bureau\arria.exe

     

    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     

    --

    End of file - 1531 bytes

     

    Je me demandais ce qu'est la ligne 018... ?

  17. Voici les rapports de RSIT

     

      Citation
    Logfile of random's system information tool 1.02 (written by random/random)

    Run by Usager at 2008-09-29 17:40:32

    Microsoft Windows XP Professionnel Service Pack 3

    System drive C: has 23 GB (78%) free of 29 GB

    Total RAM: 639 MB (51% free)

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:43:39, on 2008-09-29

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Opera\opera.exe

    C:\Documents and Settings\Usager\Bureau\RSIT.exe

    C:\Program Files\trend micro\Usager.exe

     

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     

    --

    End of file - 3722 bytes

     

    ======Registry dump======

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-01-29 501384]

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

    C:\WINDOWS\system32\

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    C:\WINDOWS\system32\

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    C:\WINDOWS\system32\

     

    C:\Documents and Settings\Usager\Menu Démarrer\Programmes\Démarrage

    Trillian.lnk - C:\Program Files\Trillian\trillian.exe

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=145

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "G:\eMule\emule.exe"="G:\eMule\emule.exe:*:Enabled:eMule"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

    "G:\LimeWire\LimeWire.exe"="G:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

     

    ======List of files/folders created in the last 1 months======

     

    2008-09-29 17:40:36 ----D---- C:\Program Files\trend micro

    2008-09-29 11:36:32 ----A---- C:\WINDOWS\system32\o4Patch.exe

    2008-09-29 11:36:31 ----A---- C:\WINDOWS\system32\IEDFix.C.exe

    2008-09-29 11:36:30 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe

    2008-09-29 11:36:29 ----A---- C:\WINDOWS\system32\404Fix.exe

    2008-09-29 11:36:28 ----A---- C:\WINDOWS\system32\VACFix.exe

    2008-09-29 11:36:27 ----A---- C:\WINDOWS\system32\IEDFix.exe

    2008-09-29 11:36:26 ----A---- C:\WINDOWS\system32\WS2Fix.exe

    2008-09-29 11:36:25 ----A---- C:\WINDOWS\system32\VCCLSID.exe

    2008-09-29 11:36:24 ----A---- C:\WINDOWS\system32\swxcacls.exe

    2008-09-29 11:36:23 ----A---- C:\WINDOWS\system32\dumphive.exe

    2008-09-29 11:36:22 ----A---- C:\WINDOWS\system32\swsc.exe

    2008-09-29 11:36:22 ----A---- C:\WINDOWS\system32\SrchSTS.exe

    2008-09-29 11:36:20 ----A---- C:\WINDOWS\system32\swreg.exe

    2008-09-29 11:36:20 ----A---- C:\WINDOWS\system32\Process.exe

    2008-09-28 20:50:00 ----D---- C:\WINDOWS\LastGood

    2008-09-28 18:59:45 ----D---- C:\WINDOWS\Sun

    2008-09-28 18:54:33 ----D---- C:\rsit

    2008-09-28 13:58:40 ----D---- C:\getservice

    2008-09-28 13:42:48 ----A---- C:\WINDOWS\gmer.ini

    2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd

    2008-09-28 13:42:44 ----A---- C:\WINDOWS\gmer.dll

    2008-09-28 13:42:43 ----A---- C:\WINDOWS\gmer.exe

    2008-09-28 13:28:20 ----A---- C:\fixnavi.txt

    2008-09-28 12:40:00 ----A---- C:\WINDOWS\system32\tmp.txt

    2008-09-28 10:59:59 ----D---- C:\WINDOWS\CSC

    2008-09-28 10:59:37 ----A---- C:\WINDOWS\ntbtlog.txt

    2008-09-28 10:49:09 ----A---- C:\rapport.txt

    2008-09-28 08:02:10 ----D---- C:\2bf411e5c9bd4bac97bdf6ef

    2008-09-28 07:47:59 ----D---- C:\9297595297c71119df7abe

    2008-09-28 07:43:47 ----A---- C:\WINDOWS\OEWABLog.txt

    2008-09-28 07:40:08 ----D---- C:\WINDOWS\Prefetch

    2008-09-28 05:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$

    2008-09-28 05:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

    2008-09-28 05:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

    2008-09-28 05:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

    2008-09-28 04:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

    2008-09-28 04:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

    2008-09-28 04:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

    2008-09-28 04:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

    2008-09-28 04:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

    2008-09-28 04:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

    2008-09-28 04:43:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

    2008-09-28 04:10:04 ----A---- C:\WINDOWS\setuplog.txt

    2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\fr-fr

    2008-09-28 03:32:10 ----D---- C:\WINDOWS\l2schemas

    2008-09-28 03:32:02 ----D---- C:\WINDOWS\system32\fr

    2008-09-28 03:31:57 ----D---- C:\WINDOWS\system32\bits

    2008-09-28 03:16:19 ----D---- C:\Program Files\Navilog1

    2008-09-28 03:00:42 ----D---- C:\WINDOWS\ServicePackFiles

    2008-09-28 01:52:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

    2008-09-27 23:50:14 ----D---- C:\c5a40d4938989864c712edd096c5

    2008-09-27 12:08:48 ----D---- C:\Program Files\CCleaner

    2008-09-27 02:41:21 ----D---- C:\Documents and Settings\Usager\Application Data\Malwarebytes

    2008-09-27 02:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2008-09-27 02:40:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

    2008-09-26 23:53:42 ----A---- C:\WINDOWS\NeroDigital.ini

    2008-09-26 09:44:46 ----D---- C:\Program Files\Mozilla Firefox

    2008-09-25 23:04:22 ----D---- C:\Program Files\Trillian

    2008-09-25 22:26:06 ----D---- C:\Documents and Settings\Usager\Application Data\Media Player Classic

    2008-09-25 18:16:38 ----A---- C:\WINDOWS\system32\unrar.dll

    2008-09-25 18:15:52 ----A---- C:\WINDOWS\system32\msvcp71.dll

    2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\unicows.dll

    2008-09-25 18:15:51 ----A---- C:\WINDOWS\system32\cpuinf32.dll

    2008-09-25 18:15:18 ----A---- C:\WINDOWS\system32\oeminfo.ini

    2008-09-25 18:10:03 ----A---- C:\WINDOWS\system32\TwnLib20.dll

    2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXRA7.dll

    2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXR7.dll

    2008-09-25 18:10:00 ----N---- C:\WINDOWS\system32\ImagXpr7.dll

    2008-09-25 18:09:59 ----N---- C:\WINDOWS\system32\ImagX7.dll

    2008-09-25 18:09:58 ----A---- C:\WINDOWS\system32\NeroCheck.exe

    2008-09-25 18:09:51 ----D---- C:\Program Files\Fichiers communs\Ahead

    2008-09-25 18:09:50 ----D---- C:\Program Files\Ahead

    2008-09-25 18:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

    2008-09-25 17:24:58 ----D---- C:\Program Files\MSXML 4.0

    2008-09-25 16:48:41 ----D---- C:\Program Files\Microsoft

    2008-09-25 16:44:12 ----D---- C:\Program Files\Fichiers communs\Windows Live

    2008-09-25 16:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier

    2008-09-25 16:38:00 ----A---- C:\WINDOWS\zllsputility_loc040c.dll

    2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll

    2008-09-25 16:38:00 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll

    2008-09-25 16:37:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll

    2008-09-25 16:37:44 ----A---- C:\WINDOWS\zllsputility.exe

    2008-09-25 16:37:43 ----A---- C:\WINDOWS\system32\SpOrder.dll

    2008-09-25 16:35:42 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll

    2008-09-25 16:35:41 ----A---- C:\WINDOWS\system32\vsregexp.dll

    2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcommdb.dll

    2008-09-25 16:35:35 ----A---- C:\WINDOWS\system32\zlcomm.dll

    2008-09-25 16:35:23 ----A---- C:\WINDOWS\system32\vswmi.dll

    2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\zpeng24.dll

    2008-09-25 16:35:20 ----A---- C:\WINDOWS\system32\vsxml.dll

    2008-09-25 16:35:17 ----D---- C:\WINDOWS\system32\ZoneLabs

    2008-09-25 16:35:17 ----D---- C:\Program Files\Zone Labs

    2008-09-25 16:35:17 ----A---- C:\WINDOWS\system32\vspubapi.dll

    2008-09-25 16:35:16 ----A---- C:\WINDOWS\system32\vsmonapi.dll

    2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsinit.dll

    2008-09-25 16:33:52 ----A---- C:\WINDOWS\system32\vsdata.dll

    2008-09-25 16:33:51 ----D---- C:\WINDOWS\Internet Logs

    2008-09-25 16:33:51 ----A---- C:\WINDOWS\system32\vsutil.dll

    2008-09-25 16:31:46 ----D---- C:\Program Files\Windows Live

    2008-09-25 12:06:27 ----D---- C:\Program Files\Spybot - Search & Destroy

    2008-09-25 12:06:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2008-09-25 02:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$

    2008-09-25 01:59:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$

    2008-09-25 01:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$

    2008-09-25 01:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

    2008-09-25 01:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$

    2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\WMAFile.dll

    2008-09-25 00:44:26 ----A---- C:\WINDOWS\system32\AudioInfos.dll

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\SSubTmr6.dll

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\inetfr.DLL

    2008-09-25 00:44:25 ----A---- C:\WINDOWS\system32\AudFile.dll

    2008-09-25 00:44:24 ----A---- C:\WINDOWS\system32\VB6FR.DLL

    2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL

    2008-09-25 00:44:23 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL

    2008-09-25 00:44:22 ----A---- C:\WINDOWS\system32\msxml4r.dll

    2008-09-25 00:44:21 ----A---- C:\WINDOWS\system32\msxml4a.dll

    2008-09-24 17:59:26 ----D---- C:\Documents and Settings\Usager\Application Data\MSNInstaller

    2008-09-24 17:55:49 ----D---- C:\WINDOWS\system32\appmgmt

    2008-09-24 17:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$

    2008-09-24 17:53:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

    2008-09-24 17:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$

    2008-09-24 17:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$

    2008-09-24 17:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$

    2008-09-24 17:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$

    2008-09-24 17:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$

    2008-09-24 17:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$

    2008-09-24 17:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$

    2008-09-24 17:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$

    2008-09-24 17:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$

    2008-09-24 17:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$

    2008-09-24 17:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$

    2008-09-24 17:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$

    2008-09-24 17:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$

    2008-09-24 17:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$

    2008-09-24 17:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$

    2008-09-24 17:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$

    2008-09-24 17:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$

    2008-09-24 17:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$

    2008-09-24 17:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$

    2008-09-24 17:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$

    2008-09-24 17:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$

    2008-09-24 17:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$

    2008-09-24 14:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$

    2008-09-24 14:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$

    2008-09-24 14:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$

    2008-09-24 14:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$

    2008-09-24 14:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$

    2008-09-24 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$

    2008-09-24 14:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$

    2008-09-24 14:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$

    2008-09-24 14:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$

    2008-09-24 14:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$

    2008-09-24 14:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$

    2008-09-24 14:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$

    2008-09-24 14:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$

    2008-09-24 14:17:39 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$

    2008-09-24 14:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$

    2008-09-24 14:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$

    2008-09-24 14:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$

    2008-09-24 14:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$

    2008-09-24 14:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$

    2008-09-24 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$

    2008-09-24 14:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$

    2008-09-24 14:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$

    2008-09-24 14:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$

    2008-09-24 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$

    2008-09-24 14:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$

    2008-09-24 14:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$

    2008-09-24 14:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$

    2008-09-24 14:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$

    2008-09-24 14:08:30 ----N---- C:\WINDOWS\system32\difxapi.dll

    2008-09-24 14:08:29 ----D---- C:\Program Files\VIA

    2008-09-24 14:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$

    2008-09-24 14:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$

    2008-09-24 14:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$

    2008-09-24 14:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$

    2008-09-24 14:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$

    2008-09-24 14:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$

    2008-09-24 14:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$

    2008-09-24 14:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$

    2008-09-24 14:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$

    2008-09-24 14:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$

    2008-09-24 14:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$

    2008-09-24 14:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$

    2008-09-24 14:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$

    2008-09-24 14:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$

    2008-09-24 14:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$

    2008-09-24 14:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$

    2008-09-24 14:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$

    2008-09-24 14:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$

    2008-09-24 14:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$

    2008-09-24 13:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$

    2008-09-24 13:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$

    2008-09-24 13:58:42 ----A---- C:\WINDOWS\imsins.BAK

    2008-09-24 13:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$

    2008-09-24 11:36:06 ----D---- C:\Documents and Settings\Usager\Application Data\Apple Computer

    2008-09-24 11:35:21 ----A---- C:\WINDOWS\system32\GEARAspi.dll

    2008-09-24 11:30:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

    2008-09-24 11:28:35 ----DC---- C:\WINDOWS\system32\DRVSTORE

    2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\muweb.dll

    2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

    2008-09-23 22:10:31 ----A---- C:\WINDOWS\system32\mucltui.dll

    2008-09-23 19:56:20 ----SHD---- C:\WINDOWS\ftpcache

    2008-09-23 15:16:45 ----D---- C:\Documents and Settings\Usager\Application Data\LimeWire

    2008-09-23 14:19:38 ----A---- C:\WINDOWS\winamp.ini

    2008-09-23 14:09:37 ----D---- C:\Documents and Settings\Usager\Application Data\Desktop Maestro

    2008-09-23 11:47:35 ----A---- C:\WINDOWS\system32\wmpns.dll

    2008-09-23 11:01:55 ----HD---- C:\WINDOWS\system32\GroupPolicy

    2008-09-23 10:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools

    2008-09-23 10:07:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

    2008-09-23 10:07:19 ----D---- C:\Program Files\Registry Mechanic

    2008-09-23 09:03:25 ----D---- C:\WINDOWS\Minidump

    2008-09-23 08:52:03 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

    2008-09-23 08:50:40 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller

    2008-09-22 22:25:21 ----D---- C:\Documents and Settings\Usager\Application Data\Opera

    2008-09-22 22:24:28 ----D---- C:\Program Files\Opera

    2008-09-21 23:43:06 ----N---- C:\WINDOWS\system32\ati2sgag.exe

    2008-09-21 23:42:20 ----D---- C:\Program Files\ATI Technologies

    2008-09-21 23:42:05 ----HD---- C:\Program Files\InstallShield Installation Information

    2008-09-21 23:40:32 ----D---- C:\Program Files\Fichiers communs\InstallShield

    2008-09-21 23:39:36 ----D---- C:\ATI

    2008-09-21 23:37:53 ----A---- C:\WINDOWS\CTRegRun.exe

    2008-09-21 23:36:58 ----D---- C:\WINDOWS\system32\ReinstallBackups

    2008-09-21 23:36:38 ----A---- C:\WINDOWS\SBWIN.INI

    2008-09-21 23:36:29 ----A---- C:\WINDOWS\system32\Ahqcpres.dll

    2008-09-21 23:35:56 ----D---- C:\Program Files\Creative

    2008-09-21 23:35:55 ----A---- C:\WINDOWS\IsUninst.exe

    2008-09-21 23:29:30 ----D---- C:\Program Files\ma-config.com

    2008-09-21 23:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

    2008-09-21 21:05:21 ----D---- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio

    2008-09-21 21:00:39 ----D---- C:\Program Files\ReflexiveArcade

    2008-09-21 20:57:25 ----D---- C:\Documents and Settings\Usager\Application Data\Gaijin Ent

    2008-09-21 20:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

    2008-09-21 20:54:56 ----D---- C:\Program Files\BFG

    2008-09-21 20:50:09 ----D---- C:\Documents and Settings\Usager\Application Data\WinRAR

    2008-09-21 04:03:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

    2008-09-20 13:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$

    2008-09-20 13:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$

    2008-09-20 13:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$

    2008-09-20 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$

    2008-09-20 13:19:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

    2008-09-20 13:18:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

    2008-09-20 13:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$

    2008-09-20 13:17:27 ----N---- C:\WINDOWS\system32\xmllite.dll

    2008-09-20 13:14:34 ----A---- C:\WINDOWS\system32\MRT.exe

    2008-09-20 13:14:22 ----D---- C:\WINDOWS\network diagnostic

    2008-09-20 13:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$

    2008-09-20 13:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$

    2008-09-20 13:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$

    2008-09-20 13:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$

    2008-09-20 13:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$

    2008-09-20 13:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

    2008-09-20 13:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$

    2008-09-20 13:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$

    2008-09-20 13:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$

    2008-09-20 13:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$

    2008-09-20 13:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$

    2008-09-20 13:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

    2008-09-20 01:48:08 ----D---- C:\WINDOWS\system32\PreInstall

    2008-09-20 01:48:06 ----A---- C:\WINDOWS\system32\spupdsvc.exe

    2008-09-20 01:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

    2008-09-20 01:47:16 ----N---- C:\WINDOWS\system32\spmsg.dll

    2008-09-20 01:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$

    2008-09-20 01:47:12 ----HD---- C:\WINDOWS\$hf_mig$

    2008-09-19 23:31:22 ----D---- C:\Documents and Settings\Usager\Application Data\Macromedia

    2008-09-19 23:31:21 ----D---- C:\Documents and Settings\Usager\Application Data\Adobe

    2008-09-19 23:28:13 ----D---- C:\Program Files\PhotoFiltre Studio

    2008-09-19 23:27:06 ----D---- C:\Program Files\WinRAR

    2008-09-19 23:13:46 ----A---- C:\WINDOWS\iun6002.exe

    2008-09-19 16:28:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution

    2008-09-19 11:30:51 ----D---- C:\Documents and Settings\Usager\Application Data\Mozilla

    2008-09-19 11:28:49 ----D---- C:\Program Files\Fichiers communs\Adobe

    2008-09-19 11:28:49 ----D---- C:\Program Files\Adobe

    2008-09-19 11:17:11 ----D---- C:\Program Files\Avira

    2008-09-19 11:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

    2008-09-19 10:49:47 ----A---- C:\WINDOWS\system32\sfman32.dll

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\sblfx.dll

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devldr32.exe

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\devcon32.dll

    2008-09-19 10:49:46 ----A---- C:\WINDOWS\system32\ctwdm32.dll

    2008-09-19 07:38:37 ----A---- C:\WINDOWS\system32\atiraged.dll

     

    ======List of files/folders modified in the last 1 months======

     

    2008-09-29 17:40:36 ----RD---- C:\Program Files

    2008-09-29 14:27:07 ----D---- C:\WINDOWS\Temp

    2008-09-29 11:54:08 ----D---- C:\WINDOWS\system32

    2008-09-28 20:57:50 ----HD---- C:\WINDOWS\inf

    2008-09-28 20:50:00 ----D---- C:\WINDOWS

    2008-09-28 20:49:55 ----D---- C:\WINDOWS\system32\CatRoot2

    2008-09-28 18:24:49 ----D---- C:\WINDOWS\system32\drivers

    2008-09-28 13:25:17 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2008-09-28 13:24:46 ----RD---- C:\WINDOWS\Web

    2008-09-28 10:58:36 ----A---- C:\WINDOWS\SchedLgU.Txt

    2008-09-28 08:02:01 ----D---- C:\WINDOWS\system32\CatRoot

    2008-09-28 07:45:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    2008-09-28 07:44:22 ----SHD---- C:\WINDOWS\Installer

    2008-09-28 07:43:16 ----D---- C:\WINDOWS\Debug

    2008-09-28 07:38:48 ----D---- C:\WINDOWS\system32\Setup

    2008-09-28 07:38:47 ----D---- C:\WINDOWS\AppPatch

    2008-09-28 07:38:46 ----D---- C:\WINDOWS\system32\wbem

    2008-09-28 07:38:44 ----RSD---- C:\WINDOWS\Fonts

    2008-09-28 04:47:12 ----D---- C:\Program Files\Messenger

    2008-09-28 04:47:01 ----D---- C:\WINDOWS\security

    2008-09-28 03:48:09 ----D---- C:\WINDOWS\WinSxS

    2008-09-28 03:40:37 ----D---- C:\Program Files\Windows Media Player

    2008-09-28 03:40:06 ----D---- C:\WINDOWS\Help

    2008-09-28 03:36:12 ----D---- C:\WINDOWS\ehome

    2008-09-28 03:35:49 ----D---- C:\WINDOWS\system32\inetsrv

    2008-09-28 03:35:41 ----D---- C:\WINDOWS\ime

    2008-09-28 03:32:39 ----D---- C:\WINDOWS\system32\usmt

    2008-09-28 03:32:20 ----D---- C:\Program Files\Internet Explorer

    2008-09-28 03:31:57 ----D---- C:\WINDOWS\PeerNet

    2008-09-28 03:31:53 ----D---- C:\Program Files\Movie Maker

    2008-09-28 02:58:27 ----D---- C:\WINDOWS\system32\Restore

    2008-09-28 02:58:25 ----D---- C:\WINDOWS\system32\npp

    2008-09-28 02:58:12 ----D---- C:\WINDOWS\msagent

    2008-09-28 02:58:03 ----D---- C:\WINDOWS\srchasst

    2008-09-28 02:57:55 ----D---- C:\Program Files\NetMeeting

    2008-09-28 02:57:48 ----D---- C:\WINDOWS\system32\Com

    2008-09-28 02:57:35 ----D---- C:\Program Files\Windows NT

    2008-09-28 02:57:35 ----D---- C:\Program Files\Outlook Express

    2008-09-28 02:57:12 ----D---- C:\Program Files\Fichiers communs\System

    2008-09-28 02:53:58 ----D---- C:\WINDOWS\system32\oobe

    2008-09-28 02:52:36 ----D---- C:\WINDOWS\system

    2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\Usager\Application Data\Microsoft

    2008-09-26 03:54:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

    2008-09-26 03:54:41 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

    2008-09-26 00:37:27 ----A---- C:\WINDOWS\win.ini

    2008-09-25 23:32:41 ----D---- C:\WINDOWS\SoftwareDistribution

    2008-09-25 18:09:51 ----D---- C:\Program Files\Fichiers communs

    2008-09-25 16:46:09 ----D---- C:\WINDOWS\pchealth

    2008-09-25 12:59:19 ----D---- C:\Program Files\MSN

    2008-09-24 22:04:12 ----SD---- C:\WINDOWS\Tasks

    2008-09-23 11:00:18 ----D---- C:\WINDOWS\system32\config

    2008-09-23 10:34:29 ----SD---- C:\WINDOWS\Downloaded Program Files

    2008-09-23 09:59:53 ----SHD---- C:\System Volume Information

    2008-09-23 09:56:56 ----RASH---- C:\boot.ini

    2008-09-21 23:36:30 ----D---- C:\WINDOWS\Media

    2008-09-19 11:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

     

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]

    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

    R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

    R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []

    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]

    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

    R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]

    R3 emu10k;Creative SB Live! series(WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]

    R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

    R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]

    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

    S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 46848]

    S3 atirage;atirage; C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-23 70784]

    S3 catchme;catchme; \??\C:\DOCUME~1\Usager\LOCALS~1\Temp\catchme.sys []

    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-28 85969]

    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    S3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]

    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]

     

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]

    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]

    R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]

    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]

     

    -----------------EOF-----------------

    Info.txt

      Citation
    info.txt logfile of random's system information tool 1.02 2008-09-29 17:44:06

     

    ======Uninstall list======

     

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

    AudioHQ-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"

    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}

    Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}

    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

    eMule-->"G:\eMule\Uninstall.exe"

    Hidden Expedition Titanic-->G:\jeux\hidden expedition titanic\Uninstal.exe

    Hide And Secret-->"G:\jeux\Hide And Secret\ReflexiveArcade\unins000.exe"

    HijackThis 2.0.2-->"F:\setups\Sécurité\HijackThis.exe" /uninstall

    Insaniquarium Deluxe 1.0-->C:\WINDOWS\iun6002.exe "G:\jeux\irunin.ini"

    Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

    Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}

    Mah Jong Quest-->"G:\jeux\Mah Jong Quest\unins000.exe"

    Mahjong Towers II-->C:\WINDOWS\iun6002.exe "G:\jeux\Mahjong Towers II\irunin.ini"

    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

    Mystery Case Files - Ravenhearst (remove only)-->G:\jeux\Mystery Case Files - Ravenhearst\Uninstall.exe

    Navilog1 3.6.5-->"C:\Program Files\Navilog1\unins000.exe"

    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}

    PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

    Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall

    VIA Le gestionnaire du dispositif de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

     

    ======Hosts File======

     

    127.0.0.1 www.007guard.com

    127.0.0.1 007guard.com

    127.0.0.1 008i.com

    127.0.0.1 www.008k.com

    127.0.0.1 008k.com

    127.0.0.1 www.00hq.com

    127.0.0.1 00hq.com

    127.0.0.1 010402.com

    127.0.0.1 www.032439.com

    127.0.0.1 032439.com

     

    ======Security center information======

     

    AV: Avira AntiVir PersonalEdition

    FW: ZoneAlarm Firewall

     

    ======Environment variables======

     

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

    "windir"=%SystemRoot%

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "PROCESSOR_ARCHITECTURE"=x86

    "PROCESSOR_LEVEL"=6

    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 5, GenuineIntel

    "PROCESSOR_REVISION"=0605

    "NUMBER_OF_PROCESSORS"=1

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "tvdumpflags"=8

     

    -----------------EOF-----------------

  18. Pour le rapport Hijackthis il est resté identique excepté qu'au lieu d'avoir

      Citation
    C:\Documents and Settings\Usager\Bureau\HiJackThis.exe
    c'est
      Citation
    C:\Documents and Settings\Usager\Bureau\arria.exe
    J'ai fait un scan sur Kapersky.com et il m'as détecté downloader.fraudload sur G:, j'ai supprimé le dossier et l'archive infectée. Pourtant j'avais scannée l'archive avant de la décompresser. J'ai regagné un peu de vitesse sur internet, mais il y a des fenêtres me disant qu'il n'y a pas de disque dans le lecteur D: qui apparaissent quand j'essayes d'ouvrir certains programmes qui n'ont jamais eu besoin de cd. Ensuite comme j'ai vu que le downloader était pour un fraudload, donc un rogue, je me suis permis de faire une recherche avec Smitfraudfix, je vous postes le rapport. Antivir a fais son scan quotidien sans rien trouver ce midi. Pourtant il est a jour....

     

    Bon je vais faire l'analyse avec RSIT et le scan sur secunia. Voici le rapport Smitfraudfix en attendant:

     

      Citation
    SmitFraudFix v2.354

     

    Rapport fait à 11:52:30,32, 2008-09-29

    Executé à partir de F:\setups\S‚curit‚\SmitfraudFix

    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

    Le type du système de fichiers est NTFS

    Fix executé en mode normal

     

    »»»»»»»»»»»»»»»»»»»»»»»» Process

     

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Documents and Settings\Usager\Bureau\arria.exe

    C:\WINDOWS\system32\cmd.exe

     

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

     

    Fichier hosts corrompu !

     

    127.0.0.1 www.legal-at-spybot.info

    127.0.0.1 legal-at-spybot.info

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Usager

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Usager\Application Data

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Usager\Favoris

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

    "Source"="About:Home"

    "SubscribedURL"="About:Home"

    "FriendlyName"="Ma page d'accueil"

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    o4Patch

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    IEDFix

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    VACFix

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    404Fix

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    AntiXPVSTFix

    Credits: Malware Analysis & Diagnostic

    Code: S!Ri

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLs"=""

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon

    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    "System"=""

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» RK

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

     

    Description: Carte Fast Ethernet PCI Kingston EtheRx KNE100TX (21143-PD) #2 - Miniport d'ordonnancement de paquets

    DNS Server Search Order: 207.164.234.129

    DNS Server Search Order: 207.164.234.193

     

    Description: Carte Fast Ethernet PCI Kingston EtheRx KNE100TX (21143-PD) #2 - Miniport d'ordonnancement de paquets

    DNS Server Search Order: 192.168.2.1

     

    Description: Carte Fast Ethernet PCI Kingston EtheRx KNE100TX (21143-PD) #2 - Miniport d'ordonnancement de paquets

    DNS Server Search Order: 192.168.2.1

     

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS3\Services\Tcpip\..\{21D928DF-0DEA-4941-A9F9-66ABCEB780C7}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS3\Services\Tcpip\..\{2B30706B-DA5D-4788-9080-A5A4B4AC656E}: DhcpNameServer=207.164.234.129 207.164.234.193

    HKLM\SYSTEM\CS3\Services\Tcpip\..\{EBFD66CB-31E2-4719-9AC4-B9D977A48146}: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

  19. Bonjour à tous,

     

    Pour résumer mon problème, c'est que mon ordinateur se comportes un peu bizarrement depuis hier, j'ai téléchargé Ice Sword et je m'amusait à regarder les diverses sections sans poser aucune action et j'ai remarqué une clef de registre zarbie (hkey_current_user -> S -> P) P contient 3 dossiers au nom composé de chiffres aléatoire qui eux contiennes tous les trois la clef MsgPrivacy mis a 0x1 et Prompt mis à 0x0. Il y a aussi 3 dossiers avec les mêmes noms qui sont apparus sur mon disque dur systeme. Ils contiennent des fichiers pour IE7, il y a plusieurs fichiers à double extension. J'ai aussi de drôles de problèmes avec Internet Explorer, je ne l'utilises qu'en cas d'ultime nécessité, ce matin quand je l'ai ouvert pour aller faire un scan en-ligne sur Kapersky je suis tombée sur une page erreur 404 qui me parraissait complètement falsifié. J'ai fermé IE et ouvert Firefox qui s'est ouvert sur sa page d'accueil habituelle, prouvant que mon accès internet était actif. Tout à l'heure j'ai ouvert IE pour examiner la page d'erreur un peu plus attentivement et je suis tombée sur http://v11 . www . msn . com. Je me doutes que c'est une redirection. Je ne vois rien d'extraordinairement anormal dans le rapport Hijackthis et mon antivirus (Antivir) et MBAM n'ont rien trouvé. Pour l'instant mis à part les problèmes avec IE que je n'utilises pas de toute manière et quelques redémarrages aléatoires aujourd'hui il n'y a pas de symptômes bien dérangeants.

     

    Voici le rapport Hijackthis

      Citation
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 18:28:41, on 2008-09-28

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Usager\Bureau\HiJackThis.exe

    F:\ProcessExplorer\procexp.exe

     

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     

    --

    End of file - 3731 bytes

  20. Salut,

     

    Voila j'ai aidé mon ami a supprimer plusieurs rogues qui étaient installés il y a 2 jours, les scans d'Antivir et Spy-bot en mode sans échec ont déclarés avoir supprimées toutes les infections, mais maintenant impossible de mettre le niveau de sécurité de IE à moyen, il se remets automatiquement à faible après le redémarrage. J'ai fait un rapport Hijackthis et il y a quelques lignes 04 qui ressemblent beaucoup à des suites de lettres aléatoires. Bon, je postes le rapport et rends le controle de l'ordinateur à son propriétaire, c'est lui qui feras le reste de la désinfection avec vous.

     

      Citation
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:54:31, on 2008-09-26

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

    C:\Program Files\Creative\Mixer\CTSVolFE.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\WINDOWS\CTHELPER.EXE

    C:\WINDOWS\system32\CTXFIHLP.EXE

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\Program Files\Dell Support Center\bin\sprtcmd.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\PSIService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\alg.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Cynthia\Bureau\HiJackThis.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=2061021

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.as...;l=FR&s=gen

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=2061021

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

    O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

    O4 - HKLM\..\Run: [jdizpvkuvetwtcpn] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\eeoirjgiaq.dll" EntryPoint

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [bM1ff7c9b1] Rundll32.exe "C:\WINDOWS\system32\hitjhuai.dll",s

    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://punkybrody.spaces.live.com//PhotoUpload/MsnPUpld.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-ab52cbf1d03f7fff.spaces.live.co...ad/MsnPUpld.cab

    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spinpalace/FlashAX.cab

    O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://us2-scripts.dlv4.com/binaries/egacc..._1073_em_XP.cab

    O20 - AppInit_DLLs: vfnfwf.dll

    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    O23 - Service: Windows Network Log (Windows Network Log Manage) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Netlog.exe (file missing)

    O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Cynthia\Bureau\Photo SKF\Cynthia En Chinois.gif

    O24 - Desktop Component 1: (no name) - http://www.bid.com/Assets/ProductImages/88...185948E08AA.jpg

     

    --

    End of file - 8022 bytes

×
×
  • Créer...