Aller au contenu
Zebulon

alfa128

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    22

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par alfa128

  1. alfa128
    nop pas un windows Trust... qu'en dis tu il a l'air infecté ?
  2. alfa128
    bonsoir, j'ai ete tres recemment infecté par le virus bifrose sur 3 de mes machines et grace aux precieux conseils des admins du site jai pu le resoudre sur 2 postes. jai donc formaté le 3eme pour que tous soit propre mais jai reutilise des supports de stockage qui ont de grandes chances detre encore verrolés. qqun peut il jeter un oeil sur le rapport RSIT ci joint et mindiquer si je suis toujours sujet a la bestiole bifrose ?? ceci dans l'optique deviter detre reinfecté une fois de plus par un simple oubli du virus sur une cle usb quelconque... ci joint le rapport RSIT pour un laptop LG equipe de winxp pro (avec 3 support de stockage branché) log.txt : Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 23:24:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 70 GB (92%) free of 76 GB Total RAM: 766 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:16, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\mmm.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WinMover\WinMover.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Notepad++\notepad++.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- End of file - 4715 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl [] "Mmm"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-25 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 "NoSMConfigurePrograms"=1 "ForceClassicControlPanel"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-02-15 23:24:52 ----D---- C:\Program Files\trend micro 2009-02-15 23:24:51 ----D---- C:\rsit 2009-02-15 21:21:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-02-15 21:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-15 21:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-15 19:40:57 ----D---- C:\WINDOWS\Sun 2009-02-15 19:34:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-02-15 19:29:08 ----A---- C:\WINDOWS\system32\h323log.txt 2009-02-15 19:28:16 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-02-15 19:27:54 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irmon.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irftp.exe 2009-02-15 19:25:35 ----A---- C:\WINDOWS\system32\usbui.dll 2009-02-15 19:24:00 ----A---- C:\WINDOWS\system32\OLD6.tmp 2009-02-15 19:23:59 ----D---- C:\WINDOWS\LastGood 2009-02-15 19:22:22 ----A---- C:\WINDOWS\imsins.BAK 2009-02-15 19:22:19 ----SHD---- C:\WINDOWS\Installer 2009-02-15 19:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-15 19:22:18 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-02-15 19:22:18 ----A---- C:\WINDOWS\ODBCINST.INI 2009-02-15 19:22:14 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2009-02-15 19:22:13 ----RD---- C:\Program Files 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\irclass.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-02-15 19:21:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-02-15 19:21:57 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-02-15 19:21:56 ----A---- C:\WINDOWS\system32\batt.dll 2009-02-15 19:21:55 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-02-15 19:21:53 ----A---- C:\WINDOWS\system32\storprop.dll 2009-02-15 19:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-02-15 19:21:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-02-15 19:21:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-02-15 19:21:28 ----RA---- C:\WINDOWS\SET3.tmp 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-15 19:21:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-15 19:20:40 ----A---- C:\WINDOWS\setuplog.txt 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2r32.dll 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2c32.dll 2009-02-15 19:19:30 ----A---- C:\WINDOWS\system32\udaprop.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmudax.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmirmdrv.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\Audio3D.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\a3d.dll 2009-02-15 19:19:16 ----A---- C:\WINDOWS\system32\cmirmdrv.exe 2009-02-15 19:18:05 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 19:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 19:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 19:14:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities 2009-02-15 19:14:53 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-02-15 19:14:44 ----HD---- C:\Program Files\Uninstall Information 2009-02-15 19:13:26 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2009-02-15 19:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atitvo32.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atioglxx.dll 2009-02-15 19:12:38 ----A---- C:\WINDOWS\system32\atioglx2.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\Atioglgl.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atikvmag.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati3duag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2009-02-15 19:11:52 ----D---- C:\Program Files\D-Tools 2009-02-15 19:11:46 ----D---- C:\Program Files\Unlocker 2009-02-15 19:11:38 ----D---- C:\WINDOWS\system32\Adobe 2009-02-15 19:11:26 ----D---- C:\Program Files\Media Player Classic 2009-02-15 19:11:21 ----D---- C:\Program Files\Combined Community Codec Pack 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-02-15 19:11:07 ----D---- C:\Program Files\Real Alternative 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real 2009-02-15 19:10:58 ----D---- C:\Program Files\QT Lite 2009-02-15 19:10:53 ----D---- C:\Program Files\Chrono Shutdown 2009-02-15 19:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Adobe 2009-02-15 19:09:59 ----SHD---- C:\System Volume Information 2009-02-15 19:09:59 ----D---- C:\Documents and Settings 2009-02-15 19:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\Fichiers communs\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\ACD Systems 2009-02-15 19:09:29 ----SH---- C:\boot.ini 2009-02-15 19:09:24 ----D---- C:\Program Files\DAMN NFO Viewer 2009-02-15 19:09:17 ----D---- C:\Program Files\Windows Live Safety Center 2009-02-15 19:09:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-02-15 19:09:06 ----D---- C:\Program Files\Windows Live 2009-02-15 19:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink 2009-02-15 19:08:35 ----D---- C:\Program Files\InstallShield Installation Information 2009-02-15 19:08:35 ----D---- C:\Program Files\Fichiers communs\CyberLink 2009-02-15 19:08:06 ----D---- C:\Program Files\CyberLink 2009-02-15 19:07:57 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-02-15 19:07:21 ----D---- C:\Program Files\ImgBurn 2009-02-15 19:07:19 ----D---- C:\Program Files\WinRAR 2009-02-15 19:06:40 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-02-15 19:06:01 ----D---- C:\WINDOWS\system32\XPSViewer 2009-02-15 19:06:01 ----D---- C:\Program Files\MSBuild 2009-02-15 19:06:00 ----D---- C:\WINDOWS\system32\en-us 2009-02-15 19:05:56 ----D---- C:\Program Files\Reference Assemblies 2009-02-15 19:05:47 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-02-15 19:05:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-15 19:05:43 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XpsSvcs.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XPSSHHDR.dll 2009-02-15 19:05:34 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-02-15 19:05:17 ----D---- C:\Program Files\PuTTY 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Wc.com 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Vbar332.dll 2009-02-15 19:05:10 ----A---- C:\WINDOWS\system32\Upxgui.exe 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Replacer.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2inf.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msrd2x35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjter35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjint35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjet35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Modifype.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.dll 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\MakeISO.cmd 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\LCISOCreator.exe 2009-02-15 19:05:04 ----A---- C:\WINDOWS\IsUninst.exe 2009-02-15 19:04:59 ----A---- C:\WINDOWS\system32\HFExtract.exe 2009-02-15 19:04:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\Fgcba.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\eXPander.exe 2009-02-15 19:04:54 ----D---- C:\WINDOWS\system32\Console 2009-02-15 19:04:54 ----D---- C:\Program Files\Epsilon Squared 2009-02-15 19:04:52 ----D---- C:\Program Files\Utilitaires 2009-02-15 19:04:52 ----D---- C:\Program Files\CMenu 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cdimage.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabtool.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabarc.exe 2009-02-15 19:04:47 ----D---- C:\Program Files\WinMover 2009-02-15 19:04:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\EliasAE 2009-02-15 19:04:36 ----D---- C:\Program Files\FlashFXP 2009-02-15 19:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP 2009-02-15 19:04:30 ----A---- C:\WINDOWS\system32\notepad.original.exe 2009-02-15 19:04:30 ----A---- C:\WINDOWS\notepad.original.exe 2009-02-15 19:04:28 ----D---- C:\Program Files\Notepad++ 2009-02-15 19:04:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Notepad++ 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\TwnLib4.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXRA7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXR7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXpr7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagX7.dll 2009-02-15 19:04:03 ----D---- C:\Program Files\Nero 2009-02-15 19:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-02-15 19:04:02 ----D---- C:\Program Files\Fichiers communs\Nero 2009-02-15 19:03:49 ----D---- C:\Program Files\MSECache 2009-02-15 19:03:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-15 19:03:42 ----RSD---- C:\WINDOWS\Fonts 2009-02-15 19:03:42 ----RD---- C:\WINDOWS\Web 2009-02-15 19:03:42 ----HD---- C:\WINDOWS\inf 2009-02-15 19:03:42 ----D---- C:\WINDOWS\WinSxS 2009-02-15 19:03:42 ----D---- C:\WINDOWS\twain_32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Temp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wins 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wbem 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\usmt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\spool 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Setup 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ras 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\oobe 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\npp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Macromed 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\IME 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\icsxml 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ias 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\export 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\dhcp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3com_dmi 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3076 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\2052 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1054 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1042 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1041 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1037 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1036 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1033 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1031 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1028 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1025 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system 2009-02-15 19:03:42 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-15 19:03:42 ----D---- C:\WINDOWS\security 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Resources 2009-02-15 19:03:42 ----D---- C:\WINDOWS\repair 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Provisioning 2009-02-15 19:03:42 ----D---- C:\WINDOWS\PeerNet 2009-02-15 19:03:42 ----D---- C:\WINDOWS\pchealth 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Network Diagnostic 2009-02-15 19:03:42 ----D---- C:\WINDOWS\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msapps 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msagent 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Media 2009-02-15 19:03:42 ----D---- C:\WINDOWS\L2Schemas 2009-02-15 19:03:42 ----D---- C:\WINDOWS\java 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ime 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Help 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ehome 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Driver Cache 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Debug 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Cursors 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Connection Wizard 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\AppPatch 2009-02-15 19:03:42 ----D---- C:\WINDOWS\addins 2009-02-15 19:03:42 ----D---- C:\WINDOWS 2009-02-15 18:54:31 ----D---- C:\Program Files\Microsoft Works 2009-02-15 18:54:00 ----D---- C:\Program Files\Microsoft Visual Studio 2009-02-15 18:54:00 ----D---- C:\Program Files\Fichiers communs\DESIGNER 2009-02-15 18:53:30 ----D---- C:\Program Files\Microsoft.NET 2009-02-15 18:51:07 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-15 18:50:16 ----D---- C:\WINDOWS\SHELLNEW 2009-02-15 18:49:31 ----D---- C:\Program Files\Microsoft Office 2009-02-15 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-02-15 18:49:04 ----RHD---- C:\MSOCache 2009-02-15 18:47:56 ----D---- C:\Program Files\Mozilla Thunderbird 2009-02-15 18:47:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-02-15 18:47:28 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\java.exe 2009-02-15 18:46:42 ----D---- C:\Program Files\Java 2009-02-15 18:46:40 ----D---- C:\Program Files\Fichiers communs\Java 2009-02-15 18:46:34 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun 2009-02-15 18:44:55 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2009-02-15 18:44:55 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini 2009-02-15 18:42:08 ----A---- C:\WINDOWS\system32\cmdow.exe 2009-02-15 18:39:46 ----D---- C:\WINDOWS\system32\URTTemp 2009-02-15 18:39:01 ----RSD---- C:\WINDOWS\assembly 2009-02-15 18:39:01 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-15 18:38:47 ----A---- C:\WINDOWS\control.ini 2009-02-15 18:38:47 ----A---- C:\AUTOEXEC.BAT 2009-02-15 18:38:30 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-15 18:38:24 ----D---- C:\Program Files\Microsoft Silverlight 2009-02-15 18:38:24 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-02-15 18:37:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-02-15 18:36:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-02-15 18:36:47 ----HD---- C:\Program Files\WindowsUpdate 2009-02-15 18:36:41 ----D---- C:\Program Files\Services en ligne 2009-02-15 18:36:20 ----D---- C:\WINDOWS\system32\DirectX 2009-02-15 18:36:10 ----A---- C:\WINDOWS\system32\atrace.dll 2009-02-15 18:36:08 ----A---- C:\WINDOWS\system32\desktop.ini 2009-02-15 18:36:07 ----A---- C:\WINDOWS\desktop.ini 2009-02-15 18:36:01 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-02-15 18:36:00 ----A---- C:\WINDOWS\system32\acctres.dll 2009-02-15 18:35:59 ----D---- C:\Program Files\Fichiers communs\Services 2009-02-15 18:35:56 ----SD---- C:\WINDOWS\Tasks 2009-02-15 18:35:56 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-02-15 18:35:55 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-02-15 18:35:51 ----D---- C:\WINDOWS\srchasst 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wups.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.685515.bak 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.685390.bak 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-02-15 18:35:40 ----D---- C:\Program Files\Movie Maker 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-02-15 18:35:13 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srclient.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\ils.dll 2009-02-15 18:35:11 ----A---- C:\WINDOWS\system32\msconf.dll 2009-02-15 18:35:07 ----D---- C:\Program Files\NetMeeting 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-02-15 18:35:05 ----A---- C:\WINDOWS\system32\inetres.dll 2009-02-15 18:35:04 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-02-15 18:35:02 ----D---- C:\Program Files\Outlook Express 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstask.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\isign32.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-02-15 18:34:54 ----D---- C:\Program Files\Fichiers communs\System 2009-02-15 18:33:50 ----D---- C:\Program Files\ComPlus Applications 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vbaddin.ini 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vb.ini 2009-02-15 18:33:39 ----D---- C:\WINDOWS\Registration 2009-02-15 18:33:13 ----D---- C:\Program Files\Windows Media Connect 2 2009-02-15 18:33:12 ----D---- C:\Program Files\Windows Media Player 2009-02-15 18:33:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-02-15 18:33:01 ----A---- C:\WINDOWS\system32\vb40032.dll 2009-02-15 18:33:00 ----A---- C:\WINDOWS\system32\ssleay32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\openal32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvci70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstkprp.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71u.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70u.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-02-15 18:32:53 ----A---- C:\WINDOWS\system32\libssl32.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libmmd.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libintl3.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libiconv2.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\zlib1.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\libeay32.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\cygwinb19.dll 2009-02-15 18:32:50 ----A---- C:\WINDOWS\system32\cygwin1.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\autoitx3.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl71.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl70.dll 2009-02-15 18:32:01 ----RD---- C:\WINDOWS\Offline Web Pages 2009-02-15 18:32:01 ----A---- C:\WINDOWS\system32\winfxdocobj.exe 2009-02-15 18:32:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-15 18:31:59 ----D---- C:\WINDOWS\wbem 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedssync.exe 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-02-15 18:31:57 ----A---- C:\WINDOWS\system32\ieframe.dll.mui 2009-02-15 18:31:55 ----A---- C:\WINDOWS\system32\advpack.dll.mui 2009-02-15 18:31:53 ----D---- C:\Program Files\Internet Explorer 2009-02-15 18:31:50 ----D---- C:\Program Files\MSN Gaming Zone 2009-02-15 18:31:50 ----A---- C:\WINDOWS\system32\write.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\hticons.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\winchat.exe 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avwav.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\getuname.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\charmap.exe 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\calc.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\winmine.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\sol.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tskill.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\shadow.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\reset.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\regini.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\freecell.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msg.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\logoff.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-02-15 18:31:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-02-15 18:31:20 ----D---- C:\Program Files\Windows NT 2009-02-15 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\spider.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-02-15 18:31:15 ----D---- C:\WINDOWS\system32\MsDtc 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-02-15 18:31:12 ----D---- C:\WINDOWS\system32\Com 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\stclient.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\colbact.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comuid.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-02-15 18:31:10 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-02-15 18:31:04 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 1 months====== 2009-02-15 19:22:11 ----A---- C:\WINDOWS\system.ini 2009-02-15 19:07:53 ----A---- C:\WINDOWS\system32\msxml3r.dll 2009-02-15 18:38:44 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-06-25 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-06-25 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-06-25 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-08-15 1287296] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-06-25 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-25 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-06-25 61824] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-06-25 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-25 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-25 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-06-25 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.05 2009-02-15 23:25:20 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall Chrono Shutdown-->rundll32.exe advpack.dll,LaunchINFSection chrono.inf,ChronoShutdown.Uninstall ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe CMenu-->"C:\Program Files\CMenu\CMenu.exe" /uninstall Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE} Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38} File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" InstallWatch Pro 2.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu" Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe Nero 8 Lite 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe" Notepad++-->C:\Program Files\Notepad++\uninstall.exe PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe" Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe" RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Unlocker.inf,Unlocker.Uninstall Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E} Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security System event log Computer Name: SWEET-B1E093CFD Event Code: 3260 Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'. Record Number: 5 Source Name: Workstation Time Written: 20090215183056.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 6011 Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-B1E093CFD. Record Number: 4 Source Name: EventLog Time Written: 20090215182913.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 2 Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée. Record Number: 3 Source Name: Serial Time Written: 20090215191023.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Application event log Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090215183333.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090215183328.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090215183050.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090215183023.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090215182925.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- tout a lair nickel pour moi mais je peux me tromper.... merci davance
  3. alfa128
    oui jai lu le post, en fait jai eu deja affaire a ce tpe dinfection et celle la javais reussi a la combattre! jy ai passe pas mal de temps mais javai reussi grace a combofix dailleurs... cest les gens com toi qui me font kiffer l'informatique! encore bien joué!
  4. alfa128
    magnifique !!!! non plus de symptome depuis la restauration a letat initial de la bete! par contre avant la restau cetait exactement le meme probleme alors la cest vraiment la fete ! ok, alors prochaine resolution ne plus utiliser un seul support de stockage sur ce poste !! dans la foulee je cree un dernier poste pour verifier le LG et tous les supports de stockage utilises dessus. en tout cas merci et merci encore jy ai npeut etre passe un peu de temps mais jai echappe a un formattage qui maurais bouffe enormement de temps! CLEAN!
  5. alfa128
    si un jour tu es dispo pour me former, je suis plus qu'interressé !!!! pour dire vrai, ca me fait tiquer que toutes ces aides soient benevoles, quand je pense que je bosse dans une boite d'infogerance dont je tairais evidemment le nom et que le quart ny connaisse rien en info, jme dis que taurais largement ta place plutot que bosser gratos, mais le sacrifice n'a pas de prix lol ! pour etre vraiment honnete, je nutilise pas dantivirus original car je lai achete une fois et resultat jme suis retrouve infecté.. je sais cest mal et je merite des coups de fouets mais cest un autre debat... mais bon jvais peut etre craque pour acheter une vrai protec.. gdata peut etre ? sinon en antivirus gratuit, avira reste le meilleur non ? et merci encore pour l'attention, la reactivite et tout le temps passé!
  6. alfa128
    bonsoir et remerci pour tous les precieux conseils prodigues et a tous les benevoles qui font vivre ce site! jai tres recemment ete infecté par bifrose, jai donc lancer une restauration du NC10 a son etat initial et installe la version dessai du dernier virus scan. je voudrais savoir si je suis toujours infecté et m'immuniser contre ce vers particulierement volatile. alors ci joint le RSIT : info.txt info.txt logfile of random's system information tool 1.05 2009-02-16 00:23:00 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Atheros WLAN Client-->"C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x040c -removeonly Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74} Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Magic Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Namuga 1.3M Webcam-->C:\Program Files\InstallShield Installation Information\{71A51B59-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly Play Camera-->C:\Program Files\InstallShield Installation Information\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\setup.exe -runfromtemp -l0x040c Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly Samsung Battery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x40c Remove Samsung EDS-->MsiExec.exe /X{ABB14904-A11B-4F42-996C-80FD608A0F17} Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x40c Remove Samsung Network Manager 2.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} /l1036 Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung Update Plus-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1036 Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall User Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x40c Remove WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" ======Security center information====== AV: McAfee VirusScan FW: McAfee Personal Firewall System event log Computer Name: NC10 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 5 Source Name: EventLog Time Written: 20090215232856.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 4 Source Name: EventLog Time Written: 20090215232856.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 3 Source Name: EventLog Time Written: 20090115015616.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 1074 Message: Le processus winlogon.exe a initialisé le redémarrage de NC10 pour la raison suivante : Aucun titre à cette raison n'a pu être trouvé Raison mineure : 0xff Type d'arrêt : redémarrer. Commentaire : System rebooting. Record Number: 2 Source Name: USER32 Time Written: 20090115015604.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NC10 Event Code: 115 Message: Le suivi de la Restauration système a été activé sur tous les lecteurs. Record Number: 1 Source Name: SRService Time Written: 20090115015254.000000+060 Event Type: Informations User: Application event log Computer Name: NC10 Event Code: 11707 Message: Produit : Play Camera -- Installation terminée. Record Number: 5 Source Name: MsiInstaller Time Written: 20090115015539.000000+060 Event Type: Informations User: NC10\Andre Computer Name: NC10 Event Code: 11707 Message: Produit : WIDCOMM Bluetooth Software -- Installation terminée. Record Number: 4 Source Name: MsiInstaller Time Written: 20090115015518.000000+060 Event Type: Informations User: NC10\Andre Computer Name: NC10 Event Code: 0 Message: Record Number: 3 Source Name: btwdins Time Written: 20090115015517.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 0 Message: Record Number: 2 Source Name: btwdins Time Written: 20090115015516.000000+060 Event Type: Informations User: Computer Name: NC10 Event Code: 11728 Message: Product: WebFldrs XP -- La configuration s'est terminée correctement. Record Number: 1 Source Name: MsiInstaller Time Written: 20090115015324.000000+060 Event Type: Informations User: NC10\Andre ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=1c02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- log.txt infLogfile of random's system information tool 1.05 (written by random/random) Run by Andre at 2009-02-16 00:22:38 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 66 GB (91%) free of 73 GB Total RAM: 1014 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:22:57, on 16/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe C:\Program Files\Secunia\PSI\psi.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Andre\Bureau\RSIT.exe C:\Program Files\trend micro\Andre.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [batteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: McAfee Application Installer Cleanup (0294161234737087) (0294161234737087mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\029416~1.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- End of file - 6360 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2008-10-28 36972] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344] ""= [] "EDS"=C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [2007-12-20 659456] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944] "BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2008-10-07 2768896] "MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-04 582992] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-02-16 00:22:39 ----D---- C:\Program Files\trend micro 2009-02-16 00:22:38 ----D---- C:\rsit 2009-02-16 00:17:42 ----D---- C:\Program Files\Secunia 2009-02-16 00:09:58 ----D---- C:\WINDOWS\LastGood 2009-02-16 00:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-02-16 00:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-02-16 00:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-02-16 00:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-02-16 00:02:46 ----D---- C:\WINDOWS\ie7updates 2009-02-16 00:02:19 ----D---- C:\WINDOWS\WBEM 2009-02-16 00:01:04 ----HDC---- C:\WINDOWS\ie7 2009-02-16 00:00:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2009-02-16 00:00:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2009-02-15 23:57:11 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-15 23:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-02-15 23:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2009-02-15 23:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-02-15 23:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-02-15 23:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-02-15 23:51:06 ----D---- C:\Documents and Settings\Andre\Application Data\Mozilla 2009-02-15 23:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-02-15 23:50:46 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 23:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-02-15 23:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2009-02-15 23:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-02-15 23:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-02-15 23:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-15 23:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-02-15 23:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-02-15 23:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-02-15 23:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-02-15 23:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-02-15 23:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-02-15 23:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-02-15 23:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-02-15 23:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-02-15 23:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-02-15 23:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-02-15 23:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-02-15 23:47:11 ----SHD---- C:\Config.Msi 2009-02-15 23:43:17 ----D---- C:\Documents and Settings\Andre\Application Data\Macromedia 2009-02-15 23:40:01 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-15 23:39:59 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-02-15 23:39:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-15 23:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-02-15 23:39:56 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-15 23:33:19 ----D---- C:\WINDOWS\system32\SoftwareDistribution ======List of files/folders modified in the last 1 months====== 2009-02-16 08:22:41 ----D---- C:\WINDOWS\WinClon 2009-02-16 00:22:48 ----D---- C:\WINDOWS\Temp 2009-02-16 00:22:39 ----RD---- C:\Program Files 2009-02-16 00:20:08 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-16 00:17:45 ----HD---- C:\WINDOWS\inf 2009-02-16 00:17:45 ----D---- C:\WINDOWS\system32\drivers 2009-02-16 00:10:28 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-16 00:10:07 ----D---- C:\WINDOWS 2009-02-16 00:10:06 ----D---- C:\WINDOWS\system32 2009-02-16 00:08:31 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-16 00:08:27 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-16 00:08:11 ----D---- C:\WINDOWS\Help 2009-02-16 00:08:11 ----D---- C:\Program Files\Internet Explorer 2009-02-16 00:07:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-16 00:05:21 ----A---- C:\WINDOWS\imsins.BAK 2009-02-16 00:05:07 ----D---- C:\Program Files\Messenger 2009-02-16 00:02:58 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-16 00:02:24 ----D---- C:\WINDOWS\system32\config 2009-02-16 00:02:11 ----D---- C:\WINDOWS\Media 2009-02-15 23:47:52 ----D---- C:\WINDOWS\WinSxS 2009-02-15 23:47:23 ----SHD---- C:\WINDOWS\Installer 2009-02-15 23:46:43 ----SD---- C:\Documents and Settings\Andre\Application Data\Microsoft 2009-02-15 23:31:25 ----D---- C:\Program Files\McAfee ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952] R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS [] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-10-08 1334432] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2008-01-14 30208] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4753920] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-10 7808] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VMC326;Vimicro Camera Service VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [2008-09-23 238464] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 SNM WLAN Service;SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2006-10-30 36864] S2 0294161234737087mcinstcleanup;McAfee Application Installer Cleanup (0294161234737087); C:\WINDOWS\TEMP\029416~1.EXE [2008-10-23 315264] S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] -----------------EOF-----------------
  7. alfa128
    non aucune envie de "jouer", bien au contraire, je bosse dans l'informatique et accessoirement suis en etude dans l'administration reseau. je voulais juste savoir comment m'en servir de maniere propre, en prenant bien soin de ne pas faire d'erreur, ni d'ecriture ni d'interpré.. mais o fait si cest pas indiscret, jespere que votre equipe etes payes pour le temps que vous passez, cest bien la moindre des choses!! donc par contre le kaspersky jai mis le 2009, fo ke je repasse sous le 7, jpense qu'on va debrancher le reseaupour etre sur de pas ce faire reinfecter ca parait plus sage !! puis-je tembeter pour le NC10? En fait jai fait une restore, installe la version essai de Virus Scan et tout ma lair propre... je voudrais juste etre sur ke tout est clean.. puis-je t'envoyer un rapport de la machine ? (info + log) PS : je n'ai toujours pas identifié la source du virus, soit clé usb, soit en provenance d'un fichier Skype, bref en tout cas c'est aps moi qui l'ai declenché, moi jai simplement voulu l'eradiquer, jme suis cru plus malin que lui et par ce fait l'ai amené a infecter ma machine! loin d'etre malin finalement !!!! En tout cas je te remercierais jamais assez et si thabite dans la region rhones alpes, on peut aller boire un pot un de ces 4 lool
  8. alfa128
    ok, je suis tes instructions.. tembetent pas pour eliminer les outils utilises pas besoin... rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:48:08, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9122 bytes
  9. alfa128
    oui desole je m'emballe un peu !!! )) oui le DESKTOP semble vraiment ok, merci bcp cetait le plus important !! enfin jpeux presque dormir tranquille !!!! comment jpeux m'imuniser pour la suite ?? jpeux repasser sous KAP 7 tu pense ? tu veux qu'on ouvre un autre thread pour le NC10 ? Chui desole de te prendre tout ton temps mais il fo absolument que je me debarrasse du virus sur le NC10 avant mardi... le LG peut largement attendre en tout cas
  10. alfa128
    ci joint le Rapport RSIT du DESKTOP (peut etre plus utile et moins depaysant, on a commence avec celui la) Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 23:28:44 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (15%) free of 130 GB Total RAM: 2047 MB (75% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:28:52, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9119 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640] "nwiz"=nwiz.exe /install [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide" "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur" "D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] shell\AutoRun\command - H:\InstallTomTomHOME.exe ======List of files/folders created in the last 1 months====== 2009-02-15 21:53:13 ----A---- C:\ComboFix.txt 2009-02-15 21:36:24 ----D---- C:\WINDOWS\temp 2009-02-15 20:51:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-15 20:43:56 ----D---- C:\Qoobox 2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store# 2009-02-15 17:48:40 ----SHD---- C:\Config.Msi 2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR 2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT 2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA 2009-02-15 14:40:07 ----D---- C:\VundoFix Backups 2009-02-15 14:40:07 ----A---- C:\VundoFix.txt 2009-02-15 12:38:11 ----D---- C:\rsit 2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro 2009-02-15 12:29:48 ----A---- C:\Boot.bak 2009-02-15 12:29:38 ----RASHD---- C:\cmdcons 2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe 2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT 2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU 2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games 2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid 2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA ======List of files/folders modified in the last 1 months====== 2009-02-15 23:25:27 ----D---- C:\WINDOWS\Prefetch 2009-02-15 23:05:47 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-15 23:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 22:55:48 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 22:54:28 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 21:57:20 ----D---- C:\WINDOWS 2009-02-15 21:54:56 ----SHD---- C:\WINDOWS\Installer 2009-02-15 21:54:43 ----HD---- C:\WINDOWS\inf 2009-02-15 21:54:26 ----D---- C:\WINDOWS\system32 2009-02-15 21:52:10 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 21:48:33 ----A---- C:\WINDOWS\system.ini 2009-02-15 21:47:45 ----SHD---- C:\WINDOWS\CSC 2009-02-15 21:47:34 ----D---- C:\Program Files\SuperCopier2 2009-02-15 21:46:37 ----D---- C:\WINDOWS\system32\config 2009-02-15 21:46:03 ----D---- C:\WINDOWS\AppPatch 2009-02-15 21:46:03 ----D---- C:\Program Files\Fichiers communs 2009-02-15 21:45:25 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 21:44:55 ----SHD---- C:\System Volume Information 2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache 2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 16:16:39 ----D---- C:\Program Files\eMule 2009-02-15 15:48:44 ----RD---- C:\Program Files 2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug 2009-02-15 12:29:48 ----RASH---- C:\boot.ini 2009-02-15 11:53:44 ----D---- C:\Downloads 2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft 2009-02-11 18:45:16 ----D---- C:\Temp 2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet 2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI 2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP 2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX 2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly 2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS 2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft 2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 afkqojxi;afkqojxi; C:\WINDOWS\system32\drivers\afkqojxi.sys [] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv [] S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp [] S4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF-----------------
  11. alfa128
    pas de soucis je metais remis sur le LG formatte tout frais, donc si il recrache c pas grav, lessentiel c que le desktop fonctionne.. ci joint rapport , mais a partir du LG cles usb branchés : info.txt logfile of random's system information tool 1.05 2009-02-15 23:25:20 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall Chrono Shutdown-->rundll32.exe advpack.dll,LaunchINFSection chrono.inf,ChronoShutdown.Uninstall ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe CMenu-->"C:\Program Files\CMenu\CMenu.exe" /uninstall Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE} Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38} File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" InstallWatch Pro 2.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu" Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe Nero 8 Lite 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe" Notepad++-->C:\Program Files\Notepad++\uninstall.exe PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe" Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe" RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E} Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Unlocker.inf,Unlocker.Uninstall Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E} Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security System event log Computer Name: SWEET-B1E093CFD Event Code: 3260 Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'. Record Number: 5 Source Name: Workstation Time Written: 20090215183056.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 6011 Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-B1E093CFD. Record Number: 4 Source Name: EventLog Time Written: 20090215182913.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 2 Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée. Record Number: 3 Source Name: Serial Time Written: 20090215191023.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090215191009.000000+060 Event Type: Informations User: Application event log Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090215183333.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090215183328.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090215183050.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090215183023.000000+060 Event Type: Informations User: Computer Name: SWEET-B1E093CFD Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090215182925.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- et ci joint le log RSIT Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 23:24:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 70 GB (92%) free of 76 GB Total RAM: 766 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:16, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\mmm.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\WinMover\WinMover.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Notepad++\notepad++.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- End of file - 4715 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"=RunDll32 cmicnfg.cpl [] "Mmm"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-25 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 "NoSMConfigurePrograms"=1 "ForceClassicControlPanel"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-02-15 23:24:52 ----D---- C:\Program Files\trend micro 2009-02-15 23:24:51 ----D---- C:\rsit 2009-02-15 21:21:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-02-15 21:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-15 21:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-15 19:40:57 ----D---- C:\WINDOWS\Sun 2009-02-15 19:34:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-02-15 19:29:08 ----A---- C:\WINDOWS\system32\h323log.txt 2009-02-15 19:28:16 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-02-15 19:27:54 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\wshirda.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irmon.dll 2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irftp.exe 2009-02-15 19:25:35 ----A---- C:\WINDOWS\system32\usbui.dll 2009-02-15 19:24:00 ----A---- C:\WINDOWS\system32\OLD6.tmp 2009-02-15 19:23:59 ----D---- C:\WINDOWS\LastGood 2009-02-15 19:22:22 ----A---- C:\WINDOWS\imsins.BAK 2009-02-15 19:22:19 ----SHD---- C:\WINDOWS\Installer 2009-02-15 19:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-15 19:22:18 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-02-15 19:22:18 ----A---- C:\WINDOWS\ODBCINST.INI 2009-02-15 19:22:14 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2009-02-15 19:22:13 ----RD---- C:\Program Files 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\irclass.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-02-15 19:21:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-02-15 19:21:57 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-02-15 19:21:56 ----A---- C:\WINDOWS\system32\batt.dll 2009-02-15 19:21:55 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-02-15 19:21:53 ----A---- C:\WINDOWS\system32\storprop.dll 2009-02-15 19:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-02-15 19:21:34 ----RA---- C:\WINDOWS\SET8.tmp 2009-02-15 19:21:31 ----RA---- C:\WINDOWS\SET4.tmp 2009-02-15 19:21:28 ----RA---- C:\WINDOWS\SET3.tmp 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-15 19:21:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-15 19:20:40 ----A---- C:\WINDOWS\setuplog.txt 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2r32.dll 2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2c32.dll 2009-02-15 19:19:30 ----A---- C:\WINDOWS\system32\udaprop.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmudax.dll 2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmirmdrv.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\Audio3D.dll 2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\a3d.dll 2009-02-15 19:19:16 ----A---- C:\WINDOWS\system32\cmirmdrv.exe 2009-02-15 19:18:05 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 19:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 19:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 19:14:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities 2009-02-15 19:14:53 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-02-15 19:14:44 ----HD---- C:\Program Files\Uninstall Information 2009-02-15 19:13:26 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2009-02-15 19:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atitvo32.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atioglxx.dll 2009-02-15 19:12:38 ----A---- C:\WINDOWS\system32\atioglx2.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\Atioglgl.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atikvmag.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati3duag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2009-02-15 19:11:52 ----D---- C:\Program Files\D-Tools 2009-02-15 19:11:46 ----D---- C:\Program Files\Unlocker 2009-02-15 19:11:38 ----D---- C:\WINDOWS\system32\Adobe 2009-02-15 19:11:26 ----D---- C:\Program Files\Media Player Classic 2009-02-15 19:11:21 ----D---- C:\Program Files\Combined Community Codec Pack 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-02-15 19:11:07 ----D---- C:\Program Files\Real Alternative 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2009-02-15 19:11:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real 2009-02-15 19:10:58 ----D---- C:\Program Files\QT Lite 2009-02-15 19:10:53 ----D---- C:\Program Files\Chrono Shutdown 2009-02-15 19:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-02-15 19:10:41 ----D---- C:\Program Files\Adobe 2009-02-15 19:09:59 ----SHD---- C:\System Volume Information 2009-02-15 19:09:59 ----D---- C:\Documents and Settings 2009-02-15 19:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\Fichiers communs\ACD Systems 2009-02-15 19:09:48 ----D---- C:\Program Files\ACD Systems 2009-02-15 19:09:29 ----SH---- C:\boot.ini 2009-02-15 19:09:24 ----D---- C:\Program Files\DAMN NFO Viewer 2009-02-15 19:09:17 ----D---- C:\Program Files\Windows Live Safety Center 2009-02-15 19:09:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-02-15 19:09:06 ----D---- C:\Program Files\Windows Live 2009-02-15 19:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink 2009-02-15 19:08:35 ----D---- C:\Program Files\InstallShield Installation Information 2009-02-15 19:08:35 ----D---- C:\Program Files\Fichiers communs\CyberLink 2009-02-15 19:08:06 ----D---- C:\Program Files\CyberLink 2009-02-15 19:07:57 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-02-15 19:07:21 ----D---- C:\Program Files\ImgBurn 2009-02-15 19:07:19 ----D---- C:\Program Files\WinRAR 2009-02-15 19:06:40 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-02-15 19:06:01 ----D---- C:\WINDOWS\system32\XPSViewer 2009-02-15 19:06:01 ----D---- C:\Program Files\MSBuild 2009-02-15 19:06:00 ----D---- C:\WINDOWS\system32\en-us 2009-02-15 19:05:56 ----D---- C:\Program Files\Reference Assemblies 2009-02-15 19:05:47 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-02-15 19:05:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-15 19:05:43 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XpsSvcs.dll 2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XPSSHHDR.dll 2009-02-15 19:05:34 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-02-15 19:05:17 ----D---- C:\Program Files\PuTTY 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Wc.com 2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Vbar332.dll 2009-02-15 19:05:10 ----A---- C:\WINDOWS\system32\Upxgui.exe 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Replacer.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd 2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2inf.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msrd2x35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjter35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjint35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjet35.dll 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Modifype.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.exe 2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.dll 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\MakeISO.cmd 2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\LCISOCreator.exe 2009-02-15 19:05:04 ----A---- C:\WINDOWS\IsUninst.exe 2009-02-15 19:04:59 ----A---- C:\WINDOWS\system32\HFExtract.exe 2009-02-15 19:04:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\Fgcba.exe 2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\eXPander.exe 2009-02-15 19:04:54 ----D---- C:\WINDOWS\system32\Console 2009-02-15 19:04:54 ----D---- C:\Program Files\Epsilon Squared 2009-02-15 19:04:52 ----D---- C:\Program Files\Utilitaires 2009-02-15 19:04:52 ----D---- C:\Program Files\CMenu 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cdimage.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabtool.exe 2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabarc.exe 2009-02-15 19:04:47 ----D---- C:\Program Files\WinMover 2009-02-15 19:04:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\EliasAE 2009-02-15 19:04:36 ----D---- C:\Program Files\FlashFXP 2009-02-15 19:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP 2009-02-15 19:04:30 ----A---- C:\WINDOWS\system32\notepad.original.exe 2009-02-15 19:04:30 ----A---- C:\WINDOWS\notepad.original.exe 2009-02-15 19:04:28 ----D---- C:\Program Files\Notepad++ 2009-02-15 19:04:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Notepad++ 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\TwnLib4.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXRA7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXR7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXpr7.dll 2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagX7.dll 2009-02-15 19:04:03 ----D---- C:\Program Files\Nero 2009-02-15 19:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-02-15 19:04:02 ----D---- C:\Program Files\Fichiers communs\Nero 2009-02-15 19:03:49 ----D---- C:\Program Files\MSECache 2009-02-15 19:03:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-15 19:03:42 ----RSD---- C:\WINDOWS\Fonts 2009-02-15 19:03:42 ----RD---- C:\WINDOWS\Web 2009-02-15 19:03:42 ----HD---- C:\WINDOWS\inf 2009-02-15 19:03:42 ----D---- C:\WINDOWS\WinSxS 2009-02-15 19:03:42 ----D---- C:\WINDOWS\twain_32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Temp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wins 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wbem 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\usmt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\spool 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Setup 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ras 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\oobe 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\npp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Macromed 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\IME 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\icsxml 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ias 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\export 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\dhcp 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3com_dmi 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3076 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\2052 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1054 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1042 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1041 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1037 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1036 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1033 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1031 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1028 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1025 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32 2009-02-15 19:03:42 ----D---- C:\WINDOWS\system 2009-02-15 19:03:42 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-15 19:03:42 ----D---- C:\WINDOWS\security 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Resources 2009-02-15 19:03:42 ----D---- C:\WINDOWS\repair 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Provisioning 2009-02-15 19:03:42 ----D---- C:\WINDOWS\PeerNet 2009-02-15 19:03:42 ----D---- C:\WINDOWS\pchealth 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Network Diagnostic 2009-02-15 19:03:42 ----D---- C:\WINDOWS\mui 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msapps 2009-02-15 19:03:42 ----D---- C:\WINDOWS\msagent 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Media 2009-02-15 19:03:42 ----D---- C:\WINDOWS\L2Schemas 2009-02-15 19:03:42 ----D---- C:\WINDOWS\java 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ime 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Help 2009-02-15 19:03:42 ----D---- C:\WINDOWS\ehome 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Driver Cache 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Debug 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Cursors 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Connection Wizard 2009-02-15 19:03:42 ----D---- C:\WINDOWS\Config 2009-02-15 19:03:42 ----D---- C:\WINDOWS\AppPatch 2009-02-15 19:03:42 ----D---- C:\WINDOWS\addins 2009-02-15 19:03:42 ----D---- C:\WINDOWS 2009-02-15 18:54:31 ----D---- C:\Program Files\Microsoft Works 2009-02-15 18:54:00 ----D---- C:\Program Files\Microsoft Visual Studio 2009-02-15 18:54:00 ----D---- C:\Program Files\Fichiers communs\DESIGNER 2009-02-15 18:53:30 ----D---- C:\Program Files\Microsoft.NET 2009-02-15 18:51:07 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-15 18:50:16 ----D---- C:\WINDOWS\SHELLNEW 2009-02-15 18:49:31 ----D---- C:\Program Files\Microsoft Office 2009-02-15 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-02-15 18:49:04 ----RHD---- C:\MSOCache 2009-02-15 18:47:56 ----D---- C:\Program Files\Mozilla Thunderbird 2009-02-15 18:47:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-02-15 18:47:28 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\java.exe 2009-02-15 18:46:42 ----D---- C:\Program Files\Java 2009-02-15 18:46:40 ----D---- C:\Program Files\Fichiers communs\Java 2009-02-15 18:46:34 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun 2009-02-15 18:44:55 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2009-02-15 18:44:55 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini 2009-02-15 18:42:08 ----A---- C:\WINDOWS\system32\cmdow.exe 2009-02-15 18:39:46 ----D---- C:\WINDOWS\system32\URTTemp 2009-02-15 18:39:01 ----RSD---- C:\WINDOWS\assembly 2009-02-15 18:39:01 ----D---- C:\WINDOWS\Microsoft.NET 2009-02-15 18:38:47 ----A---- C:\WINDOWS\control.ini 2009-02-15 18:38:47 ----A---- C:\AUTOEXEC.BAT 2009-02-15 18:38:30 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-15 18:38:24 ----D---- C:\Program Files\Microsoft Silverlight 2009-02-15 18:38:24 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-02-15 18:37:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-02-15 18:36:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-02-15 18:36:47 ----HD---- C:\Program Files\WindowsUpdate 2009-02-15 18:36:41 ----D---- C:\Program Files\Services en ligne 2009-02-15 18:36:20 ----D---- C:\WINDOWS\system32\DirectX 2009-02-15 18:36:10 ----A---- C:\WINDOWS\system32\atrace.dll 2009-02-15 18:36:08 ----A---- C:\WINDOWS\system32\desktop.ini 2009-02-15 18:36:07 ----A---- C:\WINDOWS\desktop.ini 2009-02-15 18:36:01 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-02-15 18:36:00 ----A---- C:\WINDOWS\system32\acctres.dll 2009-02-15 18:35:59 ----D---- C:\Program Files\Fichiers communs\Services 2009-02-15 18:35:56 ----SD---- C:\WINDOWS\Tasks 2009-02-15 18:35:56 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-02-15 18:35:55 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-02-15 18:35:51 ----D---- C:\WINDOWS\srchasst 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wups.dll 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.685515.bak 2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.685390.bak 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-02-15 18:35:40 ----D---- C:\Program Files\Movie Maker 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-02-15 18:35:13 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srclient.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\ils.dll 2009-02-15 18:35:11 ----A---- C:\WINDOWS\system32\msconf.dll 2009-02-15 18:35:07 ----D---- C:\Program Files\NetMeeting 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-02-15 18:35:05 ----A---- C:\WINDOWS\system32\inetres.dll 2009-02-15 18:35:04 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-02-15 18:35:02 ----D---- C:\Program Files\Outlook Express 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstask.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\isign32.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-02-15 18:34:54 ----D---- C:\Program Files\Fichiers communs\System 2009-02-15 18:33:50 ----D---- C:\Program Files\ComPlus Applications 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vbaddin.ini 2009-02-15 18:33:47 ----A---- C:\WINDOWS\vb.ini 2009-02-15 18:33:39 ----D---- C:\WINDOWS\Registration 2009-02-15 18:33:13 ----D---- C:\Program Files\Windows Media Connect 2 2009-02-15 18:33:12 ----D---- C:\Program Files\Windows Media Player 2009-02-15 18:33:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-02-15 18:33:01 ----A---- C:\WINDOWS\system32\vb40032.dll 2009-02-15 18:33:00 ----A---- C:\WINDOWS\system32\ssleay32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\openal32.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvci70.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstkprp.dll 2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71u.dll 2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70u.dll 2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-02-15 18:32:53 ----A---- C:\WINDOWS\system32\libssl32.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libmmd.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libintl3.dll 2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libiconv2.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\zlib1.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\libeay32.dll 2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\cygwinb19.dll 2009-02-15 18:32:50 ----A---- C:\WINDOWS\system32\cygwin1.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\autoitx3.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl71.dll 2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl70.dll 2009-02-15 18:32:01 ----RD---- C:\WINDOWS\Offline Web Pages 2009-02-15 18:32:01 ----A---- C:\WINDOWS\system32\winfxdocobj.exe 2009-02-15 18:32:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-15 18:31:59 ----D---- C:\WINDOWS\wbem 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedssync.exe 2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-02-15 18:31:57 ----A---- C:\WINDOWS\system32\ieframe.dll.mui 2009-02-15 18:31:55 ----A---- C:\WINDOWS\system32\advpack.dll.mui 2009-02-15 18:31:53 ----D---- C:\Program Files\Internet Explorer 2009-02-15 18:31:50 ----D---- C:\Program Files\MSN Gaming Zone 2009-02-15 18:31:50 ----A---- C:\WINDOWS\system32\write.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\hticons.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\winchat.exe 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avwav.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\getuname.dll 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\charmap.exe 2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\calc.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\winmine.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\sol.exe 2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tskill.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tscon.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\shadow.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\reset.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\regini.exe 2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\freecell.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msg.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\logoff.exe 2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-02-15 18:31:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-02-15 18:31:20 ----D---- C:\Program Files\Windows NT 2009-02-15 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\spider.exe 2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-02-15 18:31:15 ----D---- C:\WINDOWS\system32\MsDtc 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-02-15 18:31:12 ----D---- C:\WINDOWS\system32\Com 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\stclient.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\colbact.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comuid.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-02-15 18:31:10 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-02-15 18:31:04 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 1 months====== 2009-02-15 19:22:11 ----A---- C:\WINDOWS\system.ini 2009-02-15 19:07:53 ----A---- C:\WINDOWS\system32\msxml3r.dll 2009-02-15 18:38:44 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-06-25 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-06-25 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-06-25 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-08-15 1287296] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-06-25 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-25 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-06-25 61824] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-06-25 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-25 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-25 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-06-25 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF-----------------
  12. alfa128
    alors apres avoir mis les 2 cles usb utilises, oui javais un autorun.inf sur l'une que jai degagé et sur les 2 winjpg.jpg ? c quoi ce truc la ? quoi qu'il en soit je lai shooté! tu me conseil quoi com antivirus ? je remet kap 7 ?
  13. alfa128
    oui je vient juste de rebrancher le reseau, je transferais tout les logs par cle usb a partir dun autre poste jusqu'a present... comment puis la desinfecter ? bizarrement le nouveau poste fraichement formate et equipe de AMB et Kasp 2009 eval na rien remarque... tu pense qu'il est deja infecté ? (ca a pas l'air) jai applique la commande regedit, elle a lair detre passé. par contre les 2 "sc delete" ont pas l'air detre passé edit : apres reboot tout semble aller pour le mieux! merci bcp! maintenant il faudrait que je nettoie le NC10 meme apres restore je suis persuade quil est infecté...
  14. alfa128
    donc ya juste l'erreur winjpg.jpg au demarrage sinon les choses semblent s'arranger! pour le NC10 malgres tous mes scans et rescan et combofix rien ny fait il faut bien un script personnalisé. jai donc lancer une restauration a letat initial voir si ca le supprime et puis pour profiter de virus scan gratuit pendant 3 mois.
  15. alfa128
    okay, en tout cas cest bien sympa de ta part! rapport RSIT: Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 22:27:32 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (15%) free of 130 GB Total RAM: 2047 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:27:38, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 9266 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640] "nwiz"=nwiz.exe /install [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide" "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur" "D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf05ed0f-f9f0-11dd-baaa-001bfca3cfa9}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] shell\AutoRun\command - H:\InstallTomTomHOME.exe ======List of files/folders created in the last 1 months====== 2009-02-15 21:53:13 ----A---- C:\ComboFix.txt 2009-02-15 21:36:24 ----D---- C:\WINDOWS\temp 2009-02-15 20:51:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-15 20:43:56 ----D---- C:\Qoobox 2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store# 2009-02-15 17:48:40 ----SHD---- C:\Config.Msi 2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR 2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT 2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA 2009-02-15 14:40:07 ----D---- C:\VundoFix Backups 2009-02-15 14:40:07 ----A---- C:\VundoFix.txt 2009-02-15 12:38:11 ----D---- C:\rsit 2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro 2009-02-15 12:29:48 ----A---- C:\Boot.bak 2009-02-15 12:29:38 ----RASHD---- C:\cmdcons 2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe 2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT 2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU 2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games 2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid 2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA ======List of files/folders modified in the last 1 months====== 2009-02-15 22:21:21 ----D---- C:\WINDOWS\Prefetch 2009-02-15 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 21:57:20 ----D---- C:\WINDOWS 2009-02-15 21:54:56 ----SHD---- C:\WINDOWS\Installer 2009-02-15 21:54:43 ----HD---- C:\WINDOWS\inf 2009-02-15 21:54:43 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 21:54:26 ----D---- C:\WINDOWS\system32 2009-02-15 21:52:10 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 21:48:33 ----A---- C:\WINDOWS\system.ini 2009-02-15 21:47:45 ----SHD---- C:\WINDOWS\CSC 2009-02-15 21:47:34 ----D---- C:\Program Files\SuperCopier2 2009-02-15 21:46:37 ----D---- C:\WINDOWS\system32\config 2009-02-15 21:46:03 ----D---- C:\WINDOWS\AppPatch 2009-02-15 21:46:03 ----D---- C:\Program Files\Fichiers communs 2009-02-15 21:45:25 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 21:44:55 ----SHD---- C:\System Volume Information 2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache 2009-02-15 16:50:44 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 16:16:39 ----D---- C:\Program Files\eMule 2009-02-15 15:48:44 ----RD---- C:\Program Files 2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug 2009-02-15 12:29:48 ----RASH---- C:\boot.ini 2009-02-15 11:53:44 ----D---- C:\Downloads 2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft 2009-02-11 18:45:16 ----D---- C:\Temp 2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet 2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI 2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP 2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX 2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly 2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS 2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft 2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664] R1 FNETDEVI;FNETDEVI; \??\C:\WINDOWS\system32\drivers\FNETDEVI.SYS [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-27 227344] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 adbjglnc;adbjglnc; C:\WINDOWS\system32\drivers\adbjglnc.sys [] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv [] S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp [] S4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908] R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF-----------------
  16. alfa128
    !! oki pourra me servir pour la prochaine fois ! pour rajouter les objets a supprimer dans combofix tu te base sur le famaux rapport combot fix precedent ou sur le rapport RSIT? il faut que je fasse de meme pour nettoyer le NC10 mais avec un script personnalisé.. Ouf Kaspersky 2009 sest reactivé en effet on avance a grand pas merci bcp! jai pas encore ose remettre le cable reseau par contre.. pas de malware detectes dans MBAM : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1599 Windows 5.1.2600 Service Pack 3 15/02/2009 22:05:30 mbam-log-2009-02-15 (22-05-30).txt Type de recherche: Examen rapide Eléments examinés: 63024 Temps écoulé: 4 minute(s), 3 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  17. alfa128
    ComboFix 09-02-14.01 - Administrateur 2009-02-15 21:35:17.9 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1562 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) FW: Kaspersky Internet Security *disabled* * Un nouveau point de restauration a été créé FILE :: c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} c:\windows\system32\win.exe c:\windows\system32\winjpg.jpg C:\winfile.jpg . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\systeme34 c:\windows\system32\systeme34\antivir.exe c:\windows\system32\systeme34\logg.dat c:\windows\system32\winjpg.jpg C:\winfile.jpg . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 )))))))))))))))))))))))))))))))))))) . 2009-02-15 18:03 . 2009-02-15 18:03 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-02-15 18:03 . 2009-02-15 18:03 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-02-15 17:57 . 2009-02-15 17:57 <REP> d--hs---- C:\#GDATA.Trash.Store# 2009-02-15 17:15 . 2009-02-15 17:15 579,584 --a------ c:\windows\system32\dllcache\user32.dll 2009-02-15 17:13 . 2009-02-15 17:13 <REP> d-------- c:\windows\ERUNT 2009-02-15 16:07 . 2009-02-15 16:29 1,105,952 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-15 16:07 . 2009-02-15 16:24 12,064 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-15 16:02 . 2009-02-15 16:02 68,296 --a------ c:\windows\system32\drivers\GRD.sys 2009-02-15 15:51 . 2009-02-15 15:51 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys 2009-02-15 15:49 . 2009-02-15 15:49 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys 2009-02-15 15:49 . 2009-02-15 15:49 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys 2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\G DATA 2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\Fichiers communs\G DATA 2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA 2009-02-15 14:40 . 2009-02-15 14:40 <REP> d-------- C:\VundoFix Backups 2009-02-15 12:38 . 2009-02-15 12:38 <REP> d-------- C:\rsit 2009-02-15 12:38 . 2009-02-15 20:17 <REP> d-------- c:\program files\trend micro 2009-02-15 12:33 . 2009-02-15 12:33 0 --a------ C:\OrbPVR.db 2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\Fichiers communs\AVSMedia 2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\AVS4YOU 2009-02-05 18:51 . 2009-02-05 18:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37 . 2009-02-03 19:37 <REP> d-------- c:\program files\EA Games 2009-01-20 20:54 . 2009-01-20 20:54 8,192 --a------ c:\windows\REGLOCS.OLD 2009-01-18 13:07 . 2009-01-18 13:07 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00 . 2009-01-17 16:00 <REP> d-------- c:\program files\DigiDNA 2009-01-17 16:00 . 2009-01-23 21:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneAid . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-15 18:17 --------- d-----w c:\program files\SuperCopier2 2009-02-15 17:03 --------- d-----w c:\program files\Kaspersky Lab 2009-02-15 16:36 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-15 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 15:16 --------- d-----w c:\program files\eMule 2009-02-11 17:11 --------- d-----w c:\program files\BitComet 2009-02-04 17:52 --------- d-----w c:\program files\WinSCP 2009-01-17 17:41 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft 2009-01-17 17:39 --------- d-----w c:\program files\DVDVideoSoft 2009-01-11 12:00 --------- d-----w c:\program files\iTunes 2009-01-11 12:00 --------- d-----w c:\program files\iPod 2009-01-11 12:00 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-11 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-11 11:59 --------- d-----w c:\program files\QuickTime Alternative 2009-01-11 11:57 --------- d-----w c:\program files\Bonjour 2009-01-11 11:54 --------- d-----w c:\program files\Apple Software Update 2009-01-10 16:55 --------- d-----w c:\program files\Empire Interactive 2009-01-09 20:17 --------- d-----w c:\program files\DxO Labs 2009-01-07 17:40 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-03 13:53 --------- d-----w c:\program files\Everest Poker 2009-01-03 03:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-03 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-03 03:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-12-21 13:46 --------- d-----w c:\program files\Java 2008-12-21 13:34 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-21 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-21 13:30 --------- d-----w c:\program files\AGEIA Technologies 2008-12-21 12:43 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-16 19:40 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys 2008-03-09 06:25 236 ----a-w c:\program files\Fichiers communs\dx.reg 2008-02-24 18:15 87,608 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2008-02-24 18:15 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys . ------- Sigcheck ------- 2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\icon_TMP\wuauclt.exe 2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe 2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\system32\wuauclt.exe 2007-04-02 11:56 124376 5e5a6af2d6ff2d289414c53025fe2337 c:\windows\system_backup\wuauclt.exe . ((((((((((((((((((((((((((((( SnapShot@2009-02-15_20.56.33.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-15 20:37:48 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c8.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "CTFMON"="c:\windows\system32\wscript.exe" [2008-04-13 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2007-04-02 c:\windows\system32\advpack.dll] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "msacm.imc"= imc32.acm "msacm.l3codecp"= l3codecp.acm "VIDC.i263"= i263_32.drv "VIDC.ACDV"= ACDV.dll "MSVideo"= CSvidcap.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\far cry 2\\bin\\FarCry2.exe"= "d:\\far cry 2\\bin\\FC2Launcher.exe"= "d:\\far cry 2\\bin\\FC2Editor.exe"= "d:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21729:TCP"= 21729:TCP:BitComet 21729 TCP "21729:UDP"= 21729:UDP:BitComet 21729 UDP "8001:TCP"= 8001:TCP:BitComet 8001 TCP "8001:UDP"= 8001:UDP:BitComet 8001 UDP "8000:TCP"= 8000:TCP:BitComet 8000 TCP "8000:UDP"= 8000:UDP:BitComet 8000 UDP R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-03-16 19572] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-02-24 19:14:59 13560] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-02-24 34944] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S0 klbg;KlBg;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2008-04-26 1527900] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-03 38496] S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2008-09-30 30272] S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2008-09-30 37440] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 uInternet Settings,ProxyOverride = *.local IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 21:38:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31] "ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF] "ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance] "Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00, 00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1372) c:\windows\system32\relog_ap.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\RealVNC\VNC4\winvnc4.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Orb Networks\Orb\bin\Orb.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2009-02-15 21:43:17 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-15 20:43:14 ComboFix2.txt 2009-02-15 20:33:25 ComboFix3.txt 2009-02-15 20:23:52 ComboFix4.txt 2009-02-15 19:57:28 ComboFix5.txt 2009-02-15 20:34:47 Avant-CF: 20 034 912 256 octets libres Après-CF: 20,058,378,240 octets libres 274 donc si je comprend bien on est plus dans du dev la ! en gros l'elimination c'est au cas par cas... au reboot jai un erreur, winjpg.jpg n'existe pas, cest mieux deja! au demarrage de combo jai une erreur nci.. fichier inexistant enfin je mapercoit que la restauration du systeme revient sans cesse, peux tu la desactiver pour de bon (de tte facon je ne men servirai jamais) merci pour ton temps...
  18. alfa128
    rapport combo.log : ComboFix 09-02-14.01 - Administrateur 2009-02-15 20:45:25.6 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1647 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) FW: Kaspersky Internet Security *disabled* . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . G:\autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 )))))))))))))))))))))))))))))))))))) . 2009-02-15 20:43 . 2009-02-15 20:43 <REP> d-------- C:\32788R22FWJFW 2009-02-15 18:03 . 2009-02-15 18:03 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-02-15 18:03 . 2009-02-15 18:03 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-02-15 17:57 . 2009-02-15 17:57 <REP> d--hs---- C:\#GDATA.Trash.Store# 2009-02-15 17:15 . 2009-02-15 17:15 579,584 --a------ c:\windows\system32\dllcache\user32.dll 2009-02-15 17:13 . 2009-02-15 17:13 <REP> d-------- c:\windows\ERUNT 2009-02-15 16:07 . 2009-02-15 16:29 1,105,952 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-15 16:07 . 2009-02-15 16:24 12,064 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-15 16:02 . 2009-02-15 16:02 68,296 --a------ c:\windows\system32\drivers\GRD.sys 2009-02-15 15:51 . 2009-02-15 15:51 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys 2009-02-15 15:49 . 2009-02-15 15:49 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys 2009-02-15 15:49 . 2009-02-15 15:49 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys 2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\G DATA 2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\Fichiers communs\G DATA 2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA 2009-02-15 14:40 . 2009-02-15 14:40 <REP> d-------- C:\VundoFix Backups 2009-02-15 12:38 . 2009-02-15 12:38 <REP> d-------- C:\rsit 2009-02-15 12:38 . 2009-02-15 20:17 <REP> d-------- c:\program files\trend micro 2009-02-15 12:33 . 2009-02-15 12:33 0 --a------ C:\OrbPVR.db 2009-02-15 12:06 . 2009-02-15 17:00 <REP> d-------- c:\windows\system32\systeme34 2009-02-14 20:50 . 2009-02-15 17:06 412,906 -rahs---- c:\windows\system32\winjpg.jpg 2009-02-14 20:50 . 2009-02-15 17:06 412,902 -rahs---- C:\winfile.jpg 2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\Fichiers communs\AVSMedia 2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\AVS4YOU 2009-02-05 18:51 . 2009-02-05 18:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37 . 2009-02-03 19:37 <REP> d-------- c:\program files\EA Games 2009-01-20 20:54 . 2009-01-20 20:54 8,192 --a------ c:\windows\REGLOCS.OLD 2009-01-18 13:07 . 2009-01-18 13:07 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00 . 2009-01-17 16:00 <REP> d-------- c:\program files\DigiDNA 2009-01-17 16:00 . 2009-01-23 21:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneAid . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 18:17 --------- d-----w c:\program files\SuperCopier2 2009-02-15 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-15 17:03 --------- d-----w c:\program files\Kaspersky Lab 2009-02-15 16:36 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-15 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 15:16 --------- d-----w c:\program files\eMule 2009-02-11 17:11 --------- d-----w c:\program files\BitComet 2009-02-04 17:52 --------- d-----w c:\program files\WinSCP 2009-01-17 17:41 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft 2009-01-17 17:39 --------- d-----w c:\program files\DVDVideoSoft 2009-01-11 12:00 --------- d-----w c:\program files\iTunes 2009-01-11 12:00 --------- d-----w c:\program files\iPod 2009-01-11 12:00 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-11 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-11 11:59 --------- d-----w c:\program files\QuickTime Alternative 2009-01-11 11:57 --------- d-----w c:\program files\Bonjour 2009-01-11 11:54 --------- d-----w c:\program files\Apple Software Update 2009-01-10 16:55 --------- d-----w c:\program files\Empire Interactive 2009-01-09 20:17 --------- d-----w c:\program files\DxO Labs 2009-01-07 17:40 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-03 13:53 --------- d-----w c:\program files\Everest Poker 2009-01-03 03:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-03 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-03 03:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-12-21 13:46 --------- d-----w c:\program files\Java 2008-12-21 13:34 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-21 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-21 13:30 --------- d-----w c:\program files\AGEIA Technologies 2008-12-21 12:43 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-16 19:40 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys 2008-03-09 06:25 236 ----a-w c:\program files\Fichiers communs\dx.reg 2008-02-24 18:15 87,608 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2008-02-24 18:15 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys . ------- Sigcheck ------- 2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\icon_TMP\wuauclt.exe 2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe 2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\system32\wuauclt.exe 2007-04-02 11:56 124376 5e5a6af2d6ff2d289414c53025fe2337 c:\windows\system_backup\wuauclt.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "CTFMON"="c:\windows\system32\wscript.exe" [2008-04-13 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2007-04-02 c:\windows\system32\advpack.dll] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "msacm.imc"= imc32.acm "msacm.l3codecp"= l3codecp.acm "VIDC.i263"= i263_32.drv "VIDC.ACDV"= ACDV.dll "MSVideo"= CSvidcap.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\0w.com] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6fnlpetp.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6x8be16.cmd] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2cmd.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2upd.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abk.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Adobe Gamma Loader.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algsrvs.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algssl.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Angry.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antihost.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu-0607g.xml] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu.stt] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswBoot.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.bin] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Autorun.ini] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.reg] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.txt] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.wsh] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunsc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastSS.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avciman.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgamsvr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscan.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupsvc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avzkrnl.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad1.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad2.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad3.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BIOSREAD.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caiss.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caissdt.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\catcache.dat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauninst.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavApp.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavasm.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavAUD.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCmd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCtx.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavEmSrv.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavmr.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavMUD.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavoar.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavQ.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRep.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRid.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSCons.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavse.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSn.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSub.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSubmit.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUMAS.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUserUpd.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavvl.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CEmRep.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahcomm.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahrule.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahum.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clldr.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMain.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\curidsbase.kdz] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\destrukto.vbs] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DF5Serv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\diffs.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32w.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb386.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebwcl.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwreg.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe] "Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e.cmd] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e9ehn1m8.com] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\edb.chk] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMDISK.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f0.cmd] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileKan.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\flashy.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fptrayproc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE ] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FrzState2k.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fs6519.dll.vbs] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssf.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssync.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\g2pfnid.com] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GetSI.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff_x64.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\h3.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hookinst.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\i.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iefqwp.cmd] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ij.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstallCAVS.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstLsp.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafe.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafInst.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav.bav] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavbase.kdl] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ker.vbs] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KeyMgr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killVBS.vbs] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kl1.sys] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klavemu.kdl] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.cat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.sys] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.cat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.sys] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klim5.sys] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.ex] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licreg.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lky.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\m2nl.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcappins.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcaupdate.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinfo.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinsupd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcregwiz.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mctray.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdmgr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdui.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsftsn.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsmap.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.pif] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfir80.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSGrc32.vbs] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msime80.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msizap.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgs.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcm80.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcp80.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr71.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr80.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd3.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\naiavfin.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\new folder.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\njibyekk.com] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\olb1iimw.bat] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OnAccessInstaller.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagent.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagentwd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavReport.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prloader.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHost.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskmssvc.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QtnMaint.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcukd.cmd] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reload.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescuecd.zip] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sal.xls.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHOST.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhosts.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHSOT.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHOST.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvvhosts.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHSOT.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SendLogs.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\session.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SocksA.ex] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOCFG.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOLITE.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSCAN.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSENT.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidercpl.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssvichosst.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UdaterUI.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\unp_test.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\update.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updater.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSDbMaker.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userdump.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UUpd.EXE] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\v.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Act.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ECM.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ifs.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32PP3.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Qtn.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbglobal.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbimport.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbinst.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbscan.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbsystry.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VetMsg.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusutilities.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VsTskMgr.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whi.com] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinGrc32.dll] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yannh.cmd] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ybj8df.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"= "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\far cry 2\\bin\\FarCry2.exe"= "d:\\far cry 2\\bin\\FC2Launcher.exe"= "d:\\far cry 2\\bin\\FC2Editor.exe"= "d:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21729:TCP"= 21729:TCP:BitComet 21729 TCP "21729:UDP"= 21729:UDP:BitComet 21729 UDP "8001:TCP"= 8001:TCP:BitComet 8001 TCP "8001:UDP"= 8001:UDP:BitComet 8001 UDP "8000:TCP"= 8000:TCP:BitComet 8000 TCP "8000:UDP"= 8000:UDP:BitComet 8000 UDP R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-03-16 19572] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-02-24 19:14:59 13560] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-02-24 34944] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S0 klbg;KlBg;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2008-04-26 1527900] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-03 38496] S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2008-09-30 30272] S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2008-09-30 37440] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fccf6042-e620-11dc-b5ee-001bfca3cfa9}] \Shell\AutoRun\command - xeekrd.exe \Shell\explore\Command - xeekrd.exe \Shell\open\Command - xeekrd.exe . Contenu du dossier 'Tâches planifiées' 2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-regdiit - c:\windows\system32\win.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 uInternet Settings,ProxyOverride = *.local IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 20:52:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31] "ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF] "ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance] "Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00, 00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1380) c:\windows\system32\relog_ap.dll - - - - - - - > 'explorer.exe'(676) c:\program files\SuperCopier2\SC2Hook.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\RealVNC\VNC4\winvnc4.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Orb Networks\Orb\bin\Orb.exe c:\windows\system32\verclsid.exe . ************************************************************************** . Heure de fin: 2009-02-15 20:57:26 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-15 19:57:23 ComboFix2.txt 2009-02-15 18:22:38 Avant-CF: 20 040 708 096 octets libres Après-CF: 20,020,330,496 octets libres 763 sympa il en a elimine bcp mais ils reviennent.. jai une erreur quand je redemarre , winjpg.jpg vbs script error, je fais ok et apres seulement il me genere le log...
  19. alfa128
    jai deja utilise combo fix max de fois ten fais pas je suis conscient des risques! dans mon boulot je passe mon temps a depanner des gens, cest le comble non ?? mais y ma pas resolu le probleme! par contre lorsque je vais redemarrer apres lavoir lance je le redemarre en mode sans echec ou en mode normal ? car si meme apres avoir lance combofix, lorsque il redemarre en mode normal im le met installation des nouveaux programmes (systeme34/antivir.exe).. si tu savais combien de fois je lai lance ce soft, cest fou, il me les elimine bien mais tout revient tt de suite apres...
  20. alfa128
    rapport pris sur le DESKTOP en MODE SANS ECHEC : info.txt info.txt logfile of random's system information tool 1.05 2009-02-15 12:38:19 ======Uninstall list====== -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2} -->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" ACDSee 9 Gestionnaire de photos-->MsiExec.exe /I{91A06334-CB8D-422A-9699-251217674FD4} Acronis Migrate Easy-->C:\Program Files\Acronis\MigrateEasy\MediaBuilder.exe -uninstall Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B} Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250} Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA} Adobe Premiere Pro CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244} Adobe Shockwave Player-->MsiExec.exe /X{43BFB9E2-169C-46A9-BB81-141A37FD9750} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Audio Utilities Collection-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\AEncoder.inf,AEncUninstall AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe" AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" BitComet 0.85-->C:\Program Files\BitComet\uninst.exe BMO WORLD 4.4.1-->"C:\Program Files\bmoworld\unins000.exe" Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Call of Duty® - World at War 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409 Call of Duty® - World at War-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c Camtasia Studio 5-->MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275} Correctif Lecteur Windows Media 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe" Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4} DirectX10 RC2 Pre Fix 3-->"C:\WINDOWS\system32\unins000.exe" DVD Decrypter 3.5.4.0-->MsiExec.exe /I{6406E9DB-A9E0-4DB8-A3A8-ED86959AD481} DVDFab Platinum 3.0.5.5-->"C:\Program Files\DVDFab Platinum 3\unins000.exe" EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe eMule Plus 1.2b-->"C:\Program Files\eMule\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly FAT32 Format-->C:\PROGRAM FILES\FAT32 Format\Uninstall.EXE Firebird SQL Server - MAGIX Edition (F)-->C:\MAGIX\Common\Database\uninstall.exe FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u FlatOut Ultimate Carnage-->C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe" Free Video to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe" Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe" Free YouTube to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPhone Converter\unins000.exe" Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly HashTab Shell Extension 1.11 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe hp deskjet 5100 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series ImTOO iPhone Video Converter-->C:\Program Files\ImTOO\iPhone Video Converter 3\Uninstall.exe iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} J2SE Development Kit 5.0 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG MAGIX Music Manager 2006 (F)-->C:\MAGIX\Music_Manager_2006\instslct.exe MAGIX Photo Clinic 4.5 (F)-->C:\MAGIX\Photo_Clinic_45\instslct.exe MAGIX Photo Manager 2006 (F)-->C:\MAGIX\Photo_Manager_2006\instslct.exe MAGIX Photos sur CD & DVD 5.0 deluxe (F)-->C:\MAGIX\Photos_sur_CD_DVD_5_dlx\instslct.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (1.5)-->C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fr)" MSFN Codec Pack 3.0-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\codec.inf, DefaultUninstall,3 MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{025B7033-5D4A-4B72-A1C2-84BE4BE2F72F} Nero 7 Lite 7.7.5.1-->"C:\Program Files\Nero\unins000.exe" NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592} OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U Orb-->"C:\Program Files\Orb Networks\Orb\uninstall.exe" Paint.NET v3.05-->MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05} PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x40c PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} PKR-->"C:\Program Files\PKR\uninstall-pkr.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u QuickTime Alternative 1.78-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe" Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe" Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0} TMPGEnc Plus 2.5-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D} TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe Touchpad Media Server-->MsiExec.exe /I{747FD696-E5F7-4265-AD03-AD9C9F93E796} TuneAid 3.04-->"C:\Program Files\DigiDNA\TuneAid\unins000.exe" Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe" VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security System event log Computer Name: SWEET-AAD6E4A0D Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrB. Record Number: 5424 Source Name: Service Control Manager Time Written: 20081126214636.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SWEET-AAD6E4A0D Event Code: 7035 Message: Un contrôle Arrêter a correctement été envoyé au service PnkBstrB. Record Number: 5423 Source Name: Service Control Manager Time Written: 20081126214635.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SWEET-AAD6E4A0D Event Code: 7036 Message: Le service PnkBstrB est entré dans l'état : arrêté. Record Number: 5422 Source Name: Service Control Manager Time Written: 20081126214635.000000+060 Event Type: Informations User: Computer Name: SWEET-AAD6E4A0D Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrK. Record Number: 5421 Source Name: Service Control Manager Time Written: 20081126214622.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SWEET-AAD6E4A0D Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrB. Record Number: 5420 Source Name: Service Control Manager Time Written: 20081126214616.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Application event log Computer Name: SWEET-AAD6E4A0D Event Code: 701 Message: msnmsgr (980) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db'. Record Number: 7904 Source Name: ESENT Time Written: 20081224000018.000000+060 Event Type: Informations User: Computer Name: SWEET-AAD6E4A0D Event Code: 700 Message: msnmsgr (980) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db'. Record Number: 7903 Source Name: ESENT Time Written: 20081224000018.000000+060 Event Type: Informations User: Computer Name: SWEET-AAD6E4A0D Event Code: 102 Message: msnmsgr (980) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 7902 Source Name: ESENT Time Written: 20081223163840.000000+060 Event Type: Informations User: Computer Name: SWEET-AAD6E4A0D Event Code: 100 Message: msnmsgr (980) Le moteur de base de données 5.01.2600.5512 est démarré. Record Number: 7901 Source Name: ESENT Time Written: 20081223163840.000000+060 Event Type: Informations User: Computer Name: SWEET-AAD6E4A0D Event Code: 101 Message: msnmsgr (980) Le moteur de base de données est arrêté. Record Number: 7900 Source Name: ESENT Time Written: 20081223163818.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime Alternative\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "RGSCLauncher"=D:\Rockstar Games\Rockstar Games Social Club "RGSC"=D:\Rockstar Games\Rockstar Games Social Club\1_0_0_0 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- log.txt Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-02-15 20:17:32 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (15%) free of 130 GB Total RAM: 2047 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:17:58, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8008 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}] FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0124123D-61B4-456f-AF86-78C53A0790C5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640] "nwiz"=nwiz.exe /install [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648] "regdiit"=C:\WINDOWS\system32\win.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672] "Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide" "C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur" "D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War " "C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b237bbb6-03cb-11dd-ba26-001bfca3cfa9}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}] shell\AutoRun\command - H:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fccf6042-e620-11dc-b5ee-001bfca3cfa9}] shell\AutoRun\command - xeekrd.exe shell\explore\command - xeekrd.exe shell\open\command - xeekrd.exe ======List of files/folders created in the last 1 months====== 2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-15 19:25:37 ----SHD---- C:\RECYCLER 2009-02-15 19:22:38 ----A---- C:\ComboFix.txt 2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store# 2009-02-15 17:48:40 ----SHD---- C:\Config.Msi 2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR 2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT 2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA 2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA 2009-02-15 15:09:14 ----D---- C:\SDFix 2009-02-15 14:57:36 ----D---- C:\WINDOWS\temp 2009-02-15 14:40:07 ----D---- C:\VundoFix Backups 2009-02-15 14:40:07 ----A---- C:\VundoFix.txt 2009-02-15 12:38:11 ----D---- C:\rsit 2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro 2009-02-15 12:29:48 ----A---- C:\Boot.bak 2009-02-15 12:29:38 ----RASHD---- C:\cmdcons 2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe 2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe 2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT 2009-02-15 12:27:07 ----D---- C:\Qoobox 2009-02-15 12:06:43 ----D---- C:\WINDOWS\system32\systeme34 2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU 2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games 2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid 2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA ======List of files/folders modified in the last 1 months====== 2009-02-15 19:33:56 ----D---- C:\WINDOWS 2009-02-15 19:22:43 ----D---- C:\WINDOWS\system32\drivers 2009-02-15 19:22:43 ----D---- C:\WINDOWS\system32 2009-02-15 19:22:43 ----D---- C:\WINDOWS\Prefetch 2009-02-15 19:21:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-15 19:18:04 ----A---- C:\WINDOWS\system.ini 2009-02-15 19:17:11 ----SHD---- C:\WINDOWS\CSC 2009-02-15 19:17:00 ----D---- C:\Program Files\SuperCopier2 2009-02-15 19:15:35 ----D---- C:\WINDOWS\system32\config 2009-02-15 19:15:13 ----D---- C:\WINDOWS\AppPatch 2009-02-15 19:15:11 ----D---- C:\Program Files\Fichiers communs 2009-02-15 19:14:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-02-15 18:32:22 ----SHD---- C:\WINDOWS\Installer 2009-02-15 18:32:01 ----HD---- C:\WINDOWS\inf 2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab 2009-02-15 17:41:22 ----SHD---- C:\System Volume Information 2009-02-15 17:41:22 ----D---- C:\WINDOWS\system32\Restore 2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache 2009-02-15 16:50:44 ----D---- C:\Program Files\Mozilla Firefox 2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-15 16:16:39 ----D---- C:\Program Files\eMule 2009-02-15 15:48:44 ----RD---- C:\Program Files 2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump 2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug 2009-02-15 12:29:48 ----RASH---- C:\boot.ini 2009-02-15 11:53:44 ----D---- C:\Downloads 2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft 2009-02-11 18:45:16 ----D---- C:\Temp 2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet 2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI 2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP 2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX 2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly 2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS 2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft 2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664] S1 FNETDEVI;FNETDEVI; \??\C:\WINDOWS\system32\drivers\FNETDEVI.SYS [] S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [] S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] S2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 arly6d5y;arly6d5y; C:\WINDOWS\system32\drivers\arly6d5y.sys [] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360] S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv [] S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908] S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248] S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- merci pour la rapidite de la reponse tes un robot ou quoi ?? lol
  21. alfa128
    PS: je precise que tous les systemes XP sont a jour
  22. alfa128
    Bonjour, et tout dabord pour tous les bons conseils de ce site, vraiment pratique. Alors voila, je viens a vous car ca va faire un week end entier que je me bat contre le vers backdoor.win32.bifrose qui a maintenant infecté 3 de mes postes. un LAPTOP LG Centrino equipe de winXP (avast, vous allez me dire cest normal) un NC10 samsung (virus scan, deja cest moins normal!) un desktop core2DUO equipe de winxp pro (Kaspersky 7 a jour) jai suivi la procedure de Malekal a la lettre en utilisant CCLEANER, MBAM, SDFIX,COMBOFIX, AVIRA + desactivation restau systeme) mais malgres cela des que je redemarre et relance un scan MBAM, il me retrouve 130 infections de la base de registre (security hijack), je les elimine (deja ca prend 30 min) pour finir par une belle erreur winfile32.jpg bs script error et la impossible dacceder a la base de registre ou au gestionnaire des taches. je me remet en mode sans echec et refais toute la desinfection mais toujours le meme probleme lorsque je retourne en mode normal!! Je precise que il ny a aucun support de stockage branche ni meme de connexion reseau! comment peut il revenir sans cesse ca me depasse! donc jai restaure le NC10 avec backup initial mais le virus revient sans cesse (pour info cest c:/win.exe et c:/systeme34/antivir.exe qui est touche). jai formatte le LAPTOP LG et la tout semble ok malheureusement je ne peux pas me permettre de formatter le DESKTOP, jai un maximum de donnee+ serveur virtuel stocke dessus.. Je cherche donc une solution pour eradiquer une fois pour toute ce vers, je sais que la tache n'est pas aisé mais dans l'info rien n'est impossible... personnelement, j'ai deja combattu bcp de vers (je bosse ds une boite dinfo, chercher l'erreur!!!) je precise que sur le NC10, je lance INTERNET EXPLORER et jai un magnifique Hacked by proster et une belle page d'accueil en arabe... sur le desktop, si je tente de telecharger nimporte quel fichier dans IE ou Firefox, ca me met impossible de sauvegarder le fichier, vous n'avez pas les droits... voila desole pour le monologue, si vous avez besoin de plus de detail , n'hesitez pas, si vous avez une solution je suis preneur!! Ce qui m'intrigue cest comment fait il pour revenir sans cesse et comment Kaspersky 7 ne l'a pas bloque avant l'infection ??? merci d'avance a la bonne ame qui trouvera la solution alfa
×
×
  • Créer...