renejr902

ton dessin ne saffiche pas ( snapfile) il me dise daller sur snapfiles.com

tous les options que je peux sélectionner avec le dossier COG_Grunt_FragGrenade ne fonctionne pas. je me demande si il ny a pas eu un erreur de copie comme un corrupted file. je me souviens quil est arriver quelque chose d'étrange en le décompressant la 1ere fois. alors jai essayé de tout effacé et jai installet le jeux ailleurs sur le disque dur. le jeux fopnctionne bien dailleurs. cest vraie javais aussi effacé ceci dans vista : eower.vbs dans c:\windows mais il ny avait pas eowero dans sys32

Voici le rapport que tu mavais demandé: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:39:27, on 2008-12-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\diskkeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU) O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\diskkeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 6436 bytes

C'est fait . as tu le fichier ? en passant je suis content , la derniere version de daemon-tools fonctionne de nouveau

le fchier prend 5 megs, a cuase du .rtf ok

File C:\Documents and Settings\Rene\My Documents\Azureus Downloads\PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\GoW\Gears of War\Wargame\CookedPC\COG\COG_Characters\COG_Grunt\COG_Grunt_Accessories\COG_Grunt_FragGrenade\COG_Grunt_FragGrenade.upk 411994 bytes JE NE PEUX ENTRER DANS LE DOSSIER AU RÉSIDE CE FICHIER ! '' COG_Grunt_FragGrenade '' JE clique deux fois ca ne fait rien. Il ne veut meme pas effacer le dossier. JE peses sur la touche delete et ca fait rien du tout. Je t'Envoie un '' print screen '' de ce qui se passe lorsque je clique le bouton droit de la souris pour le supprimer, les choix sont assez etrange, surtout quil ny a pas l'option delete. le fichier sappelle : gears of war dossier.rtf il est dans le Qoobox je cherche comment annexé un fichier zip jai oublier. en passant il ny avait pas de checksum dans windows vista 64 dans le registre. jai vérifié comment tenvoyer mon fichier zip

Je vais faire ta requete, mais juste avant je veux te dire quelque chose. J'ai un dual-boot avec windows vista 64 bit. Mais j'utilise tres tres peu windows vista 64 bit, meme pas une fois par deux semaines. MAlgré tout comme hdtvdivx.exe n'avait pas réussi a terminé l'installation dans windows xp, je lavais donc installer dans windows vista 64 bit aussi. Donc a partir de ce moment , la fenetre ouvrait aussi dans windows vista 64bit. Donc jai décidé daller voir si dans windows vista 64 bit la fenetre avait disparu depuis qu'on avait corriger le probleme dans win xp, mais non, elle continuait toujours d'apparaitre. Donc j'ai fait quelque chose a ma tete, désolé... J'Ai décidé d'aller effacer tous les fichiers qu'on avait dans la liste ( killaa: que tu mavais donné pour windows xp) dans windows vista. Finalement en cherchant bien le seul fichier que jai trouvé qui existait dans vista etait cks.bat et sa ligne dans le registry. J ai donc effacé ses 2 items et rebooter. et desormais la fenetre n'apparait plus dans windows vista 64 bit. Donc j'imagine que le probleme de fenetre etait relié a cks.bat. nest ce pas ? Apres ceci jai fait un scan avec malware ( que jai updater avant le scan) et malware na rien trouvé nont plus. Est ce que jai bien fait ? ou jai fait une gaffe ? Maintenant je fait ta requete, mais je n'ai plus le fichier hdtvdivx.exe, je lai effacé il y a longtemps.

IL n'a rien trouvé: MErci mon msconfig fonctionne maintenant. JE suis tellement content !!!! MERCI !!!! Il y a til une facon de vous remercier pour l'aide qu'on a recu ici Malwarebytes' Anti-Malware 1.31 Database version: 1563 Windows 5.1.2600 Service Pack 3 2008-12-28 15:08:28 mbam-log-2008-12-28 (15-08-28).txt Scan type: Quick Scan Objects scanned: 41592 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

WOW !!! MERCI !!! LA fenetre est disparu. elle n'apparait plus quand windows boot. J'ai rebooter deux fois pour etre sûr. Je suis vraiment content 1000 fois merci MAis il y a quelque chose d'étrange, j'ai fait msconfig dans la boite ( run/executer) et il dit qu'il ne trouve pas la commande. Je voulais desactiver l'ouverture automatique de MSN a louverture de windows. Pouvez-vous m'aider a comprendre. Il me semble bien que MSCONFIG fonctionnait avant d'utiliser combofix. Mais ne vous inquieter pas trop, car je peux executer msconfig directement du dossier: C:\windows\pchealth\helpctr\binaries Est ce correct ? Merci j'attends vos réponse. De plus jaimerais savoir si il y a une facon de faire pour remercier l'aide qu'on a recu ici ? MERCI MERCI MERCI MERCI MERCI MERCI ComboFix 08-12-20.03 - Rene 2008-12-28 14:17:16.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2830 [GMT -5:00] Lancé depuis: c:\documents and settings\Rene\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Rene\Desktop\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\windows\eower.vbs c:\windows\SET9B.tmp c:\windows\SET9E.tmp c:\windows\SETAA.tmp c:\windows\system32\checksum.exe c:\windows\system32\cks.bat c:\windows\system32\eowero.vbs c:\windows\system32\rqRLeeFU.dll c:\windows\tasks\wakpqlji.job . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\eower.vbs c:\windows\SET9B.tmp c:\windows\SET9E.tmp c:\windows\SETAA.tmp c:\windows\system32\checksum.exe c:\windows\system32\cks.bat c:\windows\system32\eowero.vbs c:\windows\tasks\wakpqlji.job c:\windows\UmVuZSBNb3Jpbg ----- BITS: Il y a peut-être des sites infectés ----- hxxp://childhe.com . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_83eba970 ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 )))))))))))))))))))))))))))))))))))) . 2008-12-28 14:07 . 2008-12-28 14:07 2,560 --a------ c:\windows\_MSRSTRT.EXE 2008-12-28 06:04 . 2008-12-28 06:04 <DIR> d-------- C:\New Folder 2008-12-28 02:13 . 2008-12-28 02:36 <DIR> d-------- c:\program files\Download Direct 2008-12-27 17:49 . 2008-12-27 17:49 <DIR> d-------- C:\rsit 2008-12-27 00:28 . 2008-12-27 00:28 <DIR> d-------- c:\windows\Hidden Mysteries Buckingham Palace 2008-12-27 00:28 . 2008-12-27 00:28 <DIR> d-------- c:\program files\Hidden Mysteries Buckingham Palace 2008-12-26 21:37 . 2008-12-28 14:22 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-26 21:37 . 2008-12-28 00:01 1,409 --a------ c:\windows\QTFont.for 2008-12-26 21:16 . 2008-12-26 21:16 <DIR> d-------- C:\_OTMoveIt 2008-12-26 18:36 . 2008-12-26 21:00 <DIR> d-------- c:\program files\M3 GAME Manager 2008-12-26 14:34 . 2008-12-27 00:32 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate 2008-12-23 13:25 . 2008-12-23 13:25 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-23 00:26 . 2008-12-23 00:26 <DIR> d-------- C:\VundoFix Backups 2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settingsbkup.sfm 2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settings.sfm 2008-12-21 01:47 . 2008-12-28 14:22 4,958,588 --a------ c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK 2008-12-21 01:24 . 2008-12-21 01:24 <DIR> d-------- C:\registry 2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\windows\system32\xircom 2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\program files\microsoft frontpage 2008-12-20 15:38 . 2008-12-20 15:38 <DIR> d-------- c:\documents and settings\Rene\DoctorWeb 2008-12-20 13:46 . 2008-12-27 17:53 250 --a------ c:\windows\gmer.ini 2008-12-20 01:06 . 2008-12-26 15:43 <DIR> d-------- c:\documents and settings\Rene\Application Data\DivX 2008-12-20 01:05 . 2008-11-21 16:47 120,056 --a------ c:\windows\system32\pxcpyi64.exe 2008-12-20 01:05 . 2008-11-21 16:47 118,520 --a------ c:\windows\system32\pxinsi64.exe 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\Rene\Application Data\SUPERAntiSpyware.com 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-19 22:50 . 2008-12-19 22:50 <DIR> d-------- c:\program files\FileASSASSIN 2008-12-19 22:48 . 2008-12-19 22:49 <DIR> d-------- c:\program files\RogueRemover FREE 2008-12-15 01:39 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr 2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\program files\Lavasoft 2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-14 22:28 . 2008-12-28 14:14 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-14 22:21 . 2008-12-28 13:44 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-14 22:21 . 2008-12-14 22:21 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-14 22:21 . 2008-12-14 22:21 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-14 22:09 . 2008-04-13 23:42 49,152 --a------ c:\windows\system32\svchost.exe 2008-12-14 22:06 . 2008-12-14 22:06 <DIR> d-------- c:\program files\DAEMON Tools 2008-12-14 22:06 . 2008-12-14 22:06 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys 2008-12-14 22:03 . 2008-12-14 22:03 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-12-14 20:59 . 2008-12-28 14:21 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-14 20:59 . 2008-12-28 14:21 11,564 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-14 20:58 . 2008-12-14 20:58 <DIR> d-------- c:\program files\Creative 2008-12-14 20:34 . 2008-12-14 20:34 <DIR> d-------- c:\windows\system32\dllcache 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\WindowsShell.Manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-12-14 20:20 . 2008-12-14 20:20 <DIR> d-------- c:\windows\NV9201656.TMP 2008-12-14 20:20 . 2008-08-02 11:20 198,941 --a------ c:\windows\system32\nvapps.nvb 2008-12-14 20:17 . 2001-08-23 07:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2008-12-14 20:17 . 2001-08-23 07:00 13,312 --a------ c:\windows\system32\irclass.dll 2008-12-14 19:06 . 2008-12-14 21:40 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-12-14 18:56 . 2008-12-14 18:56 <DIR> d-------- c:\windows\Downloaded Installations 2008-12-14 18:50 . 2008-12-14 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2008-12-14 18:24 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-14 18:13 . 2008-12-14 19:45 51,056 --a------ c:\windows\setupapi.old 2008-12-14 18:01 . 2008-12-14 18:01 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN\Application Data\Malwarebytes 2008-12-14 18:01 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN 2008-12-14 17:53 . 2008-12-14 17:53 <DIR> d-------- c:\program files\Trend Micro 2008-12-14 17:29 . 2008-12-14 17:29 <DIR> d-------- c:\documents and settings\Administrator 2008-12-14 17:09 . 2008-12-14 17:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-14 17:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-14 17:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-14 17:04 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Pro 2008-12-14 16:03 . 2008-12-14 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft 2008-12-14 04:53 . 2008-12-14 14:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-14 04:53 . 2008-12-23 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-14 04:51 . 2008-12-14 20:55 <DIR> d-------- c:\program files\RegCleaner 2008-12-14 04:13 . 2008-12-14 04:13 <DIR> d-------- c:\program files\CCleaner 2008-12-14 03:55 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Lite 2008-12-14 03:55 . 2008-12-14 03:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-14 02:59 . 2008-12-14 02:59 <DIR> d-------- c:\documents and settings\Rene\Application Data\vlc 2008-12-14 02:58 . 2008-12-14 02:58 <DIR> d-------- c:\program files\VideoLAN 2008-12-14 02:52 . 2008-12-14 02:53 16,320,472 --a------ C:\vlc-0.9.8a-win32.exe 2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\windows\HDTVPlayer v3.5 2008-12-14 02:33 . 2008-12-14 02:37 <DIR> d-------- c:\program files\Uninstall 2008-12-14 02:33 . 2008-12-14 02:33 576,000 --a------ c:\windows\uninstall.exe 2008-12-14 02:33 . 2008-12-14 02:37 2 --a------ C:\-931777760 2008-12-14 02:33 . 2008-12-14 17:02 0 --a------ c:\windows\system32\drivers\83eba970.sys 2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\Setup 2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\HDTVXviD Codec 2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\program files\Setup 2008-12-14 02:22 . 2008-12-09 03:18 45 --a------ c:\windows\sys.bat 2008-12-13 16:49 . 2008-12-13 16:49 <DIR> d-------- c:\documents and settings\Rene\Application Data\Leadertech 2008-12-12 23:54 . 2008-12-12 23:54 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\windows\system32\foi 2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\temp\REX81 2008-12-12 16:10 . 2008-12-12 16:10 106,130 --a------ c:\windows\runner.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-28 08:06 --------- d-----w c:\documents and settings\Rene\Application Data\Azureus 2008-12-28 06:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-26 23:02 --------- d-----w c:\documents and settings\Rene\Application Data\LimeWire 2008-12-26 18:34 --------- d-----w c:\program files\Vuze 2008-12-23 18:25 --------- d-----w c:\program files\Java 2008-12-20 06:05 --------- d-----w c:\program files\DivX 2008-12-20 03:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-15 04:14 --------- d-----w c:\documents and settings\Rene\Application Data\Microsoft Games 2008-12-15 01:58 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 01:33 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-15 01:32 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-14 22:04 --------- d-----w c:\documents and settings\Rene\Application Data\DAEMON Tools 2008-12-14 19:05 --------- d-----w c:\program files\ASUS 2008-12-13 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2008-11-24 21:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-24 20:42 --------- d-----w c:\program files\7-Zip 2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf 2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf 2008-11-13 02:14 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories 2008-08-04 02:21 522 ----a-w c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk 2008-08-01 20:05 1,569 ----a-w c:\program files\uninstal.log 2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe 2008-07-31 11:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008073120080801\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\Webtools ---- c:\program files\Webtools\ ---- Directory of c:\windows\HDTVXviD Codec ---- 2008-12-14 02:22 576000 --a------ c:\windows\HDTVXviD Codec\uninstall.exe ------- Sigcheck ------- 2008-07-23 13:59 361600 e88631e21a9caca06104802f9e915115 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-20_15.47.57.87 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-28 19:07:00 2,560 ----a-w c:\windows\_MSRSTRT.EXE + 2008-12-27 05:28:15 574,464 ----a-w c:\windows\Hidden Mysteries Buckingham Palace\uninstall.exe - 2008-08-19 19:02:14 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2008-12-28 06:51:47 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2008-08-19 19:02:15 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-28 06:51:47 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2008-08-19 19:02:14 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2008-12-28 06:51:47 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2008-08-19 19:02:15 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2008-12-28 06:51:47 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2008-08-19 19:02:15 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe + 2008-12-28 06:51:47 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2008-08-19 19:02:15 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2008-12-28 06:51:48 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2008-08-19 19:02:14 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2008-12-28 06:51:47 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2008-08-19 19:02:15 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2008-12-28 06:51:47 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2008-08-19 19:02:15 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2008-12-28 06:51:47 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2008-08-19 19:02:15 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2008-12-28 06:51:48 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2008-08-19 19:02:14 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-12-28 06:51:47 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2008-12-20 02:35:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-28 04:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-20 02:35:49 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-28 04:00:31 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-28 04:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121520081222\index.dat + 2008-12-28 04:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122720081228\index.dat - 2008-12-20 02:35:49 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-28 04:00:31 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-12-15 01:51:30 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-12-27 02:37:06 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe + 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\java.exe - 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-12-23 18:25:21 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-12-20 19:53:32 59,908 ----a-w c:\windows\system32\perfc009.dat + 2008-12-28 19:12:27 59,908 ----a-w c:\windows\system32\perfc009.dat - 2008-12-20 19:53:32 396,770 ----a-w c:\windows\system32\perfh009.dat + 2008-12-28 19:12:27 396,770 ----a-w c:\windows\system32\perfh009.dat + 2008-12-28 19:22:36 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7f0.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2006-10-17 277352] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336] "QuickTime Task"="c:\windows\system32\qttask.exe" [2008-08-03 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600] "nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless PCI_CardBus utility V1.01.exe.lnk backup=c:\windows\pss\Wireless PCI_CardBus utility V1.01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater] -ra------ 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --a------ 2008-05-19 14:24 91432 c:\program files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE] --a------ 2002-12-20 13:26 716800 c:\program files\Canon\BJCard\BJLaunch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJPD HID Control] --a------ 2003-01-21 15:35 45056 c:\program files\Canon\BJPV\TVMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] --a------ 2007-09-23 21:55 533944 c:\program files\Druide\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003] --a------ 2003-07-04 12:08 122880 c:\program files\Larousse\Petit Larousse 2004\bin\HIPL2002Popup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] --a------ 2007-03-05 16:57 1103480 c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] --------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 02:34 167936 c:\program files\poweriso\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-08-03 19:32 98304 c:\windows\system32\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] --------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-12-04 13:50 1809648 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-03-27 01:35 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\jeux\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\jeux\\dirt\\DiRT.exe"= "c:\\jeux\\need3\\nfs3.exe"= "c:\\jeux\\outrun 2006\\OR2006C2C.EXE"= "c:\\jeux\\trackmania sunrise\\TmSunrise.exe"= "c:\\jeux\\TEST DRIVE UNLIMITED\\TestDriveUnlimited.exe"= "c:\\jeux\\neverwinter 2\\nwn2main.exe"= "c:\\jeux\\neverwinter 2\\nwn2main_amdxp.exe"= "c:\\jeux\\neverwinter 2\\nwupdate.exe"= "c:\\jeux\\neverwinter 2\\nwn2server.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\jeux\\grid toca racer\\Grid\\GRID.exe"= "c:\\jeux\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-08-20 39472] R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-07-31 150568] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 97928] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704] R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-08-02 4448] R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-08-02 3328] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-07-31 36864] R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048] S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys [] S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys [] S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys [] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe . ------- Examen supplémentaire ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-28 14:22:33 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(784) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\rundll32.exe c:\program files\Canon\BJCard\Bjmcmng.exe c:\program files\diskkeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IoctlSvc.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Heure de fin: 2008-12-28 14:25:28 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-28 19:25:25 ComboFix2.txt 2008-12-27 02:39:36 ComboFix3.txt 2008-12-20 20:48:13 Avant-CF: 36 836 077 568 bytes free Après-CF: 36,842,242,048 bytes free 379

en passant quand je voie sptd ca me fait penser a daemon tools. et je suis dailleurs incapable d'installer la derniere version, car il dit toujours quil ne trouve pas le driver scsi. de plus, il semble il y avoir une note au sujet de gears of war, mais jai mon probleme de fenetre depuis bien plus longtemps que mon installation de gears of war pc. J'ai une info important a vous dire que jaurais peut etre du dire. Il me semble d'Avoir commencé a avoir ce probleme en ayant downloader un fichier intitulé HDTVdivx.exe je lai installer car javais de la difficulté avec certains codecs. apres l'installation windows a planté avec écran bleue. et en lisant un peu plus sur le net jai appris que ce driver n'existait pas et que ce fichier était comme un genre de package de virus. meme on ma dit que le site etait un faux site pour tromper les utilisateurs. apres ca jai fait plusieurs scan avec anti-malware et dautres utilitaires semblables et jai effacé toutes les virus. anti-malware avait trouvé 81 tread, la premiere fois ainsi que des rootkit et autres. Mais jai bien suivi les instructions pour toutes enlever ce qui il y avait. des instructions lit sur le net. de plus javais le fameux virus qui cér un fhicier boot.inin dans chauqe disque dur et un dossier boot. mais je lai bien enlevé et il en reste aucune trace meme pas dans le registry. jai suivi les instructions. ainsi apres plusieurs heures , jai refait anti-malware, rookit, super anti-spyware, kaspersky , avg , ad-aware, remove it pro v4, rogue remover, ccleaner et il ny avait plus AUCUN tread. aucun virus selon ces programmes. mais mon probleme de fenetre qui souvrait tout seul persistait. jai donc réparer mon windows xp en recopiant par dessus l'installation en choissisant réparer l'installation. donc d'une certaine facon jai installer windows au complet mais je nai perdu aucune donné. et le plus drole cest que meme pendant la reinstallation de windows la fenetre de webthang.com... apparaissait. je devais la fermer. Ainsi apres ca, j'ai eu l'idée d'aller demander de l'aide sur un forum. Bref ca ressemble a ca et mon probleme persiste. (note: le fameux site ou jai downloader hdtvdivx.exe n'existe plus, non plus )

GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-27 18:13:02 Windows 5.1.2600 Service Pack 3 ---- Files - GMER 1.0.14 ---- File C:\Documents and Settings\Rene\My Documents\Azureus Downloads\PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\GoW\Gears of War\Wargame\CookedPC\COG\COG_Characters\COG_Grunt\COG_Grunt_Accessories\COG_Grunt_FragGrenade\COG_Grunt_FragGrenade.upk 411994 bytes ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ... ---- EOF - GMER 1.0.14 ---- Voila , j'attends votre réponse ou les prochaines instructions MERCI BCP

Logfile of random's system information tool 1.05 (written by random/random) Run by Rene at 2008-12-27 17:49:27 Microsoft Windows XP Professional Service Pack 3 System drive C: has 45 GB (19%) free of 236 GB Total RAM: 3327 MB (84% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:49:35, on 2008-12-27 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\checksum.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\diskkeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Rene\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Rene.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [CheckSum] C:\WINDOWS\system32\cks.bat O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU) O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O20 - AppInit_DLLs: dsafft.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\diskkeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 6768 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\wakpqlji.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - Systran40premi.IEPlugIn - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll [2002-04-12 65536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nwiz"=nwiz.exe /install [] "XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2006-10-17 277352] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-08-02 86016] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-14 1261336] "QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2008-08-03 98304] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "CheckSum"=C:\WINDOWS\system32\cks.bat [2008-12-12 151] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe [2002-12-20 716800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe [2003-01-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe [2007-09-23 533944] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe [2003-07-04 122880] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\WINDOWS\system32\qttask.exe [2008-08-03 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2008-03-27 36352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk] C:\PROGRA~1\Customer\WIRELE~1.01\WIRELE~1.EXE [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="dsafft.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-07-23 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-07-23 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus" "C:\jeux\Warcraft III\Warcraft III.exe"="C:\jeux\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\jeux\dirt\DiRT.exe"="C:\jeux\dirt\DiRT.exe:*:Enabled:DiRT Executable" "C:\jeux\need3\nfs3.exe"="C:\jeux\need3\nfs3.exe:*:Enabled:Need For Speed III for Win32" "C:\jeux\outrun 2006\OR2006C2C.EXE"="C:\jeux\outrun 2006\OR2006C2C.EXE:*:Enabled:OR2006C2C" "C:\jeux\trackmania sunrise\TmSunrise.exe"="C:\jeux\trackmania sunrise\TmSunrise.exe:*:Enabled:TmSunrise" "C:\jeux\TEST DRIVE UNLIMITED\TestDriveUnlimited.exe"="C:\jeux\TEST DRIVE UNLIMITED\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited" "C:\jeux\neverwinter 2\nwn2main.exe"="C:\jeux\neverwinter 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\jeux\neverwinter 2\nwn2main_amdxp.exe"="C:\jeux\neverwinter 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\jeux\neverwinter 2\nwupdate.exe"="C:\jeux\neverwinter 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\jeux\neverwinter 2\nwn2server.exe"="C:\jeux\neverwinter 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\jeux\grid toca racer\Grid\GRID.exe"="C:\jeux\grid toca racer\Grid\GRID.exe:*:Enabled:GRID Executable" "C:\jeux\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\jeux\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"="C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Disabled:removeit" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2008-12-27 17:49:27 ----D---- C:\rsit 2008-12-27 00:28:15 ----D---- C:\WINDOWS\Hidden Mysteries Buckingham Palace 2008-12-27 00:28:15 ----D---- C:\Program Files\Hidden Mysteries Buckingham Palace 2008-12-27 00:26:21 ----A---- C:\WINDOWS\Hidden Mysteries Buckingham Palace Setup Log.txt 2008-12-26 21:45:42 ----SHD---- C:\RECYCLER 2008-12-26 21:39:36 ----A---- C:\ComboFix.txt 2008-12-26 21:28:46 ----A---- C:\WINDOWS\VFIND.exe 2008-12-26 21:28:46 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-12-26 21:28:46 ----A---- C:\WINDOWS\SWSC.exe 2008-12-26 21:28:46 ----A---- C:\WINDOWS\SWREG.exe 2008-12-26 21:28:46 ----A---- C:\WINDOWS\sed.exe 2008-12-26 21:28:46 ----A---- C:\WINDOWS\NIRCMD.exe 2008-12-26 21:28:46 ----A---- C:\WINDOWS\grep.exe 2008-12-26 21:16:30 ----D---- C:\_OTMoveIt 2008-12-26 21:11:14 ----A---- C:\WINDOWS\Adventure Chronicles The Search for Lost Treasure Setup Log.txt 2008-12-26 18:36:40 ----D---- C:\Program Files\M3 GAME Manager 2008-12-26 14:34:13 ----D---- C:\Program Files\Mystery Case Files - Madame Fate 2008-12-26 13:30:38 ----D---- C:\Program Files\Webtools 2008-12-26 13:25:11 ----A---- C:\WINDOWS\system32\rqRLeeFU.dll 2008-12-23 13:25:31 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-12-23 01:07:26 ----A---- C:\WINDOWS\ntbtlog.txt 2008-12-23 00:26:30 ----D---- C:\VundoFix Backups 2008-12-23 00:26:30 ----A---- C:\VundoFix.txt 2008-12-21 01:49:48 ----D---- C:\cmdcons 2008-12-21 01:47:01 ----A---- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK 2008-12-21 01:31:23 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-21 01:24:31 ----D---- C:\registry 2008-12-20 15:45:17 ----D---- C:\Program Files\xerox 2008-12-20 15:45:16 ----D---- C:\WINDOWS\system32\xircom 2008-12-20 15:45:16 ----D---- C:\Program Files\microsoft frontpage 2008-12-20 15:42:26 ----D---- C:\WINDOWS\temp 2008-12-20 15:39:09 ----A---- C:\WINDOWS\zip.exe 2008-12-20 15:39:09 ----A---- C:\WINDOWS\fdsv.exe 2008-12-20 15:39:03 ----D---- C:\WINDOWS\ERDNT 2008-12-20 15:39:03 ----D---- C:\Qoobox 2008-12-20 14:09:42 ----D---- C:\RkUnhooker 2008-12-20 13:46:19 ----A---- C:\WINDOWS\gmer.ini 2008-12-20 13:46:18 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-12-20 13:46:18 ----A---- C:\WINDOWS\gmer.exe 2008-12-20 13:46:18 ----A---- C:\WINDOWS\gmer.dll 2008-12-20 01:06:18 ----D---- C:\Documents and Settings\Rene\Application Data\DivX 2008-12-20 01:05:44 ----A---- C:\WINDOWS\system32\pxinsi64.exe 2008-12-20 01:05:44 ----A---- C:\WINDOWS\system32\pxcpyi64.exe 2008-12-19 22:56:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-19 22:56:19 ----D---- C:\Program Files\SUPERAntiSpyware 2008-12-19 22:56:19 ----D---- C:\Documents and Settings\Rene\Application Data\SUPERAntiSpyware.com 2008-12-19 22:50:17 ----D---- C:\Program Files\FileASSASSIN 2008-12-19 22:48:58 ----D---- C:\Program Files\RogueRemover FREE 2008-12-19 22:00:28 ----D---- C:\Program Files\InCode Solutions 2008-12-14 23:47:55 ----D---- C:\Program Files\Lavasoft 2008-12-14 23:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-12-14 23:39:46 ----A---- C:\WINDOWS\wdyxvmg.txt 2008-12-14 23:23:40 ----A---- C:\WINDOWS\system32\fifakl.txt 2008-12-14 23:21:47 ----A---- C:\WINDOWS\wmfndtw.txt 2008-12-14 22:28:01 ----HD---- C:\$AVG8.VAULT$ 2008-12-14 22:21:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2008-12-14 22:09:51 ----A---- C:\WINDOWS\system32\svch?st.exe 2008-12-14 22:09:51 ----A---- C:\c.txt 2008-12-14 22:06:19 ----D---- C:\Program Files\DAEMON Tools 2008-12-14 20:58:09 ----D---- C:\Program Files\Creative 2008-12-14 20:37:30 ----D---- C:\WINDOWS\Prefetch 2008-12-14 20:34:16 ----D---- C:\WINDOWS\system32\dllcache 2008-12-14 20:33:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2008-12-14 20:20:53 ----D---- C:\WINDOWS\NV9201656.TMP 2008-12-14 20:17:29 ----A---- C:\WINDOWS\system32\irclass.dll 2008-12-14 20:17:28 ----A---- C:\WINDOWS\system32\spxcoins.dll 2008-12-14 20:17:08 ----RA---- C:\WINDOWS\SETAA.tmp 2008-12-14 20:17:05 ----RA---- C:\WINDOWS\SET9E.tmp 2008-12-14 20:17:03 ----RA---- C:\WINDOWS\SET9B.tmp 2008-12-14 19:06:37 ----D---- C:\Program Files\DAEMON Tools Lite 2008-12-14 18:56:15 ----D---- C:\WINDOWS\Downloaded Installations 2008-12-14 18:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2008-12-14 18:24:29 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8 2008-12-14 17:53:37 ----D---- C:\Program Files\Trend Micro 2008-12-14 17:09:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-14 17:04:14 ----D---- C:\Documents and Settings\Rene\Application Data\DAEMON Tools Pro 2008-12-14 16:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-12-14 04:53:51 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-12-14 04:53:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-14 04:51:54 ----D---- C:\Program Files\RegCleaner 2008-12-14 04:13:20 ----D---- C:\Program Files\CCleaner 2008-12-14 03:55:58 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite 2008-12-14 03:55:33 ----D---- C:\Documents and Settings\Rene\Application Data\DAEMON Tools Lite 2008-12-14 02:59:03 ----D---- C:\Documents and Settings\Rene\Application Data\vlc 2008-12-14 02:58:18 ----D---- C:\Program Files\VideoLAN 2008-12-14 02:52:47 ----A---- C:\vlc-0.9.8a-win32.exe 2008-12-14 02:33:19 ----D---- C:\Program Files\Uninstall 2008-12-14 02:33:19 ----A---- C:\WINDOWS\uninstall.exe 2008-12-14 02:33:19 ----A---- C:\WINDOWS\system32\eowero.vbs 2008-12-14 02:33:19 ----A---- C:\WINDOWS\system32\cks.bat 2008-12-14 02:33:19 ----A---- C:\WINDOWS\system32\checksum.exe 2008-12-14 02:33:11 ----D---- C:\WINDOWS\HDTVPlayer v3.5 2008-12-14 02:22:05 ----A---- C:\WINDOWS\sys.bat 2008-12-14 02:22:05 ----A---- C:\WINDOWS\eower.vbs 2008-12-14 02:22:04 ----D---- C:\WINDOWS\Setup 2008-12-14 02:22:04 ----D---- C:\Program Files\Setup 2008-12-14 02:22:03 ----D---- C:\WINDOWS\HDTVXviD Codec 2008-12-13 16:49:45 ----D---- C:\Documents and Settings\Rene\Application Data\Leadertech 2008-12-12 23:54:03 ----D---- C:\WINDOWS\system32\LogFiles 2008-12-12 21:42:31 ----SHD---- C:\WINDOWS\UmVuZSBNb3Jpbg 2008-12-12 21:42:17 ----D---- C:\WINDOWS\system32\foi 2008-12-12 16:10:39 ----A---- C:\WINDOWS\runner.exe ======List of files/folders modified in the last 1 months====== 2008-12-27 17:46:16 ----HD---- C:\WINDOWS\PIF 2008-12-27 15:30:49 ----D---- C:\WINDOWS\system32 2008-12-27 15:30:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-27 02:41:11 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-27 00:28:15 ----RD---- C:\Program Files 2008-12-27 00:28:15 ----D---- C:\WINDOWS 2008-12-26 23:57:28 ----D---- C:\Documents and Settings\Rene\Application Data\Azureus 2008-12-26 21:39:40 ----D---- C:\WINDOWS\system32\drivers 2008-12-26 21:38:58 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-26 21:37:33 ----A---- C:\WINDOWS\system.ini 2008-12-26 21:35:22 ----D---- C:\WINDOWS\system32\config 2008-12-26 21:31:43 ----D---- C:\WINDOWS\AppPatch 2008-12-26 21:31:43 ----D---- C:\Program Files\Common Files 2008-12-26 21:28:14 ----D---- C:\jeux 2008-12-26 18:02:10 ----D---- C:\Documents and Settings\Rene\Application Data\LimeWire 2008-12-26 13:34:55 ----D---- C:\Program Files\Vuze 2008-12-26 13:30:39 ----A---- C:\WINDOWS\system32\c355f7f1-.txt 2008-12-26 13:25:13 ----SD---- C:\WINDOWS\Tasks 2008-12-23 13:25:34 ----SHD---- C:\WINDOWS\Installer 2008-12-23 13:25:21 ----A---- C:\WINDOWS\system32\javaws.exe 2008-12-23 13:25:21 ----A---- C:\WINDOWS\system32\javaw.exe 2008-12-23 13:25:21 ----A---- C:\WINDOWS\system32\java.exe 2008-12-23 13:25:19 ----D---- C:\Program Files\Java 2008-12-21 01:49:51 ----RASH---- C:\boot.ini 2008-12-21 01:47:03 ----SHD---- C:\System Volume Information 2008-12-21 01:47:03 ----D---- C:\WINDOWS\system32\Restore 2008-12-21 01:23:02 ----D---- C:\WINDOWS\Debug 2008-12-20 15:45:17 ----D---- C:\WINDOWS\system32\wbem 2008-12-20 15:45:17 ----D---- C:\WINDOWS\ime 2008-12-20 01:05:48 ----D---- C:\Program Files\DivX 2008-12-19 23:45:57 ----A---- C:\WINDOWS\win.ini 2008-12-19 23:45:57 ----A---- C:\Boot.bak 2008-12-19 22:54:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-12-18 19:07:59 ----A---- C:\WINDOWS\BlendSettings.ini 2008-12-14 23:58:28 ----A---- C:\WINDOWS\WININIT.INI 2008-12-14 23:14:26 ----D---- C:\Documents and Settings\Rene\Application Data\Microsoft Games 2008-12-14 23:09:57 ----SD---- C:\Documents and Settings\Rene\Application Data\Microsoft 2008-12-14 22:09:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-12-14 21:12:45 ----A---- C:\WINDOWS\Ascd_log.ini 2008-12-14 21:08:39 ----A---- C:\WINDOWS\Ascd_tmp.ini 2008-12-14 20:59:03 ----D---- C:\WINDOWS\system32\Defaults 2008-12-14 20:58:15 ----HD---- C:\WINDOWS\inf 2008-12-14 20:58:11 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-14 20:57:55 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2008-12-14 20:57:55 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2008-12-14 20:57:42 ----D---- C:\WINDOWS\system32\Data 2008-12-14 20:55:35 ----D---- C:\Program Files\Windows Media Player 2008-12-14 20:41:11 ----D---- C:\WINDOWS\Registration 2008-12-14 20:34:39 ----D---- C:\WINDOWS\security 2008-12-14 20:34:17 ----A---- C:\WINDOWS\ODBCINST.INI 2008-12-14 20:33:51 ----D---- C:\WINDOWS\system32\ias 2008-12-14 20:33:27 ----RD---- C:\WINDOWS\Web 2008-12-14 20:33:22 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2008-12-14 20:33:03 ----D---- C:\Program Files\Windows Media Connect 2 2008-12-14 20:32:54 ----D---- C:\WINDOWS\srchasst 2008-12-14 20:32:44 ----D---- C:\Program Files\Microsoft Silverlight 2008-12-14 20:32:35 ----D---- C:\WINDOWS\Help 2008-12-14 20:32:23 ----D---- C:\Program Files\NetMeeting 2008-12-14 20:32:22 ----D---- C:\Program Files\Common Files\Services 2008-12-14 20:32:19 ----D---- C:\Program Files\Outlook Express 2008-12-14 20:32:16 ----D---- C:\Program Files\Internet Explorer 2008-12-14 20:32:04 ----D---- C:\Program Files\Movie Maker 2008-12-14 20:31:48 ----D---- C:\WINDOWS\system32\oobe 2008-12-14 20:31:34 ----D---- C:\Program Files\Common Files\System 2008-12-14 20:30:47 ----D---- C:\WINDOWS\system32\Com 2008-12-14 20:30:10 ----D---- C:\WINDOWS\Cursors 2008-12-14 20:30:03 ----D---- C:\Program Files\Windows NT 2008-12-14 20:29:38 ----D---- C:\WINDOWS\system32\en-US 2008-12-14 20:18:50 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-14 20:17:54 ----RSD---- C:\WINDOWS\Fonts 2008-12-14 20:17:28 ----D---- C:\WINDOWS\system 2008-12-14 20:17:17 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2008-12-14 18:01:01 ----D---- C:\Documents and Settings 2008-12-14 17:04:15 ----D---- C:\Documents and Settings\Rene\Application Data\DAEMON Tools 2008-12-14 15:14:35 ----D---- C:\WINDOWS\L2Schemas 2008-12-14 15:14:34 ----RD---- C:\WINDOWS\Offline Web Pages 2008-12-14 15:14:34 ----D---- C:\WINDOWS\system32\usmt 2008-12-14 15:14:31 ----D---- C:\WINDOWS\Media 2008-12-14 15:14:30 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-14 15:14:30 ----D---- C:\WINDOWS\system32\Setup 2008-12-14 15:14:27 ----D---- C:\WINDOWS\WBEM 2008-12-14 15:14:05 ----D---- C:\WINDOWS\Network Diagnostic 2008-12-14 15:14:04 ----D---- C:\WINDOWS\system32\scripting 2008-12-14 15:13:54 ----D---- C:\WINDOWS\PeerNet 2008-12-14 15:13:27 ----D---- C:\WINDOWS\system32\npp 2008-12-14 15:13:24 ----D---- C:\WINDOWS\mui 2008-12-14 15:13:21 ----D---- C:\WINDOWS\msagent 2008-12-14 15:13:16 ----D---- C:\WINDOWS\system32\en 2008-12-14 15:12:55 ----D---- C:\WINDOWS\ehome 2008-12-14 15:12:26 ----D---- C:\WINDOWS\twain_32 2008-12-14 15:12:15 ----D---- C:\WINDOWS\system32\icsxml 2008-12-14 15:11:54 ----D---- C:\WINDOWS\system32\1033 2008-12-14 15:11:18 ----D---- C:\WINDOWS\WinSxS 2008-12-14 15:11:18 ----D---- C:\WINDOWS\Driver Cache 2008-12-14 14:12:28 ----D---- C:\Temp 2008-12-14 14:05:48 ----D---- C:\Program Files\ASUS 2008-12-14 04:14:04 ----D---- C:\WINDOWS\Minidump 2008-12-13 16:40:21 ----D---- C:\WINDOWS\system32\DirectX 2008-12-13 16:40:11 ----RSD---- C:\WINDOWS\assembly 2008-12-13 16:21:23 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-14 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-14 26824] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-02 278984] R2 Devx;Devx; C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 4448] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-08-02 25416] R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-07-23 62848] R2 VtPr;VtPr; C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-10 3328] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-07-23 60800] R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376] R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360] R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208] R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-12-14 223128] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720] R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-07-23 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-07-23 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-07-23 32384] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-07-23 30336] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504] R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048] S1 83eba970;83eba970; C:\WINDOWS\System32\drivers\83eba970.sys [] S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080] S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 FilterService;Canon BJ Hid Usb Filter Service; C:\WINDOWS\system32\DRIVERS\bjhid.sys [2002-11-10 6016] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969] S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464] S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 W8335XP;802.11g/b Driver for Windows XP ; C:\WINDOWS\system32\DRIVERS\Mrvw125.sys [2005-12-29 282624] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\WudfPf.sys [] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\wudfrd.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704] R2 Bjmcmng;Canon BJ Memory Card Manager; C:\Program Files\Canon\BJCard\Bjmcmng.exe [2002-10-21 49152] R2 Diskeeper;Diskeeper; C:\Program Files\diskkeeper\DkService.exe [2006-12-21 913408] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-07-23 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2008-12-27 17:49:37 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{225A137C-F371-4246-B6FF-20320297DB75}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4x4 Evo2-->C:\WINDOWS\IsUninst.exe -fc:\jeux\evo4x4\Uninst.isu 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe" Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F} Aquadelic GT 1.0.0.0-->"c:\jeux\aquadelic\unins000.exe" Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bejeweled Deluxe 1.6z-->C:\jeux\chantal\bejewed\UnGins.exe "C:\jeux\chantal\bejewed\install.log" Big City Adventure San Francisco-->C:\PROGRA~1\GAMEHO~1\BIGCIT~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BIGCIT~1\INSTALL.LOG BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe" Canon i470D-->C:\WINDOWS\system32\CNMCP4y.exe "-PRINTERNAMECanon i470D" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i470D Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i470D Installer\Inst2\cnmi040c.dll" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c /remove Croc 2-->C:\WINDOWS\IsUninst.exe -fc:\jeux\croc2\Uninst.isu CyberLink PowerDVD8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall Daytona USA-->c:\jeux\daytona\Desinstalar.exe DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9} DiRT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x40c -removeonly Diskeeper 2007 Pro Premier-->MsiExec.exe /X{6461F54A-2927-4EE1-9B38-DB5AA0E7795A} Divine Divinity-->C:\jeux\DIVINE~1\UNINST~1\UNWISE.EXE C:\jeux\DIVINE~1\UNINST~1\INSTALL.LOG DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe Drome Racers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x9 Dungeon Siege Demo-->"c:\jeux\dungeon siege demo\UNINSTAL.EXE" /runtemp /addremove EA Network Play System-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu" Electronic Arts Game Updater-->C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu" Enclave-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AC01A0D-42B6-4A55-AD7A-A545A7AE5364}\Setup.exe" -l0x9 eRacer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61ECE122-6F83-11D4-850D-00A0C9B344A1}\setup.exe" Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe" FileASSASSIN-->C:\Program Files\FileASSASSIN\uninst.exe Final Fantasy VII XP Patch-->C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch" Final Fantasy VII-->C:\WINDOWS\IsUninst.exe -fc:\jeux\ff7\Uninst.isu FlatOut-->MsiExec.exe /I{A57D86AF-DE8E-4B26-972E-A1A28FFF7742} FlatOut2-->MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890} Fraps-->"C:\Program Files\fraps\uninstall.exe" Gears of War-->".:\Gears of War\unins000.exe" GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly GTR 2 1.0.0.0-->"c:\jeux\gtr2\Support\unins000.exe" Heroes of Might and Magic® IV-->C:\WINDOWS\IsUninst.exe -f"c:\jeux\heroes4\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll Hidden Mysteries Buckingham Palace-->"C:\WINDOWS\Hidden Mysteries Buckingham Palace\uninstall.exe" "/U:C:\Program Files\Hidden Mysteries Buckingham Palace\Uninstall\uninstall.xml" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall IsoBuster 2.3-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jazz Jackrabbit 2-->C:\jeux\jazz2\UnInst.exe C:\jeux\jazz2\UnInst.j2 Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe" Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly M3 GAME Manager Uninstall-->C:\Program Files\M3 GAME Manager\Uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe" Megaman X5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBDA3FF-9F8D-4B0C-9214-0F6224D43111}\SETUP.EXE" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Application Compatibility Toolkit 5.0-->MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft RalliSport Challenge-->"C:\jeux\rallysport\UNINSTAL.EXE" /runtemp /addremove Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Xbox 360 Accessories 1.0-->MsiExec.exe /X{9366F586-ED5E-4BED-B155-0D2919669A05} mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Moto Racer 2-->C:\WINDOWS\uninst.exe -f"c:\jeux\moto racer 2\DeIsL1.isu" Moto Racer-->C:\WINDOWS\uninst.exe -fC:\jeux\MotoRacer1\DeIsL1.isu MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /X{C523D256-313D-4866-B36A-F3DE528246EF} MVP Baseball 2003-->c:\jeux\mvp2003\EAUninstall.exe Mystery Case Files - Madame Fate Cracked by Cryptic-->"C:\Program Files\Mystery Case Files - Madame Fate\unins000.exe" Need For Speed - Porsche Unleashed-->C:\WINDOWS\IsUninst.exe -fc:\jeux\need5\uninst.log Need for speed 4 high stakes-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{5720ce01-0b05-4d62-a7ed-963b5fa648e3}.sdb" Need For Speed High Stakes-->C:\WINDOWS\ISUNINST.EXE -f"c:\jeux\need 4\Uninst.isu" -c"c:\jeux\need 4\uninst.dll" E Need For Speed Hot Pursuit 2-->C:\jeux\need6\EAUninstall.exe Need For Speed II SE-->C:\WINDOWS\unin040c.exe -f"c:\jeux\need 2 se\DeIsL1.isu" Need For Speed III-->C:\WINDOWS\UNINST.EXE -fc:\jeux\need3\DeIsL1.isu -c"c:\jeux\need3\eauninst.dll" Need for Speed Underground 2-->C:\jeux\underground2\EAUninstall.exe Need for Speed™ Carbon-->C:\jeux\CARBON\EAUninstall.exe Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D} Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88} Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7} Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly Ocean Express-->C:\PROGRA~1\GAMEHO~1\OCEANE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\OCEANE~1\INSTALL.LOG Off Road-->"C:\Program Files\InstallShield Installation Information\{9135BA5B-51B4-49BF-867A-D152B5CE67D4}\setup.exe" -runfromtemp -l0x040c -removeonly OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U OutRun2006 Coast 2 Coast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{839911F0-D9CB-400F-AE78-5D8264F38C42}\setup.exe" -l0x40c -removeonly Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x9 Paraworld US SP Demo-->"c:\jeux\paraworld\unins000.exe" Petit Larousse 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{495D3648-1D6B-4B71-B174-6A2452FFF8CD}\Setup.exe" -l0x40c PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" Prince of Persia Les Sables du Temps-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0xc0c PSP Video 9 2.24-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe Puzzles Collection-->"C:\jeux\chantal\Puzzles Collection\uninstall.exe" Quake 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1036 QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log R.C. Cars-->MsiExec.exe /X{FDACD776-2B0F-427F-95BD-FAF664D75308} Rally Trophy-->MsiExec.exe /I{42A4EC40-09BC-427C-B657-67978B784058} RAYKIT-->C:\WINDOWS\UbiSoft\UbiSetup.exe -uninstall RAYKIT RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG Rootkit Unhooker Uninstall-->"C:\RkUnhooker\uninstall.exe" SEGA Rally-->"C:\Program Files\InstallShield Installation Information\{4A05FF52-4AA8-4681-BC06-5EE7F812A441}\setup.exe" -runfromtemp -l0x040c -removeonly SEGA Rally-->MsiExec.exe /I{4A05FF52-4AA8-4681-BC06-5EE7F812A441} Setup-->"C:\WINDOWS\Setup\uninstall.exe" "/U:C:\Program Files\Setup\Uninstall\uninstall.xml" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sid Meier's Pirates!-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1036 SimCity 4-->C:\jeux\Sim City 4\EAUninstall.exe SolSuite-->C:\jeux\chantal\solsuite\UNWISE.EXE C:\jeux\chantal\solsuite\INSTALL.LOG SONIC ADVENTURE DX-Director's Cut-->c:\jeux\sonic adventure 1\SONICADVENTUREDX\unsetup.exe Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe" Stunt GP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB132F09-DCF1-46EA-AE92-F8B42AB7BAD4}\setup.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Supercar Street Challenge-->C:\jeux\SUPERC~1\Uninstall\Unwise.exe /u C:\jeux\SUPERC~1\Uninstall\Install.log Systran Professional Premium 4.0-->C:\WINDOWS\unvise32.exe C:\Program Files\Systran\4_0\Premium\uninstal.log Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0} Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x40c -removeonly Tomb Raider: Anniversary 1.0-->C:\jeux\Tomb Raider - Anniversary\uninsttra.exe Topwords-->C:\WINDOWS\IsUn040c.exe -fc:\jeux\chantal\topwords\Uninst.isu TrackMania Sunrise 1.4.6-->"c:\jeux\trackmania sunrise\unins000.exe" Ultima IX-->C:\WINDOWS\IsUn040c.exe -f"c:\jeux\ultima 9\Uninst.isu" Utilitaire de carte mémoire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBD8FD34-8559-4028-922B-50797D151E04}\setup.exe" VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe VoptXP v7.22-->C:\PROGRA~1\VOPTXP~1\UNWISE.EXE C:\PROGRA~1\VOPTXP~1\INSTALL.LOG Vuze-->C:\Program Files\Vuze\uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Wipeout XL-->C:\WINDOWS\uninst.exe -fc:\jeux\wipeout-xl\DeIsL1.isu =====HijackThis Backups===== O20 - AppInit_DLLs: obfytk.dll,avgrsstx.dll lwxxku.dll owkucv.dll ======Security center information====== AV: AVG Anti-Virus Free System event log Computer Name: RENEMORIN Event Code: 7036 Message: The Network Location Awareness (NLA) service entered the running state. Record Number: 4811 Source Name: Service Control Manager Time Written: 20081109222914.000000-300 Event Type: information User: Computer Name: RENEMORIN Event Code: 7035 Message: The Network Location Awareness (NLA) service was successfully sent a start control. Record Number: 4810 Source Name: Service Control Manager Time Written: 20081109222914.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: RENEMORIN Event Code: 7036 Message: The Fast User Switching Compatibility service entered the running state. Record Number: 4809 Source Name: Service Control Manager Time Written: 20081109222914.000000-300 Event Type: information User: Computer Name: RENEMORIN Event Code: 7035 Message: The Fast User Switching Compatibility service was successfully sent a start control. Record Number: 4808 Source Name: Service Control Manager Time Written: 20081109222914.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: RENEMORIN Event Code: 7036 Message: The Terminal Services service entered the running state. Record Number: 4807 Source Name: Service Control Manager Time Written: 20081109222914.000000-300 Event Type: information User: Application event log Computer Name: RENEMORIN Event Code: 0 Message: Record Number: 705 Source Name: Nero BackItUp Scheduler 3 Time Written: 20080820184413.000000-240 Event Type: information User: Computer Name: RENEMORIN Event Code: 2 Message: The Diskeeper Control Center has been started. Diskeeper service started. Record Number: 704 Source Name: Diskeeper Time Written: 20080820184410.000000-240 Event Type: information User: Computer Name: RENEMORIN Event Code: 1001 Message: Checking file system on E: The type of the file system is NTFS. Volume label is Backup. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying Usn Journal... Usn Journal verification completed. Windows has checked the file system and found no problems. 141974405 KB total disk space. 90730584 KB in 57206 files. 18088 KB in 3799 indexes. 0 KB in bad sectors. 177833 KB in use by the system. 65536 KB occupied by the log file. 51047900 KB available on disk. 4096 bytes in each allocation unit. 35493601 total allocation units on disk. 12761975 allocation units available on disk. Internal Info: 10 1a 01 00 59 ee 00 00 81 3b 01 00 00 00 00 00 ....Y....;...... 7e 01 00 00 00 00 00 00 1f 00 00 00 00 00 00 00 ~............... 5a 16 c7 04 00 00 00 00 e4 32 0d 2c 00 00 00 00 Z........2.,.... cc 85 58 05 00 00 00 00 00 00 00 00 00 00 00 00 ..X............. 00 00 00 00 00 00 00 00 fc 0f af 3f 00 00 00 00 ...........?.... 40 89 ce b2 00 00 00 00 80 36 07 00 76 df 00 00 @........6..v... 00 00 00 00 00 60 c1 a1 15 00 00 00 d7 0e 00 00 .....`.......... Record Number: 703 Source Name: Winlogon Time Written: 20080820184354.000000-240 Event Type: information User: Computer Name: RENEMORIN Event Code: 1001 Message: Checking file system on D: The type of the file system is NTFS. Volume label is Windows Vista 64 bit. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. Cleaning up 2 unused index entries from index $SII of file 0x9. Cleaning up 2 unused index entries from index $SDH of file 0x9. Cleaning up 2 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. 105008840 KB total disk space. 31924700 KB in 72501 files. 44992 KB in 15481 indexes. 0 KB in bad sectors. 207512 KB in use by the system. 65536 KB occupied by the log file. 72831636 KB available on disk. 4096 bytes in each allocation unit. 26252210 total allocation units on disk. 18207909 allocation units available on disk. Internal Info: 00 8e 01 00 b8 57 01 00 19 6d 02 00 00 00 00 00 .....W...m...... 63 00 00 00 2c 00 00 00 70 01 00 00 00 00 00 00 c...,...p....... 72 50 87 06 00 00 00 00 b4 37 f9 24 00 00 00 00 rP.......7.$.... 04 7c d7 07 00 00 00 00 00 00 00 00 00 00 00 00 .|.............. 00 00 00 00 00 00 00 00 8c 50 e2 3b 00 00 00 00 .........P.;.... 60 d7 ce b2 00 00 00 00 90 3a 07 00 35 1b 01 00 `........:..5... 00 00 00 00 00 70 87 9c 07 00 00 00 79 3c 00 00 .....p......y<.. Record Number: 702 Source Name: Winlogon Time Written: 20080820184354.000000-240 Event Type: information User: Computer Name: RENEMORIN Event Code: 1000 Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service. Record Number: 701 Source Name: LoadPerf Time Written: 20080820150724.000000-240 Event Type: information User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\diskkeeper "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=1707 "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- voila pour ceux-ci je vais faire gmer maintenant

Merci !! Prenez le temps necessaire !! J'ai l'impression que ce virus est rare et tres recent, car avant de commencer a poster sur zebulon je navais pas réussi a trouver aucune information au sujet de mon probleme. De plus, j'en avais eu des virus depuis des années et j'avais toujours été capable de les enlever. D'apres moi il doit y avoir une ligne dans le registry qui fait ouvrir cette fenetre au 15 minutes, mais je suis loin detre un expert comme vous !!! MERCI BEAUCOUP !!!

Bonjour Apollo. J'Ai signalé aux autres forums que je continuait de me faire aider seulement dans ce forum. car il y avait des gens qui m'Avait répondu dans les autres forums que javais deja posté il y a quelques jours de cela. Donc SVP continue de m'aider jai n'ai pas l'intention de me faire aider aillleurs. Dailleurs je n'ai suivi que tes instructions jusqua présent. J'ai tout fait ce que tu mas demandé, rien de plus rien de moins. MERCI !

merci de votre aide !! J'attend votre reponse en passant mon probleme de fenetres n'est toujours pas réglé.

ComboFix 08-12-26.03 - Rene 2008-12-26 21:29:42.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2848 [GMT -5:00] Lancé depuis: c:\documents and settings\Rene\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Rene\Application Data\gadcom c:\documents and settings\Rene\Application Data\gadcom\gadcom.exe c:\documents and settings\Rene\Application Data\SpeedRunner c:\documents and settings\Rene\Local Settings\Temporary Internet Files\fbk.sts c:\program files\Mjcore c:\windows\system32\bqacybre.dll c:\windows\system32\dsafft.dll c:\windows\system32\erbycaqb.ini c:\windows\system32\jkkKbBTl.dll c:\windows\system32\khxotrgl.dll c:\windows\system32\kRCdLRqr.ini c:\windows\system32\kRCdLRqr.ini2 c:\windows\system32\ljJDWmLf.dll c:\windows\system32\rqRLdCRk.dll c:\windows\system32\urqNDSJc.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://childhe.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-27 au 2008-12-27 )))))))))))))))))))))))))))))))))))) . 2008-12-26 21:37 . 2008-12-26 21:37 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-26 21:37 . 2008-12-26 21:37 1,409 --a------ c:\windows\QTFont.for 2008-12-26 21:16 . 2008-12-26 21:16 <DIR> d-------- C:\_OTMoveIt 2008-12-26 18:36 . 2008-12-26 21:00 <DIR> d-------- c:\program files\M3 GAME Manager 2008-12-26 14:34 . 2008-12-26 14:37 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate 2008-12-26 13:30 . 2008-12-26 13:30 <DIR> d-------- c:\program files\Webtools 2008-12-26 13:25 . 2008-12-26 13:25 45,056 --a------ c:\windows\system32\rqRLeeFU.dll 2008-12-23 13:25 . 2008-12-23 13:25 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-23 00:26 . 2008-12-23 00:26 <DIR> d-------- C:\VundoFix Backups 2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settingsbkup.sfm 2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settings.sfm 2008-12-21 01:47 . 2008-12-26 21:37 4,958,588 --a------ c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK 2008-12-21 01:24 . 2008-12-21 01:24 <DIR> d-------- C:\registry 2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\windows\system32\xircom 2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\program files\microsoft frontpage 2008-12-20 15:38 . 2008-12-20 15:38 <DIR> d-------- c:\documents and settings\Rene\DoctorWeb 2008-12-20 14:09 . 2008-12-20 14:10 <DIR> d-------- C:\RkUnhooker 2008-12-20 13:46 . 2008-12-21 00:22 250 --a------ c:\windows\gmer.ini 2008-12-20 01:06 . 2008-12-26 15:43 <DIR> d-------- c:\documents and settings\Rene\Application Data\DivX 2008-12-20 01:05 . 2008-11-21 16:47 120,056 --a------ c:\windows\system32\pxcpyi64.exe 2008-12-20 01:05 . 2008-11-21 16:47 118,520 --a------ c:\windows\system32\pxinsi64.exe 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\Rene\Application Data\SUPERAntiSpyware.com 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-19 22:50 . 2008-12-19 22:50 <DIR> d-------- c:\program files\FileASSASSIN 2008-12-19 22:48 . 2008-12-19 22:49 <DIR> d-------- c:\program files\RogueRemover FREE 2008-12-19 22:00 . 2008-12-19 22:00 <DIR> d-------- c:\program files\InCode Solutions 2008-12-15 01:39 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr 2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\program files\Lavasoft 2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-14 22:28 . 2008-12-26 13:47 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-14 22:21 . 2008-12-26 13:16 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-14 22:21 . 2008-12-14 22:21 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-14 22:21 . 2008-12-14 22:21 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-14 22:09 . 2008-04-13 23:42 49,152 --a------ c:\windows\system32\svchost.exe 2008-12-14 22:06 . 2008-12-14 22:06 <DIR> d-------- c:\program files\DAEMON Tools 2008-12-14 22:06 . 2008-12-14 22:06 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys 2008-12-14 22:03 . 2008-12-14 22:03 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-12-14 20:59 . 2008-12-26 21:35 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-14 20:59 . 2008-12-26 21:35 11,564 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-14 20:58 . 2008-12-14 20:58 <DIR> d-------- c:\program files\Creative 2008-12-14 20:34 . 2008-12-14 20:34 <DIR> d-------- c:\windows\system32\dllcache 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\WindowsShell.Manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-12-14 20:33 . 2008-12-14 20:33 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-12-14 20:20 . 2008-12-14 20:20 <DIR> d-------- c:\windows\NV9201656.TMP 2008-12-14 20:20 . 2008-08-02 11:20 198,941 --a------ c:\windows\system32\nvapps.nvb 2008-12-14 20:17 . 2008-04-14 01:40 1,296,669 -ra------ c:\windows\SET9B.tmp 2008-12-14 20:17 . 2008-04-14 01:34 1,088,840 -ra------ c:\windows\SET9E.tmp 2008-12-14 20:17 . 2001-08-23 07:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2008-12-14 20:17 . 2008-04-14 01:34 16,535 -ra------ c:\windows\SETAA.tmp 2008-12-14 20:17 . 2001-08-23 07:00 13,312 --a------ c:\windows\system32\irclass.dll 2008-12-14 19:06 . 2008-12-14 21:40 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-12-14 18:56 . 2008-12-14 18:56 <DIR> d-------- c:\windows\Downloaded Installations 2008-12-14 18:50 . 2008-12-14 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2008-12-14 18:24 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-14 18:13 . 2008-12-14 19:45 51,056 --a------ c:\windows\setupapi.old 2008-12-14 18:01 . 2008-12-14 18:01 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN\Application Data\Malwarebytes 2008-12-14 18:01 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN 2008-12-14 17:53 . 2008-12-14 17:53 <DIR> d-------- c:\program files\Trend Micro 2008-12-14 17:29 . 2008-12-14 17:29 <DIR> d-------- c:\documents and settings\Administrator 2008-12-14 17:09 . 2008-12-14 17:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-14 17:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-14 17:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-14 17:04 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Pro 2008-12-14 16:03 . 2008-12-14 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft 2008-12-14 04:53 . 2008-12-14 14:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-14 04:53 . 2008-12-23 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-14 04:51 . 2008-12-14 20:55 <DIR> d-------- c:\program files\RegCleaner 2008-12-14 04:13 . 2008-12-14 04:13 <DIR> d-------- c:\program files\CCleaner 2008-12-14 03:55 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Lite 2008-12-14 03:55 . 2008-12-14 03:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2008-12-14 02:59 . 2008-12-14 02:59 <DIR> d-------- c:\documents and settings\Rene\Application Data\vlc 2008-12-14 02:58 . 2008-12-14 02:58 <DIR> d-------- c:\program files\VideoLAN 2008-12-14 02:52 . 2008-12-14 02:53 16,320,472 --a------ C:\vlc-0.9.8a-win32.exe 2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\windows\HDTVPlayer v3.5 2008-12-14 02:33 . 2008-12-14 02:37 <DIR> d-------- c:\program files\Uninstall 2008-12-14 02:33 . 2008-12-14 02:33 576,000 --a------ c:\windows\uninstall.exe 2008-12-14 02:33 . 2008-12-10 18:18 22,406 --a------ c:\windows\system32\checksum.exe 2008-12-14 02:33 . 2008-12-12 15:10 176 --a------ c:\windows\system32\eowero.vbs 2008-12-14 02:33 . 2008-12-12 15:09 151 --a------ c:\windows\system32\cks.bat 2008-12-14 02:33 . 2008-12-14 02:37 2 --a------ C:\-931777760 2008-12-14 02:33 . 2008-12-14 17:02 0 --a------ c:\windows\system32\drivers\83eba970.sys 2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\Setup 2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\HDTVXviD Codec 2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\program files\Setup 2008-12-14 02:22 . 2008-12-09 03:10 176 --a------ c:\windows\eower.vbs 2008-12-14 02:22 . 2008-12-09 03:18 45 --a------ c:\windows\sys.bat 2008-12-13 16:49 . 2008-12-13 16:49 <DIR> d-------- c:\documents and settings\Rene\Application Data\Leadertech 2008-12-12 23:54 . 2008-12-12 23:54 <DIR> d-------- c:\windows\system32\LogFiles 2008-12-12 21:42 . 2008-12-14 16:14 <DIR> d--hs---- c:\windows\UmVuZSBNb3Jpbg 2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\windows\system32\foi 2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\temp\REX81 2008-12-12 16:10 . 2008-12-12 16:10 106,130 --a------ c:\windows\runner.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 02:17 --------- d-----w c:\documents and settings\Rene\Application Data\Azureus 2008-12-26 23:02 --------- d-----w c:\documents and settings\Rene\Application Data\LimeWire 2008-12-26 18:34 --------- d-----w c:\program files\Vuze 2008-12-23 18:25 --------- d-----w c:\program files\Java 2008-12-20 06:05 --------- d-----w c:\program files\DivX 2008-12-20 03:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-15 04:14 --------- d-----w c:\documents and settings\Rene\Application Data\Microsoft Games 2008-12-15 01:58 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 01:57 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-12-15 01:57 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-12-15 01:33 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-15 01:32 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-14 22:04 --------- d-----w c:\documents and settings\Rene\Application Data\DAEMON Tools 2008-12-14 19:05 --------- d-----w c:\program files\ASUS 2008-12-13 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2008-11-24 22:19 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-24 21:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-24 20:42 --------- d-----w c:\program files\7-Zip 2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-11-21 21:47 129,784 ----a-w c:\windows\system32\pxafs.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf 2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf 2008-11-13 02:14 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories 2008-10-28 09:08 38,972,478 ----a-w c:\windows\PIF\pif3.zip 2008-08-04 02:21 522 ----a-w c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk 2008-08-01 20:05 1,569 ----a-w c:\program files\uninstal.log 2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe 2008-07-31 11:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008073120080801\index.dat . ------- Sigcheck ------- 2008-07-23 13:59 361600 e88631e21a9caca06104802f9e915115 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-20_15.47.57.87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-20 02:35:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-26 19:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-20 02:35:49 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-26 19:00:31 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-12-20 02:35:49 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-26 19:00:31 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-12-15 01:51:30 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-12-27 02:37:06 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe + 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\java.exe - 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-12-23 18:25:21 148,888 ----a-w c:\windows\system32\javaws.exe - 2008-12-20 19:53:32 59,908 ----a-w c:\windows\system32\perfc009.dat + 2008-12-27 02:23:06 59,908 ----a-w c:\windows\system32\perfc009.dat - 2008-12-20 19:53:32 396,770 ----a-w c:\windows\system32\perfh009.dat + 2008-12-27 02:23:06 396,770 ----a-w c:\windows\system32\perfh009.dat + 2008-12-27 02:37:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_730.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2006-10-17 277352] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336] "QuickTime Task"="c:\windows\system32\qttask.exe" [2008-08-03 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600] "nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "CheckSum"="c:\windows\system32\cks.bat" [2008-12-12 151] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=dsafft.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless PCI_CardBus utility V1.01.exe.lnk backup=c:\windows\pss\Wireless PCI_CardBus utility V1.01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater] -ra------ 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --a------ 2008-05-19 14:24 91432 c:\program files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE] --a------ 2002-12-20 13:26 716800 c:\program files\Canon\BJCard\BJLaunch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJPD HID Control] --a------ 2003-01-21 15:35 45056 c:\program files\Canon\BJPV\TVMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] --a------ 2007-09-23 21:55 533944 c:\program files\Druide\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003] --a------ 2003-07-04 12:08 122880 c:\program files\Larousse\Petit Larousse 2004\bin\HIPL2002Popup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] --a------ 2007-03-05 16:57 1103480 c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] --------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 02:34 167936 c:\program files\poweriso\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-08-03 19:32 98304 c:\windows\system32\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] --------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-12-04 13:50 1809648 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-03-27 01:35 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\jeux\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\jeux\\dirt\\DiRT.exe"= "c:\\jeux\\need3\\nfs3.exe"= "c:\\jeux\\outrun 2006\\OR2006C2C.EXE"= "c:\\jeux\\trackmania sunrise\\TmSunrise.exe"= "c:\\jeux\\TEST DRIVE UNLIMITED\\TestDriveUnlimited.exe"= "c:\\jeux\\neverwinter 2\\nwn2main.exe"= "c:\\jeux\\neverwinter 2\\nwn2main_amdxp.exe"= "c:\\jeux\\neverwinter 2\\nwupdate.exe"= "c:\\jeux\\neverwinter 2\\nwn2server.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\jeux\\grid toca racer\\Grid\\GRID.exe"= "c:\\jeux\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"= R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-08-20 39472] R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-07-31 150568] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 97928] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704] R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-08-02 4448] R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-08-02 3328] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-07-31 36864] R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048] S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys [] S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys [] S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys [] S1 83eba970;83eba970;c:\windows\system32\drivers\83eba970.sys [2008-12-14 0] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] . Contenu du dossier 'Tâches planifiées' 2008-12-27 c:\windows\Tasks\wakpqlji.job - c:\windows\system32\rundll32.exe [2008-04-13 23:42] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{0148d3cd-a4f4-462d-b417-3ecb2cb7554c} - c:\windows\system32\dsafft.dll BHO-{A01CF18F-7D58-4FA5-980B-D58AD154C6EC} - c:\windows\system32\rqRLdCRk.dll HKCU-Run-prunnet - c:\windows\system32\prunnet.exe HKLM-Run-prunnet - c:\windows\system32\prunnet.exe . ------- Examen supplémentaire ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-26 21:37:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(788) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Canon\BJCard\Bjmcmng.exe c:\program files\diskkeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\IoctlSvc.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\checksum.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-12-26 21:39:35 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-27 02:39:33 ComboFix2.txt 2008-12-20 20:48:13 Avant-CF: 42 828 718 080 bytes free Après-CF: 42,791,043,072 bytes free 367

voici le log de moveit Error: Unable to interpret <First> in the current context! ========== FILES ========== C:\Documents and Settings\Rene\My Documents\eDonkey2000 Downloads\Gizmo Ultra.zip moved successfully. D:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQZJFCAO\apstpldr.dll[1].htm moved successfully. D:\Users\Rene\AppData\Local\Temp\FullBSCodecz.20402.exe moved successfully. D:\Users\Rene\AppData\Local\Temp\jah319313.exe moved successfully. D:\Users\Rene\AppData\Local\Temp\tmpB3F3.tmp moved successfully. D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar moved successfully. D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\Nero 8 Ultra Edition 8.3.2.1b + Working Serial + Crack\Nero-8.3.2.1_eng_trial_2.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\nosound\snezzi.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\sound\snezzi.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2).zip moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\nosound\snezzi.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\sound\snezzi.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\nosound\snezzi.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\sound\snezzi.exe moved successfully. E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28.zip moved successfully. E:\Emulateurs\PLAYSTATION 2 (PS2-pcsx2 0.95 beta 377 --- LE MEILLEUR)\Pcsx2_0.9.4_Setup.exe moved successfully. E:\MUSIC\MP3\calme\Rainbow Relaxation (Soft Music Series).wma moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\hsperfdata_Rene\5664 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\e4j24.tmp_dir31155\exe4jlib.jar scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Rene\LOCALS~1\Temp\~DF37B3.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_170.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_260.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12262008_211630 Files moved on Reboot... File C:\DOCUME~1\Rene\LOCALS~1\Temp\hsperfdata_Rene\5664 not found! C:\DOCUME~1\Rene\LOCALS~1\Temp\e4j24.tmp_dir31155\exe4jlib.jar moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered. C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered. C:\DOCUME~1\Rene\LOCALS~1\Temp\swt-win32-3448.dll moved successfully. File C:\DOCUME~1\Rene\LOCALS~1\Temp\~DF37B3.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_170.dat moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_260.dat not found!

VOICI LE RAPPORT KAPERSKY. il a trouvé des virus. javais seulement fait le test critical areas la derniere fois. Donc voici les résultats avec le full scan. J'attends ta reponse. ( en passant jai une dual partition. c: = win xp mais d: est vista 64 bit. E: est une partition ou je conserve des backup merci: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, December 23, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, December 23, 2008 11:50:22 Records in database: 1504397 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ G:\ H:\ Scan statistics: Files scanned: 338805 Threat name: 11 Infected objects: 20 Suspicious objects: 0 Duration of the scan: 03:44:30 File name / Threat name / Threats count C:\Documents and Settings\Rene\My Documents\eDonkey2000 Downloads\Gizmo Ultra.zip Infected: Backdoor.Win32.Raid.i 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQZJFCAO\apstpldr.dll[1].htm Infected: Trojan-Downloader.Win32.Agent.aubk 1 D:\Users\Rene\AppData\Local\Temp\FullBSCodecz.20402.exe Infected: Trojan-Downloader.Win32.FraudLoad.veji 1 D:\Users\Rene\AppData\Local\Temp\jah319313.exe Infected: Rootkit.Win32.TDSS.gen 1 D:\Users\Rene\AppData\Local\Temp\tmpB3F3.tmp Infected: Trojan.Win32.Agent.asxa 1 D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\MiRC.v6.16.WinALL.Incl.Keygen-NGEN.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Users\Rene\Desktop\A INSTALLER A TEMPS PERDU\Nero 8 Ultra Edition 8.3.2.1b + Working Serial + Crack\Nero-8.3.2.1_eng_trial_2.exe Infected: Trojan-Spy.Win32.BZub.ffd 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\nosound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2)\release\sound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\( BEST )snezzids-v0[1].28a(2).zip Infected: Backdoor.Win32.Agent.ezx 2 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\nosound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzi28a2\release\sound\snezzi.exe Infected: Backdoor.Win32.Agent.ezx 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\nosound\snezzi.exe Infected: Backdoor.Win32.Agent.kfa 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28\release\sound\snezzi.exe Infected: Backdoor.Win32.Agent.kfa 1 E:\Emulateurs\Nintendo DS\Nintendo DS\EMULATORS FOR DS ET GBA\SNES\snezzids-v0.28.zip Infected: Backdoor.Win32.Agent.kfa 2 E:\Emulateurs\PLAYSTATION 2 (PS2-pcsx2 0.95 beta 377 --- LE MEILLEUR)\Pcsx2_0.9.4_Setup.exe Infected: Trojan.Win32.Agent.axxp 1 E:\MUSIC\MP3\calme\Rainbow Relaxation (Soft Music Series).wma Infected: Trojan-Downloader.WMA.GetCodec.a 1 The selected area was scanned.

ok je refait le scan. Mais j'avais deja fait ce scan pour moi meme il y a deux-trois jours. javais choisit My computer. si je me souviens bien il avait rien trouvé. mais peut etre quew je me trompe. donc je vais le refaire selon tous vos crites et le tutorial. MERCI DE VOTRE AIDE. je post le log aussitot fait

ok merci pour l'info. Je vais essayer dêtre aider ici. de toute facon ma langue maternelle est le francais, cest plus facile. En passant j'ai dit que cetait un malware, mais je sais pas si ca peut etre un spyware ou autre virus. tout ce que je sais cest qu'a tout les 15 minutes une page ouvre avec un adresse. voici l'adresse: http://www.webthangs.com/count/rotate/click.php?id=4. de plus la page ouvre aussi quand windows ouvre. Pourtant tous les programme d'anti spyware ne détecte aucun problemes. voir : superspyware, anti-malware, ad-aware... javais deja toutes effacé les infections avant-hier. de plus jai tout fait mes scans en mode sans echecs et en nomral boot pour etre plus sur. VOICI LE LOG DEMANDÉ : ( merci de votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:45:05, on 2008-12-22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\checksum.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\diskkeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [CheckSum] C:\WINDOWS\system32\cks.bat O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU) O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU) O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU) O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\diskkeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 6668 bytes

Malgré plusieurs tentatives je n'ai pas réussi à l'enlever. J'ai écrit mon texte en anglais pour le copier sur dautres forum aussi. Vous pouvez me répondre en francais. merci de votre aide: i tried anti-malware, super antispyware, cclean, remove it pro, spybot, rogue remover, gmer, ad-aware... it cant remove it. and the worst thing is, all this apps cant find any trojan, virus, spyware. i cleaned everything. all of them are updated. i tried to clean my computer with each progam in normal boot and safe mode. i had a few rootkit, but i removed all of them. all files and registry entry, i read some info on google. the problem is: When i power on my computer, windows startup normally, but when windows is starting, a explorer page open automatically with this web site: http://www.webthangs.com/count/rotate/click.php?id=1 and redirect to http://publishers.xy7... and redirect again to this: http://www.geniusinspiration.com/cab...y&keyword=CD51 note: its strange but sometime it only open explorer with google.ca instead. but most of time it open with webhangs.... and sometime webhangs cant load. i closed the web site and can navaigate again without problem, but EVERY 15 minutes, the explorer page open again automatically and the same web open one after another. for example: im playing a 3d game, my game exiting and im back with the explorer page every 15 minutes. i cant play much then 15 minutes without this problem. i have windows xp sp3 professional original and i use avg 8.0 free edition. i cant format my hard disk, so i must remove that problem or live with it. i have more than 80 hours installation time in this computer. i will not reinstall all that again i will post : attach.txt dds.txt ark.txt thanks for help THIS IS MY DDS.txt: DDS (Version 1.1.0) - NTFSx86 Run by Rene at 13:43:07,57 on 2008-12-20 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3327.2816 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\checksum.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Canon\BJCard\Bjmcmng.exe C:\Program Files\diskkeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Rene\Desktop\dds.com ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mWinlogon: System=c:\windows\system32\svch?st.exe, mWinlogon: SfcDisable=-99 (0xffffff9d) TB: {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - c:\program files\systran\4_0\premium\IEPlugIn.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui mRun: [nwiz] nwiz.exe /install mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [CTHelper] CTHELPER.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRunOnce: [CheckSum] c:\windows\system32\cks.bat dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-8-20 39472] R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-7-31 150568] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-14 26824] R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424] R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-14 231704] R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-8-2 4448] R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-8-2 3328] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-6-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-6-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-6-27 566296] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864] R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048] S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys [] S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys [] S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys [] S1 83eba970;83eba970;c:\windows\system32\drivers\83eba970.sys [2008-12-14 0] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-6-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-6-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-6-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-6-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-6-27 566296] S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408] ============== File Associations =============== regfile=regedit.exe "%1" %* scrfile="%1" %* =============== Created Last 30 ================ 2008-12-20 01:05 120,056 -------- c:\windows\system32\pxcpyi64.exe 2008-12-20 01:05 118,520 -------- c:\windows\system32\pxinsi64.exe 2008-12-19 22:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2008-12-19 22:56 <DIR> --d----- c:\program files\SUPERAntiSpyware 2008-12-19 22:56 <DIR> --d----- c:\docume~1\rene\applic~1\SUPERAntiSpyware.com 2008-12-19 22:50 <DIR> --d----- c:\program files\FileASSASSIN 2008-12-19 22:48 <DIR> --d----- c:\program files\RogueRemover FREE 2008-12-19 22:00 <DIR> --d----- c:\program files\InCode Solutions 2008-12-15 01:39 171,136 a--shr-- C:\grldr 2008-12-14 23:47 <DIR> --d----- c:\program files\Lavasoft 2008-12-14 22:28 <DIR> --d-h--- C:\$AVG8.VAULT$ 2008-12-14 22:21 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-12-14 22:21 97,928 a------- c:\windows\system32\drivers\avgldx86.sys 2008-12-14 22:21 <DIR> --d----- c:\windows\system32\drivers\Avg 2008-12-14 22:09 49,152 a------- c:\windows\system32\svch?st.exe 2008-12-14 22:06 223,128 a------- c:\windows\system32\drivers\dtscsi.sys 2008-12-14 22:06 <DIR> --d----- c:\program files\DAEMON Tools 2008-12-14 22:03 717,296 a------- c:\windows\system32\drivers\sptd.sys 2008-12-14 20:59 30,528 a------- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-14 20:59 11,564 a------- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-14 20:59 4,958,588 a------- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK 2008-12-14 20:58 <DIR> --d----- c:\program files\Creative 2008-12-14 20:34 <DIR> --d----- c:\windows\system32\dllcache 2008-12-14 20:33 488 a---hr-- c:\windows\system32\logonui.exe.manifest 2008-12-14 20:33 749 a---hr-- c:\windows\WindowsShell.Manifest 2008-12-14 20:33 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest 2008-12-14 20:33 749 a---hr-- c:\windows\system32\sapi.cpl.manifest 2008-12-14 20:33 749 a---hr-- c:\windows\system32\nwc.cpl.manifest 2008-12-14 20:33 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest 2008-12-14 20:20 198,941 a------- c:\windows\system32\nvapps.nvb 2008-12-14 20:20 <DIR> --d----- c:\windows\NV9201656.TMP 2008-12-14 20:17 13,312 a------- c:\windows\system32\irclass.dll 2008-12-14 20:17 24,661 a------- c:\windows\system32\spxcoins.dll 2008-12-14 20:17 16,535 a----r-- c:\windows\SETAA.tmp 2008-12-14 20:17 1,088,840 a----r-- c:\windows\SET9E.tmp 2008-12-14 20:17 1,296,669 a----r-- c:\windows\SET9B.tmp 2008-12-14 19:06 <DIR> --d----- c:\program files\DAEMON Tools Lite 2008-12-14 18:56 <DIR> --d----- c:\windows\Downloaded Installations 2008-12-14 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro 2008-12-14 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8 2008-12-14 18:13 51,056 a------- c:\windows\setupapi.old 2008-12-14 17:53 <DIR> --d----- c:\program files\Trend Micro 2008-12-14 17:09 15,504 a------- c:\windows\system32\drivers\mbam.sys 2008-12-14 17:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-14 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2008-12-14 17:04 <DIR> --d----- c:\docume~1\rene\applic~1\DAEMON Tools Pro 2008-12-14 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft 2008-12-14 04:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2008-12-14 04:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2008-12-14 04:51 <DIR> --d----- c:\program files\RegCleaner 2008-12-14 04:13 <DIR> --d----- c:\program files\CCleaner 2008-12-14 03:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite 2008-12-14 03:55 <DIR> --d----- c:\docume~1\rene\applic~1\DAEMON Tools Lite 2008-12-14 02:58 <DIR> --d----- c:\program files\VideoLAN 2008-12-14 02:52 16,320,472 a------- C:\vlc-0.9.8a-win32.exe 2008-12-14 02:33 0 a------- c:\windows\system32\drivers\83eba970.sys 2008-12-14 02:33 2 a------- C:\-931777760 2008-12-14 02:33 576,000 a------- c:\windows\uninstall.exe 2008-12-14 02:33 176 a------- c:\windows\system32\eowero.vbs 2008-12-14 02:33 151 a------- c:\windows\system32\cks.bat 2008-12-14 02:33 <DIR> --d----- c:\program files\Uninstall 2008-12-14 02:33 22,406 -------- c:\windows\system32\checksum.exe 2008-12-14 02:33 <DIR> --d----- c:\windows\HDTVPlayer v3.5 2008-12-14 02:22 176 a------- c:\windows\eower.vbs 2008-12-14 02:22 45 a------- c:\windows\sys.bat 2008-12-14 02:22 <DIR> --d----- c:\windows\Setup 2008-12-14 02:22 <DIR> --d----- c:\program files\Setup 2008-12-14 02:22 <DIR> --d----- c:\windows\HDTVXviD Codec 2008-12-12 23:54 <DIR> --d----- c:\windows\system32\LogFiles 2008-12-12 21:42 <DIR> --dsh--- c:\windows\UmVuZSBNb3Jpbg 2008-12-12 21:42 <DIR> --d----- c:\temp\REX81 2008-12-12 21:42 <DIR> --d----- c:\windows\system32\vc 2008-12-12 21:42 <DIR> --d----- c:\windows\system32\foi 2008-12-12 16:10 106,130 a------- c:\windows\runner.exe 2008-11-26 22:01 547,840 a------- c:\windows\system32\wiaaut.dll 2008-11-26 22:01 132,880 a------- c:\windows\system32\MSINET.OCX 2008-11-26 22:01 108,336 a------- c:\windows\system32\Mswinsck.ocx 2008-11-26 22:01 102,400 a------- c:\windows\system32\DinkITXPUIMenus.ocx 2008-11-26 22:01 65,536 a------- c:\windows\system32\EnhSliderOcx.ocx 2008-11-26 22:01 64,000 a------- c:\windows\system32\wiaaut.oca 2008-11-24 16:29 <DIR> --d----- c:\windows\system32\xlive 2008-11-24 16:23 <DIR> --d----- c:\docume~1\rene\applic~1\Microsoft Games 2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe 2008-11-21 16:47 4,816 a------- c:\windows\system32\divxsm.tlb 2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll 2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll 2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll 2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe 2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll ==================== Find3M ==================== 2008-12-14 20:57 444,952 a------- c:\windows\system32\wrap_oal.dll 2008-12-14 20:57 109,080 a------- c:\windows\system32\OpenAL32.dll 2008-12-14 20:30 22,720 a------- c:\windows\system32\emptyregdb.dat 2008-11-24 17:19 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-11-21 16:47 129,784 -------- c:\windows\system32\pxafs.dll 2008-11-12 21:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf 2008-11-12 21:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf 2008-10-28 04:08 38,972,478 a------- c:\windows\pif\pif3.zip 2008-08-03 21:21 522 a------- c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk 2008-08-01 15:05 1,569 a------- c:\program files\uninstal.log 2006-06-24 01:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe 2008-07-31 06:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat ATTACH.TXT: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Version 1.0) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2008-12-14 20:34:41 System Uptime: 2008-12-20 11:25:45 (2 hours ago) Motherboard: ASUSTeK Computer INC. | | P5Q Processor: Intel Pentium III Xeon processor | LGA 775 | 2999/376mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 230 GiB total, 42,502 GiB free. D: is FIXED (NTFS) - 100 GiB total, 69,428 GiB free. E: is FIXED (NTFS) - 135 GiB total, 47,692 GiB free. G: is CDROM () H: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP14: 2008-12-19 23:41:02 - Installed SUPERAntiSpyware Free Edition ==== Installed Programs ====================== 4x4 Evo2 7-Zip 4.57 ACE Mega CoDecS Pack Ad-Aware Adobe Reader 8.1.2 Age of Empires III Antidote RX v2 Aquadelic GT 1.0.0.0 Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver AutoUpdate AVG Free 8.0 Bejeweled Deluxe 1.6z Big City Adventure San Francisco BSPlayer Canon i470D CCleaner (remove only) Cool Edit Pro 2.1 Creative Audio Console Croc 2 CyberLink PowerDVD8 Daytona USA DEVIL MAY CRY 4 DiRT Diskeeper 2007 Pro Premier Divine Divinity DivX Codec DivX Player Download Manager 2.3.6 Drome Racers Dungeon Siege Demo EA Network Play System Electronic Arts Game Updater Enclave eRacer Fable - The Lost Chapters Far Cry Far Cry (Patch 1.3) Far Cry (Patch 1.31) Far Cry (Patch 1.33) ffdshow (remove only) FileASSASSIN Final Fantasy VII Final Fantasy VII XP Patch FlatOut FlatOut2 Fraps Gears of War GRID GTR 2 1.0.0.0 Heroes of Might and Magic® IV HijackThis 2.0.2 IsoBuster 2.3 Java 6 Update 7 Jazz Jackrabbit 2 Lecteur Windows Media 11 LimeWire 4.18.3 Logitech Gaming Software Malwarebytes' Anti-Malware Malwarebytes' RogueRemover Megaman X5 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft Application Compatibility Toolkit 5.0 Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft RalliSport Challenge Microsoft Silverlight Microsoft Software Update for Web Folders (French) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Xbox 360 Accessories 1.0 mIRC Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Moto Racer Moto Racer 2 MSN MSXML 4.0 SP2 (KB941833) MVP Baseball 2003 Need For Speed - Porsche Unleashed Need for speed 4 high stakes Need For Speed High Stakes Need For Speed Hot Pursuit 2 Need For Speed II SE Need For Speed III Need for Speed Underground 2 Need for Speed™ Carbon Need for Speed™ ProStreet Need for Speed™ Undercover Nero 8 neroxml Neverwinter Nights 2 NVIDIA Drivers NVIDIA PhysX v8.08.01 Oblivion Ocean Express Off Road OpenAL OutRun2006 Coast 2 Coast Paragon Partition Manager 9.0 Professional Paraworld US SP Demo Petit Larousse 2004 PowerISO Prince of Persia Les Sables du Temps PSP Video 9 2.24 Pure Puzzles Collection Quake 4 QuickTime R.C. Cars Rally Trophy RAYKIT RemoveIT Pro v4 - SE SEGA Rally Setup Shockwave Sid Meier's Pirates! SimCity 4 SolSuite SONIC ADVENTURE DX-Director's Cut Spybot - Search & Destroy Star Wars JK II Jedi Outcast Stunt GP SUPERAntiSpyware Free Edition Supercar Street Challenge Systran Professional Premium 4.0 Test Drive Unlimited Titan Quest Tomb Raider: Anniversary 1.0 Topwords TrackMania Sunrise 1.4.6 Ultima IX Utilitaire de carte mémoire VLC media player 0.9.8a VoptXP v7.22 Vuze Warcraft III WebFldrs XP Winamp Windows Live Messenger Windows Media Format 11 runtime Windows Media Player 11 Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 WinRAR archiver Wipeout XL ==== Event Viewer Messages From Past Week ======== 2008-12-14 03:07:11, error: PlugPlayManager [11] - The device Root\LEGACY_BEEP\0000 disappeared from the system without first being prepared for removal. 2008-12-14 02:35:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep 2008-12-14 03:20:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the icf service to connect. 2008-12-14 03:20:21, error: Service Control Manager [7000] - The icf service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2008-12-14 03:26:55, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. 2008-12-14 03:33:35, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 2008-12-14 03:47:47, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2008-12-14 04:00:31, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0. 2008-12-14 16:33:25, error: sfsync02 [12] - 2008-12-14 17:29:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2008-12-14 17:31:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd 2008-12-14 17:31:27, error: sptd [4] - Driver detected an internal error in its data structures for . 2008-12-14 18:01:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 2008-12-14 18:02:09, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 2008-12-14 18:02:09, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2008-12-14 18:02:09, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 2008-12-14 18:02:09, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 2008-12-14 18:02:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip 2008-12-14 18:13:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv61xx 2008-12-14 18:13:09, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x398dedcc00+1'. It has stopped monitoring the volume. 2008-12-14 19:53:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip 2008-12-14 20:24:47, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 2008-12-14 20:24:47, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . 2008-12-14 20:33:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} 2008-12-14 20:35:59, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. 2008-12-15 00:16:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu sptd Tcpip 2008-12-15 00:20:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 2008-12-15 12:00:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips hotcore3 intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SCDEmu Sparrow Tcpip 2008-12-19 23:40:27, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000022' while processing the file 'ati2axxx.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 2008-12-19 23:44:25, error: Service Control Manager [7028] - The msqpdxserv.sys Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. 2008-12-19 23:53:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip 2008-12-20 00:22:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hotcore3 Sparrow 2008-12-14 20:40:26, information: Windows File Protection [64032] - Windows File Protection is not active on this system. ==== End Of File =========================== ARK.LOG: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-20 15:22:10 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT spqo.sys ZwCreateKey [0xBA6A80E0] SSDT spqo.sys ZwEnumerateKey [0xBA6C6CA2] SSDT spqo.sys ZwEnumerateValueKey [0xBA6C7030] SSDT spqo.sys ZwOpenKey [0xBA6A80C0] SSDT spqo.sys ZwQueryKey [0xBA6C7108] SSDT spqo.sys ZwQueryValueKey [0xBA6C6F88] SSDT spqo.sys ZwSetValueKey [0xBA6C719A] INT 0x63 ? 8B387BF8 INT 0x63 ? 8B387BF8 INT 0x63 ? 8B387BF8 INT 0x63 ? 8B387BF8 INT 0x63 ? 8A49EBF8 INT 0x83 ? 8B38ABF8 INT 0x83 ? 8A49EBF8 INT 0x83 ? 8B38ABF8 INT 0x94 ? 8A49EBF8 INT 0xA4 ? 8A49EBF8 INT 0xA4 ? 8A49EBF8 INT 0xA4 ? 8A49EBF8 INT 0xA4 ? 8A49EBF8 INT 0xB4 ? 8A49EBF8 Code \SystemRoot\System32\Drivers\sybex38.SYS ZwDuplicateObject [0xBAC7095B] Code \SystemRoot\System32\Drivers\sybex38.SYS ExAllocatePool Code \SystemRoot\System32\Drivers\sybex38.SYS ExAllocatePoolWithTag Code \SystemRoot\System32\Drivers\sybex38.SYS KeDelayExecutionThread Code \SystemRoot\System32\Drivers\sybex38.SYS NtDuplicateObject ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8B3851F8 Device \FileSystem\Fastfat \FatCdrom 88EEC1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B02A5D69-82A7-4E41-A7BD-C566F9F3B820} 890D31F8 Device \Driver\usbuhci \Device\USBPDO-0 8A4151F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3131F8 Device \Driver\dmio \Device\DmControl\DmConfig 8B3131F8 Device \Driver\dmio \Device\DmControl\DmPnP 8B3131F8 Device \Driver\dmio \Device\DmControl\DmInfo 8B3131F8 Device \Driver\usbuhci \Device\USBPDO-1 8A4151F8 Device \Driver\usbuhci \Device\USBPDO-2 8A4151F8 Device \Driver\usbehci \Device\USBPDO-3 8A47D1F8 Device \Driver\PCI_PNP4086 \Device\00000060 spqo.sys Device \Driver\usbuhci \Device\USBPDO-4 8A4151F8 Device \Driver\usbuhci \Device\USBPDO-5 8A4151F8 Device \Driver\usbuhci \Device\USBPDO-6 8A4151F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8B3881F8 Device \Driver\usbehci \Device\USBPDO-7 8A47D1F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8B3881F8 Device \Driver\Cdrom \Device\CdRom0 8A3751F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8B3881F8 Device \Driver\Cdrom \Device\CdRom1 8A3751F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetBt_Wins_Export 890D31F8 Device \Driver\NetBT \Device\NetbiosSmb 890D31F8 Device \Driver\usbuhci \Device\USBFDO-0 8A4151F8 Device \Driver\usbuhci \Device\USBFDO-1 8A4151F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1C7500 Device \Driver\usbuhci \Device\USBFDO-2 8A4151F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1C7500 Device \Driver\usbehci \Device\USBFDO-3 8A47D1F8 Device \Driver\usbuhci \Device\USBFDO-4 8A4151F8 Device \Driver\Ftdisk \Device\FtControl 8B3881F8 Device \Driver\usbuhci \Device\USBFDO-5 8A4151F8 Device \Driver\usbuhci \Device\USBFDO-6 8A4151F8 Device \Driver\usbehci \Device\USBFDO-7 8A47D1F8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A3341F8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8B3861F8 Device \Driver\mv61xx \Device\Scsi\mv61xx1 8B3861F8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A3341F8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\Fastfat \Fat 88EEC1F8 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8A3C0500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmhxtofxh.sys Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \systemroot\system32\drivers\msqpdxmhxtofxh.sys Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \systemroot\system32\msqpdxosvdnrsr.dll Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ... Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmhxtofxh.sys Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxserv \systemroot\system32\drivers\msqpdxmhxtofxh.sys Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxl \systemroot\system32\msqpdxosvdnrsr.dll Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ... ---- Files - GMER 1.0.14 ---- File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\step_back[1].gif 225 bytes File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\wrt[1].gif 836 bytes File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\globalNavCorner[1].gif 89 bytes File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\kb_default[1].htm 3011 bytes File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\icon_treenode_neg[1].gif 63 bytes File C:\Documents and Settings\Rene\My Documents\Azureus Downloads\PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\GoW\Gears of War\Wargame\CookedPC\COG\COG_Characters\COG_Grunt\COG_Grunt_Accessories\COG_Grunt_FragGrenade\COG_Grunt_FragGrenade.upk 411994 bytes ---- EOF - GMER 1.0.14 ----