alfa128
-
Compteur de contenus
22 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par alfa128
-
-
bonsoir, j'ai ete tres recemment infecté par le virus bifrose sur 3 de mes machines et grace aux precieux conseils des admins du site jai pu le resoudre sur 2 postes.
jai donc formaté le 3eme pour que tous soit propre mais jai reutilise des supports de stockage qui ont de grandes chances detre encore verrolés.
qqun peut il jeter un oeil sur le rapport RSIT ci joint et mindiquer si je suis toujours sujet a la bestiole bifrose ??
ceci dans l'optique deviter detre reinfecté une fois de plus par un simple oubli du virus sur une cle usb quelconque...
ci joint le rapport RSIT pour un laptop LG equipe de winxp pro (avec 3 support de stockage branché)
log.txt : Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-15 23:24:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 70 GB (92%) free of 76 GB
Total RAM: 766 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:16, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
--
End of file - 4715 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"Mmm"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-25 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMBalloonTip"=0
"NoSMConfigurePrograms"=1
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2009-02-15 23:24:52 ----D---- C:\Program Files\trend micro
2009-02-15 23:24:51 ----D---- C:\rsit
2009-02-15 21:21:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-02-15 21:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-15 21:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-15 19:40:57 ----D---- C:\WINDOWS\Sun
2009-02-15 19:34:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-15 19:29:08 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-15 19:28:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-02-15 19:27:54 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irftp.exe
2009-02-15 19:25:35 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-15 19:24:00 ----A---- C:\WINDOWS\system32\OLD6.tmp
2009-02-15 19:23:59 ----D---- C:\WINDOWS\LastGood
2009-02-15 19:22:22 ----A---- C:\WINDOWS\imsins.BAK
2009-02-15 19:22:19 ----SHD---- C:\WINDOWS\Installer
2009-02-15 19:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-15 19:22:18 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-02-15 19:22:18 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-15 19:22:14 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-02-15 19:22:13 ----RD---- C:\Program Files
2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs
2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-15 19:21:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-15 19:21:57 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-15 19:21:56 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-15 19:21:55 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-02-15 19:21:53 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-15 19:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-15 19:21:34 ----RA---- C:\WINDOWS\SET8.tmp
2009-02-15 19:21:31 ----RA---- C:\WINDOWS\SET4.tmp
2009-02-15 19:21:28 ----RA---- C:\WINDOWS\SET3.tmp
2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-15 19:21:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-15 19:20:40 ----A---- C:\WINDOWS\setuplog.txt
2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2r32.dll
2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2c32.dll
2009-02-15 19:19:30 ----A---- C:\WINDOWS\system32\udaprop.dll
2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmudax.dll
2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\Audio3D.dll
2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\a3d.dll
2009-02-15 19:19:16 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2009-02-15 19:18:05 ----D---- C:\Program Files\Kaspersky Lab
2009-02-15 19:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-02-15 19:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 19:14:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities
2009-02-15 19:14:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-02-15 19:14:44 ----HD---- C:\Program Files\Uninstall Information
2009-02-15 19:13:26 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-02-15 19:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-02-15 19:12:38 ----A---- C:\WINDOWS\system32\atioglx2.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\Atioglgl.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-02-15 19:11:52 ----D---- C:\Program Files\D-Tools
2009-02-15 19:11:46 ----D---- C:\Program Files\Unlocker
2009-02-15 19:11:38 ----D---- C:\WINDOWS\system32\Adobe
2009-02-15 19:11:26 ----D---- C:\Program Files\Media Player Classic
2009-02-15 19:11:21 ----D---- C:\Program Files\Combined Community Codec Pack
2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-02-15 19:11:07 ----D---- C:\Program Files\Real Alternative
2009-02-15 19:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-02-15 19:11:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real
2009-02-15 19:10:58 ----D---- C:\Program Files\QT Lite
2009-02-15 19:10:53 ----D---- C:\Program Files\Chrono Shutdown
2009-02-15 19:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-15 19:10:41 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-15 19:10:41 ----D---- C:\Program Files\Adobe
2009-02-15 19:09:59 ----SHD---- C:\System Volume Information
2009-02-15 19:09:59 ----D---- C:\Documents and Settings
2009-02-15 19:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-02-15 19:09:48 ----D---- C:\Program Files\Fichiers communs\ACD Systems
2009-02-15 19:09:48 ----D---- C:\Program Files\ACD Systems
2009-02-15 19:09:29 ----SH---- C:\boot.ini
2009-02-15 19:09:24 ----D---- C:\Program Files\DAMN NFO Viewer
2009-02-15 19:09:17 ----D---- C:\Program Files\Windows Live Safety Center
2009-02-15 19:09:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-15 19:09:06 ----D---- C:\Program Files\Windows Live
2009-02-15 19:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-02-15 19:08:35 ----D---- C:\Program Files\InstallShield Installation Information
2009-02-15 19:08:35 ----D---- C:\Program Files\Fichiers communs\CyberLink
2009-02-15 19:08:06 ----D---- C:\Program Files\CyberLink
2009-02-15 19:07:57 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-15 19:07:21 ----D---- C:\Program Files\ImgBurn
2009-02-15 19:07:19 ----D---- C:\Program Files\WinRAR
2009-02-15 19:06:40 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-02-15 19:06:01 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-15 19:06:01 ----D---- C:\Program Files\MSBuild
2009-02-15 19:06:00 ----D---- C:\WINDOWS\system32\en-us
2009-02-15 19:05:56 ----D---- C:\Program Files\Reference Assemblies
2009-02-15 19:05:47 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-02-15 19:05:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-15 19:05:43 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll
2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XpsSvcs.dll
2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XPSSHHDR.dll
2009-02-15 19:05:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-02-15 19:05:17 ----D---- C:\Program Files\PuTTY
2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Wc.com
2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Vbar332.dll
2009-02-15 19:05:10 ----A---- C:\WINDOWS\system32\Upxgui.exe
2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Replacer.cmd
2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd
2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2inf.exe
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msrd2x35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjter35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjint35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjet35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Modifype.exe
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.exe
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.dll
2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\MakeISO.cmd
2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\LCISOCreator.exe
2009-02-15 19:05:04 ----A---- C:\WINDOWS\IsUninst.exe
2009-02-15 19:04:59 ----A---- C:\WINDOWS\system32\HFExtract.exe
2009-02-15 19:04:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe
2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\Fgcba.exe
2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\eXPander.exe
2009-02-15 19:04:54 ----D---- C:\WINDOWS\system32\Console
2009-02-15 19:04:54 ----D---- C:\Program Files\Epsilon Squared
2009-02-15 19:04:52 ----D---- C:\Program Files\Utilitaires
2009-02-15 19:04:52 ----D---- C:\Program Files\CMenu
2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cdimage.exe
2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabtool.exe
2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabarc.exe
2009-02-15 19:04:47 ----D---- C:\Program Files\WinMover
2009-02-15 19:04:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\EliasAE
2009-02-15 19:04:36 ----D---- C:\Program Files\FlashFXP
2009-02-15 19:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP
2009-02-15 19:04:30 ----A---- C:\WINDOWS\system32\notepad.original.exe
2009-02-15 19:04:30 ----A---- C:\WINDOWS\notepad.original.exe
2009-02-15 19:04:28 ----D---- C:\Program Files\Notepad++
2009-02-15 19:04:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Notepad++
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXR7.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagX7.dll
2009-02-15 19:04:03 ----D---- C:\Program Files\Nero
2009-02-15 19:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-02-15 19:04:02 ----D---- C:\Program Files\Fichiers communs\Nero
2009-02-15 19:03:49 ----D---- C:\Program Files\MSECache
2009-02-15 19:03:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-15 19:03:42 ----RSD---- C:\WINDOWS\Fonts
2009-02-15 19:03:42 ----RD---- C:\WINDOWS\Web
2009-02-15 19:03:42 ----HD---- C:\WINDOWS\inf
2009-02-15 19:03:42 ----D---- C:\WINDOWS\WinSxS
2009-02-15 19:03:42 ----D---- C:\WINDOWS\twain_32
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Temp
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wins
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wbem
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\usmt
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\spool
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Setup
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ras
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\oobe
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\npp
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\mui
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Macromed
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\IME
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\icsxml
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ias
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr-fr
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\export
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\drivers
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\dhcp
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\config
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3076
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\2052
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1054
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1042
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1041
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1037
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1036
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1033
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1031
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1028
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1025
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system
2009-02-15 19:03:42 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-15 19:03:42 ----D---- C:\WINDOWS\security
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Resources
2009-02-15 19:03:42 ----D---- C:\WINDOWS\repair
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Provisioning
2009-02-15 19:03:42 ----D---- C:\WINDOWS\PeerNet
2009-02-15 19:03:42 ----D---- C:\WINDOWS\pchealth
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Network Diagnostic
2009-02-15 19:03:42 ----D---- C:\WINDOWS\mui
2009-02-15 19:03:42 ----D---- C:\WINDOWS\msapps
2009-02-15 19:03:42 ----D---- C:\WINDOWS\msagent
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Media
2009-02-15 19:03:42 ----D---- C:\WINDOWS\L2Schemas
2009-02-15 19:03:42 ----D---- C:\WINDOWS\java
2009-02-15 19:03:42 ----D---- C:\WINDOWS\ime
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Help
2009-02-15 19:03:42 ----D---- C:\WINDOWS\ehome
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Driver Cache
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Debug
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Cursors
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Connection Wizard
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Config
2009-02-15 19:03:42 ----D---- C:\WINDOWS\AppPatch
2009-02-15 19:03:42 ----D---- C:\WINDOWS\addins
2009-02-15 19:03:42 ----D---- C:\WINDOWS
2009-02-15 18:54:31 ----D---- C:\Program Files\Microsoft Works
2009-02-15 18:54:00 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-15 18:54:00 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-02-15 18:53:30 ----D---- C:\Program Files\Microsoft.NET
2009-02-15 18:51:07 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-15 18:50:16 ----D---- C:\WINDOWS\SHELLNEW
2009-02-15 18:49:31 ----D---- C:\Program Files\Microsoft Office
2009-02-15 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-15 18:49:04 ----RHD---- C:\MSOCache
2009-02-15 18:47:56 ----D---- C:\Program Files\Mozilla Thunderbird
2009-02-15 18:47:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-02-15 18:47:28 ----D---- C:\Program Files\Mozilla Firefox
2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\java.exe
2009-02-15 18:46:42 ----D---- C:\Program Files\Java
2009-02-15 18:46:40 ----D---- C:\Program Files\Fichiers communs\Java
2009-02-15 18:46:34 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-02-15 18:44:55 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-02-15 18:44:55 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
2009-02-15 18:42:08 ----A---- C:\WINDOWS\system32\cmdow.exe
2009-02-15 18:39:46 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-15 18:39:01 ----RSD---- C:\WINDOWS\assembly
2009-02-15 18:39:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-15 18:38:47 ----A---- C:\WINDOWS\control.ini
2009-02-15 18:38:47 ----A---- C:\AUTOEXEC.BAT
2009-02-15 18:38:30 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-15 18:38:24 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-15 18:38:24 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-15 18:37:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-15 18:36:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-15 18:36:47 ----HD---- C:\Program Files\WindowsUpdate
2009-02-15 18:36:41 ----D---- C:\Program Files\Services en ligne
2009-02-15 18:36:20 ----D---- C:\WINDOWS\system32\DirectX
2009-02-15 18:36:10 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-15 18:36:08 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-15 18:36:07 ----A---- C:\WINDOWS\desktop.ini
2009-02-15 18:36:01 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-15 18:36:00 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-15 18:35:59 ----D---- C:\Program Files\Fichiers communs\Services
2009-02-15 18:35:56 ----SD---- C:\WINDOWS\Tasks
2009-02-15 18:35:56 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-15 18:35:55 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-02-15 18:35:51 ----D---- C:\WINDOWS\srchasst
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.685515.bak
2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.685390.bak
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-15 18:35:40 ----D---- C:\Program Files\Movie Maker
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-15 18:35:13 ----D---- C:\WINDOWS\system32\Restore
2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-15 18:35:11 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-15 18:35:07 ----D---- C:\Program Files\NetMeeting
2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-15 18:35:05 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-15 18:35:04 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-15 18:35:02 ----D---- C:\Program Files\Outlook Express
2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-15 18:34:54 ----D---- C:\Program Files\Fichiers communs\System
2009-02-15 18:33:50 ----D---- C:\Program Files\ComPlus Applications
2009-02-15 18:33:47 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-15 18:33:47 ----A---- C:\WINDOWS\vb.ini
2009-02-15 18:33:39 ----D---- C:\WINDOWS\Registration
2009-02-15 18:33:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-15 18:33:12 ----D---- C:\Program Files\Windows Media Player
2009-02-15 18:33:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-02-15 18:33:01 ----A---- C:\WINDOWS\system32\vb40032.dll
2009-02-15 18:33:00 ----A---- C:\WINDOWS\system32\ssleay32.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\openal32.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvci70.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstkprp.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71u.dll
2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71.dll
2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70u.dll
2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-02-15 18:32:53 ----A---- C:\WINDOWS\system32\libssl32.dll
2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libmmd.dll
2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libintl3.dll
2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libiconv2.dll
2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\zlib1.dll
2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\cygwinb19.dll
2009-02-15 18:32:50 ----A---- C:\WINDOWS\system32\cygwin1.dll
2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\autoitx3.dll
2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl71.dll
2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl70.dll
2009-02-15 18:32:01 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-15 18:32:01 ----A---- C:\WINDOWS\system32\winfxdocobj.exe
2009-02-15 18:32:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-15 18:31:59 ----D---- C:\WINDOWS\wbem
2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-15 18:31:57 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-02-15 18:31:55 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-02-15 18:31:53 ----D---- C:\Program Files\Internet Explorer
2009-02-15 18:31:50 ----D---- C:\Program Files\MSN Gaming Zone
2009-02-15 18:31:50 ----A---- C:\WINDOWS\system32\write.exe
2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-15 18:31:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-15 18:31:20 ----D---- C:\Program Files\Windows NT
2009-02-15 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-15 18:31:15 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-15 18:31:12 ----D---- C:\WINDOWS\system32\Com
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-15 18:31:10 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-15 18:31:04 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\cmprops.dll
======List of files/folders modified in the last 1 months======
2009-02-15 19:22:11 ----A---- C:\WINDOWS\system.ini
2009-02-15 19:07:53 ----A---- C:\WINDOWS\system32\msxml3r.dll
2009-02-15 18:38:44 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-06-25 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-06-25 14720]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-06-25 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-08-15 1287296]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-06-25 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-25 10368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-06-25 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-06-25 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-25 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-25 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-06-25 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
info.txt
info.txt logfile of random's system information tool 1.05 2009-02-15 23:25:20
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall
Chrono Shutdown-->rundll32.exe advpack.dll,LaunchINFSection chrono.inf,ChronoShutdown.Uninstall
ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
CMenu-->"C:\Program Files\CMenu\CMenu.exe" /uninstall
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InstallWatch Pro 2.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu"
Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall
ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Nero 8 Lite 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall
QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe"
Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall
Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall
RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall
Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall
Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall
Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall
Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Unlocker.inf,Unlocker.Uninstall
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall
WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers
WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
System event log
Computer Name: SWEET-B1E093CFD
Event Code: 3260
Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.
Record Number: 5
Source Name: Workstation
Time Written: 20090215183056.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-B1E093CFD.
Record Number: 4
Source Name: EventLog
Time Written: 20090215182913.000000+060
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
Record Number: 3
Source Name: Serial
Time Written: 20090215191023.000000+060
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 2
Source Name: EventLog
Time Written: 20090215191009.000000+060
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090215191009.000000+060
Event Type: Informations
User:
Application event log
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20090215183333.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20090215183328.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20090215183050.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20090215183023.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20090215182925.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
tout a lair nickel pour moi mais je peux me tromper....
merci davance
-
oui jai lu le post, en fait jai eu deja affaire a ce tpe dinfection et celle la javais reussi a la combattre!
jy ai passe pas mal de temps mais javai reussi
grace a combofix dailleurs...
cest les gens com toi qui me font kiffer l'informatique!
encore bien joué!
-
magnifique !!!!
non plus de symptome depuis la restauration a letat initial de la bete!
par contre avant la restau cetait exactement le meme probleme
alors la cest vraiment la fete !
ok, alors prochaine resolution ne plus utiliser un seul support de stockage sur ce poste !!
dans la foulee je cree un dernier poste pour verifier le LG et tous les supports de stockage utilises dessus.
en tout cas merci et merci encore jy ai npeut etre passe un peu de temps mais jai echappe a un formattage qui maurais bouffe enormement de temps!
CLEAN!
-
si un jour tu es dispo pour me former, je suis plus qu'interressé !!!!
pour dire vrai, ca me fait tiquer que toutes ces aides soient benevoles, quand je pense que je bosse dans une boite d'infogerance dont je tairais evidemment le nom et que le quart ny connaisse rien en info, jme dis que taurais largement ta place plutot que bosser gratos, mais le sacrifice n'a pas de prix lol !
pour etre vraiment honnete, je nutilise pas dantivirus original car je lai achete une fois et resultat jme suis retrouve infecté..
je sais cest mal et je merite des coups de fouets mais cest un autre debat...
mais bon jvais peut etre craque pour acheter une vrai protec.. gdata peut etre ?
sinon en antivirus gratuit, avira reste le meilleur non ?
et merci encore pour l'attention, la reactivite et tout le temps passé!
-
bonsoir et remerci pour tous les precieux conseils prodigues et a tous les benevoles qui font vivre ce site!
jai tres recemment ete infecté par bifrose, jai donc lancer une restauration du NC10 a son etat initial et installe la version dessai du dernier virus scan.
je voudrais savoir si je suis toujours infecté et m'immuniser contre ce vers particulierement volatile.
alors ci joint le RSIT : info.txt
info.txt logfile of random's system information tool 1.05 2009-02-16 00:23:00
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Atheros WLAN Client-->"C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x040c -removeonly
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Magic Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Namuga 1.3M Webcam-->C:\Program Files\InstallShield Installation Information\{71A51B59-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Play Camera-->C:\Program Files\InstallShield Installation Information\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\setup.exe -runfromtemp -l0x040c
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Samsung Battery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x40c Remove
Samsung EDS-->MsiExec.exe /X{ABB14904-A11B-4F42-996C-80FD608A0F17}
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x40c Remove
Samsung Network Manager 2.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} /l1036
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung Update Plus-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1036
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
User Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x40c Remove
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
System event log
Computer Name: NC10
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 5
Source Name: EventLog
Time Written: 20090215232856.000000+060
Event Type: Informations
User:
Computer Name: NC10
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 4
Source Name: EventLog
Time Written: 20090215232856.000000+060
Event Type: Informations
User:
Computer Name: NC10
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 3
Source Name: EventLog
Time Written: 20090115015616.000000+060
Event Type: Informations
User:
Computer Name: NC10
Event Code: 1074
Message: Le processus winlogon.exe a initialisé le redémarrage de NC10 pour la raison suivante : Aucun titre à cette raison n'a pu être trouvé
Raison mineure : 0xff
Type d'arrêt : redémarrer.
Commentaire : System rebooting.
Record Number: 2
Source Name: USER32
Time Written: 20090115015604.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: NC10
Event Code: 115
Message: Le suivi de la Restauration système a été activé sur tous les lecteurs.
Record Number: 1
Source Name: SRService
Time Written: 20090115015254.000000+060
Event Type: Informations
User:
Application event log
Computer Name: NC10
Event Code: 11707
Message: Produit : Play Camera -- Installation terminée.
Record Number: 5
Source Name: MsiInstaller
Time Written: 20090115015539.000000+060
Event Type: Informations
User: NC10\Andre
Computer Name: NC10
Event Code: 11707
Message: Produit : WIDCOMM Bluetooth Software -- Installation terminée.
Record Number: 4
Source Name: MsiInstaller
Time Written: 20090115015518.000000+060
Event Type: Informations
User: NC10\Andre
Computer Name: NC10
Event Code: 0
Message:
Record Number: 3
Source Name: btwdins
Time Written: 20090115015517.000000+060
Event Type: Informations
User:
Computer Name: NC10
Event Code: 0
Message:
Record Number: 2
Source Name: btwdins
Time Written: 20090115015516.000000+060
Event Type: Informations
User:
Computer Name: NC10
Event Code: 11728
Message: Product: WebFldrs XP -- La configuration s'est terminée correctement.
Record Number: 1
Source Name: MsiInstaller
Time Written: 20090115015324.000000+060
Event Type: Informations
User: NC10\Andre
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
log.txt
infLogfile of random's system information tool 1.05 (written by random/random)
Run by Andre at 2009-02-16 00:22:38
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 66 GB (91%) free of 73 GB
Total RAM: 1014 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:57, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Andre\Bureau\RSIT.exe
C:\Program Files\trend micro\Andre.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [batteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Application Installer Cleanup (0294161234737087) (0294161234737087mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\029416~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
--
End of file - 6360 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2008-10-28 36972]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
""= []
"EDS"=C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [2007-12-20 659456]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2008-10-07 2768896]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-04 582992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-02-16 00:22:39 ----D---- C:\Program Files\trend micro
2009-02-16 00:22:38 ----D---- C:\rsit
2009-02-16 00:17:42 ----D---- C:\Program Files\Secunia
2009-02-16 00:09:58 ----D---- C:\WINDOWS\LastGood
2009-02-16 00:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-16 00:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-16 00:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-16 00:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-16 00:02:46 ----D---- C:\WINDOWS\ie7updates
2009-02-16 00:02:19 ----D---- C:\WINDOWS\WBEM
2009-02-16 00:01:04 ----HDC---- C:\WINDOWS\ie7
2009-02-16 00:00:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-02-16 00:00:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-02-15 23:57:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-15 23:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-15 23:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-02-15 23:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-15 23:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-15 23:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-15 23:51:06 ----D---- C:\Documents and Settings\Andre\Application Data\Mozilla
2009-02-15 23:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-15 23:50:46 ----D---- C:\Program Files\Mozilla Firefox
2009-02-15 23:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-15 23:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-02-15 23:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-15 23:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-15 23:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-15 23:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-15 23:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-15 23:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-02-15 23:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-15 23:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-15 23:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-15 23:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-15 23:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-15 23:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-15 23:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-15 23:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-15 23:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-15 23:47:11 ----SHD---- C:\Config.Msi
2009-02-15 23:43:17 ----D---- C:\Documents and Settings\Andre\Application Data\Macromedia
2009-02-15 23:40:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-15 23:39:59 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-15 23:39:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-15 23:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-15 23:39:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-15 23:33:19 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 months======
2009-02-16 08:22:41 ----D---- C:\WINDOWS\WinClon
2009-02-16 00:22:48 ----D---- C:\WINDOWS\Temp
2009-02-16 00:22:39 ----RD---- C:\Program Files
2009-02-16 00:20:08 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-16 00:17:45 ----HD---- C:\WINDOWS\inf
2009-02-16 00:17:45 ----D---- C:\WINDOWS\system32\drivers
2009-02-16 00:10:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-16 00:10:07 ----D---- C:\WINDOWS
2009-02-16 00:10:06 ----D---- C:\WINDOWS\system32
2009-02-16 00:08:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-16 00:08:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-16 00:08:11 ----D---- C:\WINDOWS\Help
2009-02-16 00:08:11 ----D---- C:\Program Files\Internet Explorer
2009-02-16 00:07:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-16 00:05:21 ----A---- C:\WINDOWS\imsins.BAK
2009-02-16 00:05:07 ----D---- C:\Program Files\Messenger
2009-02-16 00:02:58 ----D---- C:\WINDOWS\system32\fr-fr
2009-02-16 00:02:24 ----D---- C:\WINDOWS\system32\config
2009-02-16 00:02:11 ----D---- C:\WINDOWS\Media
2009-02-15 23:47:52 ----D---- C:\WINDOWS\WinSxS
2009-02-15 23:47:23 ----SHD---- C:\WINDOWS\Installer
2009-02-15 23:46:43 ----SD---- C:\Documents and Settings\Andre\Application Data\Microsoft
2009-02-15 23:31:25 ----D---- C:\Program Files\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-10-08 1334432]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2008-01-14 30208]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4753920]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-10 7808]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VMC326;Vimicro Camera Service VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [2008-09-23 238464]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 SNM WLAN Service;SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2006-10-30 36864]
S2 0294161234737087mcinstcleanup;McAfee Application Installer Cleanup (0294161234737087); C:\WINDOWS\TEMP\029416~1.EXE [2008-10-23 315264]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
-----------------EOF-----------------
-
non aucune envie de "jouer", bien au contraire, je bosse dans l'informatique et accessoirement suis en etude dans l'administration reseau.
je voulais juste savoir comment m'en servir de maniere propre, en prenant bien soin de ne pas faire d'erreur, ni d'ecriture ni d'interpré..
mais o fait si cest pas indiscret, jespere que votre equipe etes payes pour le temps que vous passez, cest bien la moindre des choses!!
donc par contre le kaspersky jai mis le 2009, fo ke je repasse sous le 7, jpense qu'on va debrancher le reseaupour etre sur de pas ce faire reinfecter ca parait plus sage !!
puis-je tembeter pour le NC10?
En fait jai fait une restore, installe la version essai de Virus Scan et tout ma lair propre...
je voudrais juste etre sur ke tout est clean..
puis-je t'envoyer un rapport de la machine ? (info + log)
PS : je n'ai toujours pas identifié la source du virus, soit clé usb, soit en provenance d'un fichier Skype, bref en tout cas c'est aps moi qui l'ai declenché, moi jai simplement voulu l'eradiquer, jme suis cru plus malin que lui et par ce fait l'ai amené a infecter ma machine!
loin d'etre malin finalement !!!!
En tout cas je te remercierais jamais assez et si thabite dans la region rhones alpes, on peut aller boire un pot un de ces 4 lool
-
ok, je suis tes instructions..
tembetent pas pour eliminer les outils utilises pas besoin...
rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:08, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 9122 bytes
-
oui desole je m'emballe un peu !!!
))oui le DESKTOP semble vraiment ok, merci bcp cetait le plus important !! enfin jpeux presque dormir tranquille !!!!
comment jpeux m'imuniser pour la suite ??
jpeux repasser sous KAP 7 tu pense ?
tu veux qu'on ouvre un autre thread pour le NC10 ?
Chui desole de te prendre tout ton temps mais il fo absolument que je me debarrasse du virus sur le NC10 avant mardi...
le LG peut largement attendre en tout cas
-
ci joint le Rapport RSIT du DESKTOP (peut etre plus utile et moins depaysant, on a commence avec celui la)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-15 23:28:44
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (15%) free of 130 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:52, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 9119 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
"D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War "
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2009-02-15 21:53:13 ----A---- C:\ComboFix.txt
2009-02-15 21:36:24 ----D---- C:\WINDOWS\temp
2009-02-15 20:51:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-15 20:43:56 ----D---- C:\Qoobox
2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store#
2009-02-15 17:48:40 ----SHD---- C:\Config.Msi
2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR
2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT
2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA
2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA
2009-02-15 14:40:07 ----D---- C:\VundoFix Backups
2009-02-15 14:40:07 ----A---- C:\VundoFix.txt
2009-02-15 12:38:11 ----D---- C:\rsit
2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro
2009-02-15 12:29:48 ----A---- C:\Boot.bak
2009-02-15 12:29:38 ----RASHD---- C:\cmdcons
2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe
2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT
2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU
2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games
2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid
2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA
======List of files/folders modified in the last 1 months======
2009-02-15 23:25:27 ----D---- C:\WINDOWS\Prefetch
2009-02-15 23:05:47 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-15 23:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-02-15 22:55:48 ----D---- C:\WINDOWS\system32\drivers
2009-02-15 22:54:28 ----D---- C:\Program Files\Mozilla Firefox
2009-02-15 21:57:20 ----D---- C:\WINDOWS
2009-02-15 21:54:56 ----SHD---- C:\WINDOWS\Installer
2009-02-15 21:54:43 ----HD---- C:\WINDOWS\inf
2009-02-15 21:54:26 ----D---- C:\WINDOWS\system32
2009-02-15 21:52:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-15 21:48:33 ----A---- C:\WINDOWS\system.ini
2009-02-15 21:47:45 ----SHD---- C:\WINDOWS\CSC
2009-02-15 21:47:34 ----D---- C:\Program Files\SuperCopier2
2009-02-15 21:46:37 ----D---- C:\WINDOWS\system32\config
2009-02-15 21:46:03 ----D---- C:\WINDOWS\AppPatch
2009-02-15 21:46:03 ----D---- C:\Program Files\Fichiers communs
2009-02-15 21:45:25 ----D---- C:\WINDOWS\system32\Restore
2009-02-15 21:44:55 ----SHD---- C:\System Volume Information
2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab
2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache
2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 16:16:39 ----D---- C:\Program Files\eMule
2009-02-15 15:48:44 ----RD---- C:\Program Files
2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump
2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug
2009-02-15 12:29:48 ----RASH---- C:\boot.ini
2009-02-15 11:53:44 ----D---- C:\Downloads
2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft
2009-02-11 18:45:16 ----D---- C:\Temp
2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet
2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI
2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP
2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX
2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly
2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS
2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft
2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 afkqojxi;afkqojxi; C:\WINDOWS\system32\drivers\afkqojxi.sys []
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []
S4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
-
pas de soucis je metais remis sur le LG formatte tout frais, donc si il recrache c pas grav, lessentiel c que le desktop fonctionne..
ci joint rapport , mais a partir du LG cles usb branchés :
info.txt logfile of random's system information tool 1.05 2009-02-15 23:25:20
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
ACDSee 10 Gestionnaire de photos-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Attribute Changer 6.0a-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,AttributeChanger.Uninstall
Chrono Shutdown-->rundll32.exe advpack.dll,LaunchINFSection chrono.inf,ChronoShutdown.Uninstall
ClipName-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ClipName.Uninstall
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
CMenu-->"C:\Program Files\CMenu\CMenu.exe" /uninstall
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Console 2-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Console.Uninstall
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
File Case Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,FileCase.Uninstall
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
HashTab 2.1-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,HashTab.Uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InstallWatch Pro 2.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Epsilon Squared\InstallWatch Pro\Uninst.isu"
Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
MakeISO-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MakeISO.Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mmm-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,MMM.Uninstall
ModifyPE-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ModifyPE.Uninstall
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Nero 8 Lite 8.3.2.1b-->"C:\Program Files\Nero\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall
QT Lite 2.6.0-->"C:\Program Files\QT Lite\unins000.exe"
Real Alternative 1.8.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
RefreshEM-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RefreshEM.Uninstall
Reg File Merger-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegMerger.Uninstall
RegShot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RegShot.Uninstall
Replacer-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,Replacer.Uninstall
Resource Hacker-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,ResHacker.Uninstall
Run Program Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,RunWith.Uninstall
Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Unlocker 1.8.7-->rundll32.exe advpack.dll,LaunchINFSection Unlocker.inf,Unlocker.Uninstall
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Utilitaires "Envoyer vers"-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,SendTo.Uninstall
WhyReboot-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,WhyReboot.Uninstall
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Vista Wallpapers-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VWall.inf,RemoveVWallpapers
WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XPero's eXPander-->rundll32.exe advpack.dll,LaunchINFSection Candy.inf,eXPander.Uninstall
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
System event log
Computer Name: SWEET-B1E093CFD
Event Code: 3260
Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.
Record Number: 5
Source Name: Workstation
Time Written: 20090215183056.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers SWEET-B1E093CFD.
Record Number: 4
Source Name: EventLog
Time Written: 20090215182913.000000+060
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
Record Number: 3
Source Name: Serial
Time Written: 20090215191023.000000+060
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 2
Source Name: EventLog
Time Written: 20090215191009.000000+060
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090215191009.000000+060
Event Type: Informations
User:
Application event log
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20090215183333.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20090215183328.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20090215183050.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20090215183023.000000+060
Event Type: Informations
User:
Computer Name: SWEET-B1E093CFD
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20090215182925.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
et ci joint le log RSIT
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-15 23:24:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 70 GB (92%) free of 76 GB
Total RAM: 766 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:16, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\WinMover\WinMover.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q
O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [iE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
--
End of file - 4715 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"Mmm"=C:\WINDOWS\system32\mmm.exe [2005-07-05 828416]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-25 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMBalloonTip"=0
"NoSMConfigurePrograms"=1
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2009-02-15 23:24:52 ----D---- C:\Program Files\trend micro
2009-02-15 23:24:51 ----D---- C:\rsit
2009-02-15 21:21:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-02-15 21:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-15 21:21:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-15 19:40:57 ----D---- C:\WINDOWS\Sun
2009-02-15 19:34:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-15 19:29:08 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-15 19:28:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-02-15 19:27:54 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irmon.dll
2009-02-15 19:27:22 ----A---- C:\WINDOWS\system32\irftp.exe
2009-02-15 19:25:35 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-15 19:24:00 ----A---- C:\WINDOWS\system32\OLD6.tmp
2009-02-15 19:23:59 ----D---- C:\WINDOWS\LastGood
2009-02-15 19:22:22 ----A---- C:\WINDOWS\imsins.BAK
2009-02-15 19:22:19 ----SHD---- C:\WINDOWS\Installer
2009-02-15 19:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-15 19:22:18 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-02-15 19:22:18 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-15 19:22:14 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-02-15 19:22:13 ----RD---- C:\Program Files
2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-02-15 19:22:13 ----D---- C:\Program Files\Fichiers communs
2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-15 19:22:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-15 19:22:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-15 19:22:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-15 19:22:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-15 19:22:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-15 19:21:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-15 19:21:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-15 19:21:57 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-15 19:21:56 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-15 19:21:55 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-02-15 19:21:53 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-15 19:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-15 19:21:34 ----RA---- C:\WINDOWS\SET8.tmp
2009-02-15 19:21:31 ----RA---- C:\WINDOWS\SET4.tmp
2009-02-15 19:21:28 ----RA---- C:\WINDOWS\SET3.tmp
2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-15 19:21:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-15 19:21:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-15 19:20:40 ----A---- C:\WINDOWS\setuplog.txt
2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2r32.dll
2009-02-15 19:20:11 ----A---- C:\WINDOWS\system32\Netw2c32.dll
2009-02-15 19:19:30 ----A---- C:\WINDOWS\system32\udaprop.dll
2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmudax.dll
2009-02-15 19:19:26 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\Audio3D.dll
2009-02-15 19:19:20 ----A---- C:\WINDOWS\system32\a3d.dll
2009-02-15 19:19:16 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2009-02-15 19:18:05 ----D---- C:\Program Files\Kaspersky Lab
2009-02-15 19:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-02-15 19:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 19:14:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities
2009-02-15 19:14:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-02-15 19:14:44 ----HD---- C:\Program Files\Uninstall Information
2009-02-15 19:13:26 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-02-15 19:13:16 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-02-15 19:12:41 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-02-15 19:12:38 ----A---- C:\WINDOWS\system32\atioglx2.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\Atioglgl.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-02-15 19:12:37 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-15 19:12:36 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-02-15 19:12:20 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-02-15 19:11:52 ----D---- C:\Program Files\D-Tools
2009-02-15 19:11:46 ----D---- C:\Program Files\Unlocker
2009-02-15 19:11:38 ----D---- C:\WINDOWS\system32\Adobe
2009-02-15 19:11:26 ----D---- C:\Program Files\Media Player Classic
2009-02-15 19:11:21 ----D---- C:\Program Files\Combined Community Codec Pack
2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-02-15 19:11:08 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-02-15 19:11:07 ----D---- C:\Program Files\Real Alternative
2009-02-15 19:11:07 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-02-15 19:11:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real
2009-02-15 19:10:58 ----D---- C:\Program Files\QT Lite
2009-02-15 19:10:53 ----D---- C:\Program Files\Chrono Shutdown
2009-02-15 19:10:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-15 19:10:41 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-15 19:10:41 ----D---- C:\Program Files\Adobe
2009-02-15 19:09:59 ----SHD---- C:\System Volume Information
2009-02-15 19:09:59 ----D---- C:\Documents and Settings
2009-02-15 19:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-02-15 19:09:48 ----D---- C:\Program Files\Fichiers communs\ACD Systems
2009-02-15 19:09:48 ----D---- C:\Program Files\ACD Systems
2009-02-15 19:09:29 ----SH---- C:\boot.ini
2009-02-15 19:09:24 ----D---- C:\Program Files\DAMN NFO Viewer
2009-02-15 19:09:17 ----D---- C:\Program Files\Windows Live Safety Center
2009-02-15 19:09:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-15 19:09:06 ----D---- C:\Program Files\Windows Live
2009-02-15 19:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-02-15 19:08:35 ----D---- C:\Program Files\InstallShield Installation Information
2009-02-15 19:08:35 ----D---- C:\Program Files\Fichiers communs\CyberLink
2009-02-15 19:08:06 ----D---- C:\Program Files\CyberLink
2009-02-15 19:07:57 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-15 19:07:21 ----D---- C:\Program Files\ImgBurn
2009-02-15 19:07:19 ----D---- C:\Program Files\WinRAR
2009-02-15 19:06:40 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-02-15 19:06:01 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-15 19:06:01 ----D---- C:\Program Files\MSBuild
2009-02-15 19:06:00 ----D---- C:\WINDOWS\system32\en-us
2009-02-15 19:05:56 ----D---- C:\Program Files\Reference Assemblies
2009-02-15 19:05:47 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-02-15 19:05:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-15 19:05:43 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll
2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XpsSvcs.dll
2009-02-15 19:05:41 ----N---- C:\WINDOWS\system32\XPSSHHDR.dll
2009-02-15 19:05:34 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-02-15 19:05:17 ----D---- C:\Program Files\PuTTY
2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Wc.com
2009-02-15 19:05:11 ----A---- C:\WINDOWS\system32\Vbar332.dll
2009-02-15 19:05:10 ----A---- C:\WINDOWS\system32\Upxgui.exe
2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Replacer.cmd
2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2InfHandler.cmd
2009-02-15 19:05:09 ----A---- C:\WINDOWS\system32\Reg2inf.exe
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msrd2x35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjter35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjint35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Msjet35.dll
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\Modifype.exe
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.exe
2009-02-15 19:05:05 ----A---- C:\WINDOWS\system32\MMM.dll
2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\MakeISO.cmd
2009-02-15 19:05:04 ----A---- C:\WINDOWS\system32\LCISOCreator.exe
2009-02-15 19:05:04 ----A---- C:\WINDOWS\IsUninst.exe
2009-02-15 19:04:59 ----A---- C:\WINDOWS\system32\HFExtract.exe
2009-02-15 19:04:56 ----A---- C:\WINDOWS\system32\FGCBAHandler.exe
2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\Fgcba.exe
2009-02-15 19:04:55 ----A---- C:\WINDOWS\system32\eXPander.exe
2009-02-15 19:04:54 ----D---- C:\WINDOWS\system32\Console
2009-02-15 19:04:54 ----D---- C:\Program Files\Epsilon Squared
2009-02-15 19:04:52 ----D---- C:\Program Files\Utilitaires
2009-02-15 19:04:52 ----D---- C:\Program Files\CMenu
2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cdimage.exe
2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabtool.exe
2009-02-15 19:04:52 ----A---- C:\WINDOWS\system32\Cabarc.exe
2009-02-15 19:04:47 ----D---- C:\Program Files\WinMover
2009-02-15 19:04:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\EliasAE
2009-02-15 19:04:36 ----D---- C:\Program Files\FlashFXP
2009-02-15 19:04:36 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP
2009-02-15 19:04:30 ----A---- C:\WINDOWS\system32\notepad.original.exe
2009-02-15 19:04:30 ----A---- C:\WINDOWS\notepad.original.exe
2009-02-15 19:04:28 ----D---- C:\Program Files\Notepad++
2009-02-15 19:04:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Notepad++
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXR7.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2009-02-15 19:04:04 ----A---- C:\WINDOWS\system32\imagX7.dll
2009-02-15 19:04:03 ----D---- C:\Program Files\Nero
2009-02-15 19:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-02-15 19:04:02 ----D---- C:\Program Files\Fichiers communs\Nero
2009-02-15 19:03:49 ----D---- C:\Program Files\MSECache
2009-02-15 19:03:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-15 19:03:42 ----RSD---- C:\WINDOWS\Fonts
2009-02-15 19:03:42 ----RD---- C:\WINDOWS\Web
2009-02-15 19:03:42 ----HD---- C:\WINDOWS\inf
2009-02-15 19:03:42 ----D---- C:\WINDOWS\WinSxS
2009-02-15 19:03:42 ----D---- C:\WINDOWS\twain_32
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Temp
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wins
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\wbem
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\usmt
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\spool
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Setup
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ras
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\oobe
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\npp
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\mui
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\Macromed
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\IME
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\icsxml
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\ias
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr-fr
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\fr
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\export
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\drivers
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\dhcp
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\config
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\3076
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\2052
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1054
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1042
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1041
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1037
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1036
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1033
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1031
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1028
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32\1025
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system32
2009-02-15 19:03:42 ----D---- C:\WINDOWS\system
2009-02-15 19:03:42 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-15 19:03:42 ----D---- C:\WINDOWS\security
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Resources
2009-02-15 19:03:42 ----D---- C:\WINDOWS\repair
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Provisioning
2009-02-15 19:03:42 ----D---- C:\WINDOWS\PeerNet
2009-02-15 19:03:42 ----D---- C:\WINDOWS\pchealth
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Network Diagnostic
2009-02-15 19:03:42 ----D---- C:\WINDOWS\mui
2009-02-15 19:03:42 ----D---- C:\WINDOWS\msapps
2009-02-15 19:03:42 ----D---- C:\WINDOWS\msagent
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Media
2009-02-15 19:03:42 ----D---- C:\WINDOWS\L2Schemas
2009-02-15 19:03:42 ----D---- C:\WINDOWS\java
2009-02-15 19:03:42 ----D---- C:\WINDOWS\ime
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Help
2009-02-15 19:03:42 ----D---- C:\WINDOWS\ehome
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Driver Cache
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Debug
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Cursors
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Connection Wizard
2009-02-15 19:03:42 ----D---- C:\WINDOWS\Config
2009-02-15 19:03:42 ----D---- C:\WINDOWS\AppPatch
2009-02-15 19:03:42 ----D---- C:\WINDOWS\addins
2009-02-15 19:03:42 ----D---- C:\WINDOWS
2009-02-15 18:54:31 ----D---- C:\Program Files\Microsoft Works
2009-02-15 18:54:00 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-15 18:54:00 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-02-15 18:53:30 ----D---- C:\Program Files\Microsoft.NET
2009-02-15 18:51:07 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-15 18:50:16 ----D---- C:\WINDOWS\SHELLNEW
2009-02-15 18:49:31 ----D---- C:\Program Files\Microsoft Office
2009-02-15 18:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-15 18:49:04 ----RHD---- C:\MSOCache
2009-02-15 18:47:56 ----D---- C:\Program Files\Mozilla Thunderbird
2009-02-15 18:47:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-02-15 18:47:28 ----D---- C:\Program Files\Mozilla Firefox
2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-15 18:47:09 ----A---- C:\WINDOWS\system32\java.exe
2009-02-15 18:46:42 ----D---- C:\Program Files\Java
2009-02-15 18:46:40 ----D---- C:\Program Files\Fichiers communs\Java
2009-02-15 18:46:34 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-02-15 18:44:55 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-02-15 18:44:55 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
2009-02-15 18:42:08 ----A---- C:\WINDOWS\system32\cmdow.exe
2009-02-15 18:39:46 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-15 18:39:01 ----RSD---- C:\WINDOWS\assembly
2009-02-15 18:39:01 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-15 18:38:47 ----A---- C:\WINDOWS\control.ini
2009-02-15 18:38:47 ----A---- C:\AUTOEXEC.BAT
2009-02-15 18:38:30 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-15 18:38:24 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-15 18:38:24 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-15 18:37:04 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-15 18:36:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-15 18:36:47 ----HD---- C:\Program Files\WindowsUpdate
2009-02-15 18:36:41 ----D---- C:\Program Files\Services en ligne
2009-02-15 18:36:20 ----D---- C:\WINDOWS\system32\DirectX
2009-02-15 18:36:10 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-15 18:36:08 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-15 18:36:07 ----A---- C:\WINDOWS\desktop.ini
2009-02-15 18:36:01 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-15 18:36:00 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-15 18:35:59 ----D---- C:\Program Files\Fichiers communs\Services
2009-02-15 18:35:56 ----SD---- C:\WINDOWS\Tasks
2009-02-15 18:35:56 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-15 18:35:55 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-02-15 18:35:51 ----D---- C:\WINDOWS\srchasst
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-15 18:35:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.685515.bak
2009-02-15 18:35:47 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.685390.bak
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-15 18:35:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-15 18:35:45 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-15 18:35:40 ----D---- C:\Program Files\Movie Maker
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-15 18:35:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-02-15 18:35:14 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-15 18:35:13 ----D---- C:\WINDOWS\system32\Restore
2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-15 18:35:13 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-15 18:35:12 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-15 18:35:11 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-15 18:35:07 ----D---- C:\Program Files\NetMeeting
2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-15 18:35:07 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-15 18:35:05 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-15 18:35:04 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-15 18:35:02 ----D---- C:\Program Files\Outlook Express
2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-15 18:35:02 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-15 18:35:01 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-15 18:34:54 ----D---- C:\Program Files\Fichiers communs\System
2009-02-15 18:33:50 ----D---- C:\Program Files\ComPlus Applications
2009-02-15 18:33:47 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-15 18:33:47 ----A---- C:\WINDOWS\vb.ini
2009-02-15 18:33:39 ----D---- C:\WINDOWS\Registration
2009-02-15 18:33:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-02-15 18:33:12 ----D---- C:\Program Files\Windows Media Player
2009-02-15 18:33:02 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-02-15 18:33:01 ----A---- C:\WINDOWS\system32\vb40032.dll
2009-02-15 18:33:00 ----A---- C:\WINDOWS\system32\ssleay32.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\openal32.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-02-15 18:32:59 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msvci70.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstkprp.dll
2009-02-15 18:32:58 ----A---- C:\WINDOWS\system32\msstdfmt.dll
2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71u.dll
2009-02-15 18:32:55 ----A---- C:\WINDOWS\system32\mfc71.dll
2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70u.dll
2009-02-15 18:32:54 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-02-15 18:32:53 ----A---- C:\WINDOWS\system32\libssl32.dll
2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libmmd.dll
2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libintl3.dll
2009-02-15 18:32:52 ----A---- C:\WINDOWS\system32\libiconv2.dll
2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\zlib1.dll
2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-02-15 18:32:51 ----A---- C:\WINDOWS\system32\cygwinb19.dll
2009-02-15 18:32:50 ----A---- C:\WINDOWS\system32\cygwin1.dll
2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\autoitx3.dll
2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl71.dll
2009-02-15 18:32:49 ----A---- C:\WINDOWS\system32\atl70.dll
2009-02-15 18:32:01 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-15 18:32:01 ----A---- C:\WINDOWS\system32\winfxdocobj.exe
2009-02-15 18:32:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-15 18:31:59 ----D---- C:\WINDOWS\wbem
2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-02-15 18:31:59 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-15 18:31:57 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-02-15 18:31:55 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-02-15 18:31:53 ----D---- C:\Program Files\Internet Explorer
2009-02-15 18:31:50 ----D---- C:\Program Files\MSN Gaming Zone
2009-02-15 18:31:50 ----A---- C:\WINDOWS\system32\write.exe
2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-15 18:31:40 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-15 18:31:39 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-15 18:31:32 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-15 18:31:31 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-15 18:31:30 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-15 18:31:29 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-15 18:31:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-15 18:31:21 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-15 18:31:20 ----D---- C:\Program Files\Windows NT
2009-02-15 18:31:20 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-15 18:31:19 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-02-15 18:31:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-15 18:31:17 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-15 18:31:16 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-15 18:31:15 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-15 18:31:15 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-15 18:31:14 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-15 18:31:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-15 18:31:12 ----D---- C:\WINDOWS\system32\Com
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-15 18:31:12 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-15 18:31:11 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-15 18:31:10 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-15 18:31:04 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-15 18:31:03 ----A---- C:\WINDOWS\system32\cmprops.dll
======List of files/folders modified in the last 1 months======
2009-02-15 19:22:11 ----A---- C:\WINDOWS\system.ini
2009-02-15 19:07:53 ----A---- C:\WINDOWS\system32\msxml3r.dll
2009-02-15 18:38:44 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-06-25 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-06-25 14720]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-15 226832]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-06-25 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2006-08-15 1287296]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-06-25 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-06-25 10368]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-06-25 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-06-25 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2915ABG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-29 288896]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-25 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-25 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-06-25 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-15 206088]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-06-25 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
-
alors apres avoir mis les 2 cles usb utilises, oui javais un autorun.inf sur l'une que jai degagé et sur les 2 winjpg.jpg ? c quoi ce truc la ? quoi qu'il en soit je lai shooté!
tu me conseil quoi com antivirus ? je remet kap 7 ?
-
oui je vient juste de rebrancher le reseau, je transferais tout les logs par cle usb a partir dun autre poste jusqu'a present...
comment puis la desinfecter ?
bizarrement le nouveau poste fraichement formate et equipe de AMB et Kasp 2009 eval na rien remarque...
tu pense qu'il est deja infecté ? (ca a pas l'air)
jai applique la commande regedit, elle a lair detre passé.
par contre les 2 "sc delete" ont pas l'air detre passé
edit : apres reboot tout semble aller pour le mieux!
merci bcp!
maintenant il faudrait que je nettoie le NC10 meme apres restore je suis persuade quil est infecté...
-
donc ya juste l'erreur winjpg.jpg au demarrage sinon les choses semblent s'arranger!
pour le NC10 malgres tous mes scans et rescan et combofix rien ny fait il faut bien un script personnalisé.
jai donc lancer une restauration a letat initial voir si ca le supprime et puis pour profiter de virus scan gratuit pendant 3 mois.
-
okay, en tout cas cest bien sympa de ta part!
rapport RSIT:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-15 22:27:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (15%) free of 130 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:38, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 9266 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
"D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War "
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf05ed0f-f9f0-11dd-baaa-001bfca3cfa9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2009-02-15 21:53:13 ----A---- C:\ComboFix.txt
2009-02-15 21:36:24 ----D---- C:\WINDOWS\temp
2009-02-15 20:51:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-15 20:43:56 ----D---- C:\Qoobox
2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store#
2009-02-15 17:48:40 ----SHD---- C:\Config.Msi
2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR
2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT
2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA
2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA
2009-02-15 14:40:07 ----D---- C:\VundoFix Backups
2009-02-15 14:40:07 ----A---- C:\VundoFix.txt
2009-02-15 12:38:11 ----D---- C:\rsit
2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro
2009-02-15 12:29:48 ----A---- C:\Boot.bak
2009-02-15 12:29:38 ----RASHD---- C:\cmdcons
2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe
2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT
2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU
2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games
2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid
2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA
======List of files/folders modified in the last 1 months======
2009-02-15 22:21:21 ----D---- C:\WINDOWS\Prefetch
2009-02-15 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-02-15 21:57:20 ----D---- C:\WINDOWS
2009-02-15 21:54:56 ----SHD---- C:\WINDOWS\Installer
2009-02-15 21:54:43 ----HD---- C:\WINDOWS\inf
2009-02-15 21:54:43 ----D---- C:\WINDOWS\system32\drivers
2009-02-15 21:54:26 ----D---- C:\WINDOWS\system32
2009-02-15 21:52:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-15 21:48:33 ----A---- C:\WINDOWS\system.ini
2009-02-15 21:47:45 ----SHD---- C:\WINDOWS\CSC
2009-02-15 21:47:34 ----D---- C:\Program Files\SuperCopier2
2009-02-15 21:46:37 ----D---- C:\WINDOWS\system32\config
2009-02-15 21:46:03 ----D---- C:\WINDOWS\AppPatch
2009-02-15 21:46:03 ----D---- C:\Program Files\Fichiers communs
2009-02-15 21:45:25 ----D---- C:\WINDOWS\system32\Restore
2009-02-15 21:44:55 ----SHD---- C:\System Volume Information
2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab
2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache
2009-02-15 16:50:44 ----D---- C:\Program Files\Mozilla Firefox
2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 16:16:39 ----D---- C:\Program Files\eMule
2009-02-15 15:48:44 ----RD---- C:\Program Files
2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump
2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug
2009-02-15 12:29:48 ----RASH---- C:\boot.ini
2009-02-15 11:53:44 ----D---- C:\Downloads
2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft
2009-02-11 18:45:16 ----D---- C:\Temp
2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet
2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI
2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP
2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX
2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly
2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS
2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft
2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 FNETDEVI;FNETDEVI; \??\C:\WINDOWS\system32\drivers\FNETDEVI.SYS []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-27 227344]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 adbjglnc;adbjglnc; C:\WINDOWS\system32\drivers\adbjglnc.sys []
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp []
S4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
-
!! oki pourra me servir pour la prochaine fois ! pour rajouter les objets a supprimer dans combofix tu te base sur le famaux rapport combot fix precedent ou sur le rapport RSIT?
il faut que je fasse de meme pour nettoyer le NC10 mais avec un script personnalisé..
Ouf Kaspersky 2009 sest reactivé en effet on avance a grand pas merci bcp!
jai pas encore ose remettre le cable reseau par contre..
pas de malware detectes dans MBAM :
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1599
Windows 5.1.2600 Service Pack 3
15/02/2009 22:05:30
mbam-log-2009-02-15 (22-05-30).txt
Type de recherche: Examen rapide
Eléments examinés: 63024
Temps écoulé: 4 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-
ComboFix 09-02-14.01 - Administrateur 2009-02-15 21:35:17.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1562 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
FILE ::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\windows\system32\win.exe
c:\windows\system32\winjpg.jpg
C:\winfile.jpg
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\systeme34
c:\windows\system32\systeme34\antivir.exe
c:\windows\system32\systeme34\logg.dat
c:\windows\system32\winjpg.jpg
C:\winfile.jpg
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 18:03 . 2009-02-15 18:03 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-15 18:03 . 2009-02-15 18:03 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-15 17:57 . 2009-02-15 17:57 <REP> d--hs---- C:\#GDATA.Trash.Store#
2009-02-15 17:15 . 2009-02-15 17:15 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-15 17:13 . 2009-02-15 17:13 <REP> d-------- c:\windows\ERUNT
2009-02-15 16:07 . 2009-02-15 16:29 1,105,952 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-15 16:07 . 2009-02-15 16:24 12,064 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-15 16:02 . 2009-02-15 16:02 68,296 --a------ c:\windows\system32\drivers\GRD.sys
2009-02-15 15:51 . 2009-02-15 15:51 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2009-02-15 15:49 . 2009-02-15 15:49 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2009-02-15 15:49 . 2009-02-15 15:49 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\G DATA
2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\Fichiers communs\G DATA
2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2009-02-15 14:40 . 2009-02-15 14:40 <REP> d-------- C:\VundoFix Backups
2009-02-15 12:38 . 2009-02-15 12:38 <REP> d-------- C:\rsit
2009-02-15 12:38 . 2009-02-15 20:17 <REP> d-------- c:\program files\trend micro
2009-02-15 12:33 . 2009-02-15 12:33 0 --a------ C:\OrbPVR.db
2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AVS4YOU
2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\AVS4YOU
2009-02-05 18:51 . 2009-02-05 18:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-03 19:37 . 2009-02-03 19:37 <REP> d-------- c:\program files\EA Games
2009-01-20 20:54 . 2009-01-20 20:54 8,192 --a------ c:\windows\REGLOCS.OLD
2009-01-18 13:07 . 2009-01-18 13:07 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-01-17 16:00 . 2009-01-17 16:00 <REP> d-------- c:\program files\DigiDNA
2009-01-17 16:00 . 2009-01-23 21:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneAid
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-15 18:17 --------- d-----w c:\program files\SuperCopier2
2009-02-15 17:03 --------- d-----w c:\program files\Kaspersky Lab
2009-02-15 16:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-15 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 15:16 --------- d-----w c:\program files\eMule
2009-02-11 17:11 --------- d-----w c:\program files\BitComet
2009-02-04 17:52 --------- d-----w c:\program files\WinSCP
2009-01-17 17:41 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-01-17 17:39 --------- d-----w c:\program files\DVDVideoSoft
2009-01-11 12:00 --------- d-----w c:\program files\iTunes
2009-01-11 12:00 --------- d-----w c:\program files\iPod
2009-01-11 12:00 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-11 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-11 11:59 --------- d-----w c:\program files\QuickTime Alternative
2009-01-11 11:57 --------- d-----w c:\program files\Bonjour
2009-01-11 11:54 --------- d-----w c:\program files\Apple Software Update
2009-01-10 16:55 --------- d-----w c:\program files\Empire Interactive
2009-01-09 20:17 --------- d-----w c:\program files\DxO Labs
2009-01-07 17:40 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 13:53 --------- d-----w c:\program files\Everest Poker
2009-01-03 03:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-03 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 03:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-21 13:46 --------- d-----w c:\program files\Java
2008-12-21 13:34 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-21 13:30 --------- d-----w c:\program files\AGEIA Technologies
2008-12-21 12:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 19:40 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2008-03-09 06:25 236 ----a-w c:\program files\Fichiers communs\dx.reg
2008-02-24 18:15 87,608 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe
2008-02-24 18:15 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
.
------- Sigcheck -------
2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\icon_TMP\wuauclt.exe
2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\system32\wuauclt.exe
2007-04-02 11:56 124376 5e5a6af2d6ff2d289414c53025fe2337 c:\windows\system_backup\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_20.56.33.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-15 20:37:48 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-04-13 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-04-02 c:\windows\system32\advpack.dll]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
"MSVideo"= CSvidcap.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\far cry 2\\bin\\FarCry2.exe"=
"d:\\far cry 2\\bin\\FC2Launcher.exe"=
"d:\\far cry 2\\bin\\FC2Editor.exe"=
"d:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21729:TCP"= 21729:TCP:BitComet 21729 TCP
"21729:UDP"= 21729:UDP:BitComet 21729 UDP
"8001:TCP"= 8001:TCP:BitComet 8001 TCP
"8001:UDP"= 8001:UDP:BitComet 8001 UDP
"8000:TCP"= 8000:TCP:BitComet 8000 TCP
"8000:UDP"= 8000:UDP:BitComet 8000 UDP
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-03-16 19572]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-02-24 19:14:59 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-02-24 34944]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S0 klbg;KlBg;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2008-04-26 1527900]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-03 38496]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2008-09-30 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2008-09-30 37440]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
uInternet Settings,ProxyOverride = *.local
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - .
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 21:38:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance]
"Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00,
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1372)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Orb Networks\Orb\bin\Orb.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-02-15 21:43:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-15 20:43:14
ComboFix2.txt 2009-02-15 20:33:25
ComboFix3.txt 2009-02-15 20:23:52
ComboFix4.txt 2009-02-15 19:57:28
ComboFix5.txt 2009-02-15 20:34:47
Avant-CF: 20 034 912 256 octets libres
Après-CF: 20,058,378,240 octets libres
274
donc si je comprend bien on est plus dans du dev la ! en gros l'elimination c'est au cas par cas...
au reboot jai un erreur, winjpg.jpg n'existe pas, cest mieux deja!
au demarrage de combo jai une erreur nci.. fichier inexistant
enfin je mapercoit que la restauration du systeme revient sans cesse, peux tu la desactiver pour de bon (de tte facon je ne men servirai jamais)
merci pour ton temps...
-
rapport combo.log :
ComboFix 09-02-14.01 - Administrateur 2009-02-15 20:45:25.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1647 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 20:43 . 2009-02-15 20:43 <REP> d-------- C:\32788R22FWJFW
2009-02-15 18:03 . 2009-02-15 18:03 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-15 18:03 . 2009-02-15 18:03 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-15 17:57 . 2009-02-15 17:57 <REP> d--hs---- C:\#GDATA.Trash.Store#
2009-02-15 17:15 . 2009-02-15 17:15 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-15 17:13 . 2009-02-15 17:13 <REP> d-------- c:\windows\ERUNT
2009-02-15 16:07 . 2009-02-15 16:29 1,105,952 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-15 16:07 . 2009-02-15 16:24 12,064 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-15 16:07 . 2009-02-15 16:07 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-15 16:02 . 2009-02-15 16:02 68,296 --a------ c:\windows\system32\drivers\GRD.sys
2009-02-15 15:51 . 2009-02-15 15:51 50,888 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2009-02-15 15:49 . 2009-02-15 15:49 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2009-02-15 15:49 . 2009-02-15 15:49 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\G DATA
2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\program files\Fichiers communs\G DATA
2009-02-15 15:48 . 2009-02-15 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2009-02-15 14:40 . 2009-02-15 14:40 <REP> d-------- C:\VundoFix Backups
2009-02-15 12:38 . 2009-02-15 12:38 <REP> d-------- C:\rsit
2009-02-15 12:38 . 2009-02-15 20:17 <REP> d-------- c:\program files\trend micro
2009-02-15 12:33 . 2009-02-15 12:33 0 --a------ C:\OrbPVR.db
2009-02-15 12:06 . 2009-02-15 17:00 <REP> d-------- c:\windows\system32\systeme34
2009-02-14 20:50 . 2009-02-15 17:06 412,906 -rahs---- c:\windows\system32\winjpg.jpg
2009-02-14 20:50 . 2009-02-15 17:06 412,902 -rahs---- C:\winfile.jpg
2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-11 19:11 . 2009-02-11 19:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\AVS4YOU
2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2009-02-11 19:10 . 2009-02-11 19:11 <REP> d-------- c:\program files\AVS4YOU
2009-02-05 18:51 . 2009-02-05 18:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-03 19:37 . 2009-02-03 19:37 <REP> d-------- c:\program files\EA Games
2009-01-20 20:54 . 2009-01-20 20:54 8,192 --a------ c:\windows\REGLOCS.OLD
2009-01-18 13:07 . 2009-01-18 13:07 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-01-17 16:00 . 2009-01-17 16:00 <REP> d-------- c:\program files\DigiDNA
2009-01-17 16:00 . 2009-01-23 21:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\TuneAid
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 18:17 --------- d-----w c:\program files\SuperCopier2
2009-02-15 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-15 17:03 --------- d-----w c:\program files\Kaspersky Lab
2009-02-15 16:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-15 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 15:16 --------- d-----w c:\program files\eMule
2009-02-11 17:11 --------- d-----w c:\program files\BitComet
2009-02-04 17:52 --------- d-----w c:\program files\WinSCP
2009-01-17 17:41 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-01-17 17:39 --------- d-----w c:\program files\DVDVideoSoft
2009-01-11 12:00 --------- d-----w c:\program files\iTunes
2009-01-11 12:00 --------- d-----w c:\program files\iPod
2009-01-11 12:00 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-11 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-11 11:59 --------- d-----w c:\program files\QuickTime Alternative
2009-01-11 11:57 --------- d-----w c:\program files\Bonjour
2009-01-11 11:54 --------- d-----w c:\program files\Apple Software Update
2009-01-10 16:55 --------- d-----w c:\program files\Empire Interactive
2009-01-09 20:17 --------- d-----w c:\program files\DxO Labs
2009-01-07 17:40 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 13:53 --------- d-----w c:\program files\Everest Poker
2009-01-03 03:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-03 03:37 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 03:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-12-21 13:46 --------- d-----w c:\program files\Java
2008-12-21 13:34 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-21 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-21 13:30 --------- d-----w c:\program files\AGEIA Technologies
2008-12-21 12:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 19:40 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
2008-03-09 06:25 236 ----a-w c:\program files\Fichiers communs\dx.reg
2008-02-24 18:15 87,608 ----a-w c:\documents and settings\Administrateur\Application Data\ezpinst.exe
2008-02-24 18:15 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
.
------- Sigcheck -------
2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\icon_TMP\wuauclt.exe
2008-04-13 18:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\ServicePackFiles\i386\wuauclt.exe
2007-04-02 11:56 125912 8471a49628e9d70c39383605cff191b4 c:\windows\system32\wuauclt.exe
2007-04-02 11:56 124376 5e5a6af2d6ff2d289414c53025fe2337 c:\windows\system_backup\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"CTFMON"="c:\windows\system32\wscript.exe" [2008-04-13 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-12-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-04-02 c:\windows\system32\advpack.dll]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\0w.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6fnlpetp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6x8be16.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2cmd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2upd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abk.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Adobe Gamma Loader.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algsrvs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algssl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Angry.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antihost.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu-0607g.xml]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu.stt]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswBoot.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.bin]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Autorun.ini]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.reg]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.txt]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.wsh]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunsc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastSS.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avciman.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgamsvr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupsvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avzkrnl.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad1.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad2.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad3.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BIOSREAD.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caiss.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caissdt.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\catcache.dat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauninst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavApp.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavasm.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavAUD.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCmd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCtx.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavEmSrv.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavmr.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavMUD.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavoar.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavQ.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRep.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRid.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSCons.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavse.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSn.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSub.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSubmit.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUMAS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUserUpd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavvl.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CEmRep.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahcomm.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahrule.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahum.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clldr.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMain.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\curidsbase.kdz]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\destrukto.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DF5Serv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\diffs.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32w.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb386.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebwcl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwreg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e9ehn1m8.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\edb.chk]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMDISK.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f0.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileKan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\flashy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fptrayproc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE ]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FrzState2k.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fs6519.dll.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssf.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssync.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\g2pfnid.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GetSI.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff_x64.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\h3.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hookinst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\i.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iefqwp.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ij.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstallCAVS.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstLsp.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafe.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafInst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav.bav]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavbase.kdl]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ker.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KeyMgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killVBS.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kl1.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klavemu.kdl]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.cat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.cat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klim5.sys]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.ex]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licreg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lky.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\m2nl.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcappins.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcaupdate.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinfo.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinsupd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcregwiz.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mctray.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdmgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdui.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsftsn.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsmap.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.pif]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfir80.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSGrc32.vbs]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msime80.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msizap.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcm80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcp80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr71.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr80.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd3.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\naiavfin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\new folder.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\njibyekk.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\olb1iimw.bat]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OnAccessInstaller.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagent.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagentwd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavReport.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prloader.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHost.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskmssvc.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QtnMaint.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcukd.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reload.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescuecd.zip]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sal.xls.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHOST.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhosts.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHSOT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHOST.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvvhosts.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHSOT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SendLogs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\session.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SocksA.ex]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOCFG.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOLITE.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSCAN.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSENT.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidercpl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssvichosst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UdaterUI.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\unp_test.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\update.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updater.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSDbMaker.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userdump.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UUpd.EXE]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\v.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Act.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ECM.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ifs.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32PP3.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Qtn.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbglobal.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbimport.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbinst.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbscan.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbsystry.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VetMsg.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusutilities.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VsTskMgr.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whi.com]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinGrc32.dll]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yannh.cmd]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ybj8df.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\far cry 2\\bin\\FarCry2.exe"=
"d:\\far cry 2\\bin\\FC2Launcher.exe"=
"d:\\far cry 2\\bin\\FC2Editor.exe"=
"d:\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21729:TCP"= 21729:TCP:BitComet 21729 TCP
"21729:UDP"= 21729:UDP:BitComet 21729 UDP
"8001:TCP"= 8001:TCP:BitComet 8001 TCP
"8001:UDP"= 8001:UDP:BitComet 8001 UDP
"8000:TCP"= 8000:TCP:BitComet 8000 TCP
"8000:UDP"= 8000:UDP:BitComet 8000 UDP
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [2008-03-16 19572]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-02-24 19:14:59 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-02-24 34944]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S0 klbg;KlBg;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2008-04-26 1527900]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-03 38496]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2008-09-30 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2008-09-30 37440]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fccf6042-e620-11dc-b5ee-001bfca3cfa9}]
\Shell\AutoRun\command - xeekrd.exe
\Shell\explore\Command - xeekrd.exe
\Shell\open\Command - xeekrd.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-regdiit - c:\windows\system32\win.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
uInternet Settings,ProxyOverride = *.local
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
---- PARAMETRES FIREFOX ----
FF - user.js: general.useragent.extra.zencast - .
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 20:52:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance]
"Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00,
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1380)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(676)
c:\program files\SuperCopier2\SC2Hook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Orb Networks\Orb\bin\Orb.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2009-02-15 20:57:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-15 19:57:23
ComboFix2.txt 2009-02-15 18:22:38
Avant-CF: 20 040 708 096 octets libres
Après-CF: 20,020,330,496 octets libres
763
sympa il en a elimine bcp mais ils reviennent..
jai une erreur quand je redemarre , winjpg.jpg vbs script error, je fais ok et apres seulement il me genere le log...
-
jai deja utilise combo fix max de fois ten fais pas je suis conscient des risques! dans mon boulot je passe mon temps a depanner des gens, cest le comble non ??
mais y ma pas resolu le probleme!
par contre lorsque je vais redemarrer apres lavoir lance je le redemarre en mode sans echec ou en mode normal ?
car si meme apres avoir lance combofix, lorsque il redemarre en mode normal im le met installation des nouveaux programmes (systeme34/antivir.exe)..
si tu savais combien de fois je lai lance ce soft, cest fou, il me les elimine bien mais tout revient tt de suite apres...
-
rapport pris sur le DESKTOP en MODE SANS ECHEC : info.txt
info.txt logfile of random's system information tool 1.05 2009-02-15 12:38:19
======Uninstall list======
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ACDSee 9 Gestionnaire de photos-->MsiExec.exe /I{91A06334-CB8D-422A-9699-251217674FD4}
Acronis Migrate Easy-->C:\Program Files\Acronis\MigrateEasy\MediaBuilder.exe -uninstall
Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Shockwave Player-->MsiExec.exe /X{43BFB9E2-169C-46A9-BB81-141A37FD9750}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audio Utilities Collection-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\AEncoder.inf,AEncUninstall
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BitComet 0.85-->C:\Program Files\BitComet\uninst.exe
BMO WORLD 4.4.1-->"C:\Program Files\bmoworld\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty® - World at War 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Camtasia Studio 5-->MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Correctif Lecteur Windows Media 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DirectX10 RC2 Pre Fix 3-->"C:\WINDOWS\system32\unins000.exe"
DVD Decrypter 3.5.4.0-->MsiExec.exe /I{6406E9DB-A9E0-4DB8-A3A8-ED86959AD481}
DVDFab Platinum 3.0.5.5-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
eMule Plus 1.2b-->"C:\Program Files\eMule\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
FAT32 Format-->C:\PROGRAM FILES\FAT32 Format\Uninstall.EXE
Firebird SQL Server - MAGIX Edition (F)-->C:\MAGIX\Common\Database\uninstall.exe
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlatOut Ultimate Carnage-->C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Free Video to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free YouTube to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPhone Converter\unins000.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
HashTab Shell Extension 1.11 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
hp deskjet 5100 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 5100 series
ImTOO iPhone Video Converter-->C:\Program Files\ImTOO\iPhone Video Converter 3\Uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Development Kit 5.0 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150110}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
MAGIX Music Manager 2006 (F)-->C:\MAGIX\Music_Manager_2006\instslct.exe
MAGIX Photo Clinic 4.5 (F)-->C:\MAGIX\Photo_Clinic_45\instslct.exe
MAGIX Photo Manager 2006 (F)-->C:\MAGIX\Photo_Manager_2006\instslct.exe
MAGIX Photos sur CD & DVD 5.0 deluxe (F)-->C:\MAGIX\Photos_sur_CD_DVD_5_dlx\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5)-->C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fr)"
MSFN Codec Pack 3.0-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\codec.inf, DefaultUninstall,3
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{025B7033-5D4A-4B72-A1C2-84BE4BE2F72F}
Nero 7 Lite 7.7.5.1-->"C:\Program Files\Nero\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Orb-->"C:\Program Files\Orb Networks\Orb\uninstall.exe"
Paint.NET v3.05-->MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}
PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x40c
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime Alternative 1.78-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
TMPGEnc Plus 2.5-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Touchpad Media Server-->MsiExec.exe /I{747FD696-E5F7-4265-AD03-AD9C9F93E796}
TuneAid 3.04-->"C:\Program Files\DigiDNA\TuneAid\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
System event log
Computer Name: SWEET-AAD6E4A0D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrB.
Record Number: 5424
Source Name: Service Control Manager
Time Written: 20081126214636.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: SWEET-AAD6E4A0D
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service PnkBstrB.
Record Number: 5423
Source Name: Service Control Manager
Time Written: 20081126214635.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: SWEET-AAD6E4A0D
Event Code: 7036
Message: Le service PnkBstrB est entré dans l'état : arrêté.
Record Number: 5422
Source Name: Service Control Manager
Time Written: 20081126214635.000000+060
Event Type: Informations
User:
Computer Name: SWEET-AAD6E4A0D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrK.
Record Number: 5421
Source Name: Service Control Manager
Time Written: 20081126214622.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: SWEET-AAD6E4A0D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service PnkBstrB.
Record Number: 5420
Source Name: Service Control Manager
Time Written: 20081126214616.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Application event log
Computer Name: SWEET-AAD6E4A0D
Event Code: 701
Message: msnmsgr (980) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\louloutch_94@hotmail.com\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db'.
Record Number: 7904
Source Name: ESENT
Time Written: 20081224000018.000000+060
Event Type: Informations
User:
Computer Name: SWEET-AAD6E4A0D
Event Code: 700
Message: msnmsgr (980) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\louloutch_94@hotmail.com\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db'.
Record Number: 7903
Source Name: ESENT
Time Written: 20081224000018.000000+060
Event Type: Informations
User:
Computer Name: SWEET-AAD6E4A0D
Event Code: 102
Message: msnmsgr (980) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\louloutch_94@hotmail.com\SharingMetadata\Working\database_508C_32DB_8C32_BAF4\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 7902
Source Name: ESENT
Time Written: 20081223163840.000000+060
Event Type: Informations
User:
Computer Name: SWEET-AAD6E4A0D
Event Code: 100
Message: msnmsgr (980) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 7901
Source Name: ESENT
Time Written: 20081223163840.000000+060
Event Type: Informations
User:
Computer Name: SWEET-AAD6E4A0D
Event Code: 101
Message: msnmsgr (980) Le moteur de base de données est arrêté.
Record Number: 7900
Source Name: ESENT
Time Written: 20081223163818.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime Alternative\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=D:\Rockstar Games\Rockstar Games Social Club
"RGSC"=D:\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-15 20:17:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 19 GB (15%) free of 130 GB
Total RAM: 2047 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:58, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211729988828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 8008 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll [2007-03-19 398912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-18 1185264]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-18 1961576]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-02 13680640]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-02 86016]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"CTFMON"=C:\WINDOWS\system32\wscript.exe [2008-04-13 155648]
"regdiit"=C:\WINDOWS\system32\win.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"Orb"=C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [2008-04-01 507904]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-01-09 3321856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-04-02 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\far cry 2\bin\FarCry2.exe"="D:\far cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\far cry 2\bin\FC2Launcher.exe"="D:\far cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\far cry 2\bin\FC2Editor.exe"="D:\far cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
"D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War "
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b237bbb6-03cb-11dd-ba26-001bfca3cfa9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de0b1f3c-21d6-11dd-ba37-001bfca3cfa9}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fccf6042-e620-11dc-b5ee-001bfca3cfa9}]
shell\AutoRun\command - xeekrd.exe
shell\explore\command - xeekrd.exe
shell\open\command - xeekrd.exe
======List of files/folders created in the last 1 months======
2009-02-15 19:33:56 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-15 19:25:37 ----SHD---- C:\RECYCLER
2009-02-15 19:22:38 ----A---- C:\ComboFix.txt
2009-02-15 17:57:55 ----SHD---- C:\#GDATA.Trash.Store#
2009-02-15 17:48:40 ----SHD---- C:\Config.Msi
2009-02-15 17:23:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WinRAR
2009-02-15 17:13:12 ----D---- C:\WINDOWS\ERUNT
2009-02-15 15:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-02-15 15:48:44 ----D---- C:\Program Files\G DATA
2009-02-15 15:48:44 ----D---- C:\Program Files\Fichiers communs\G DATA
2009-02-15 15:09:14 ----D---- C:\SDFix
2009-02-15 14:57:36 ----D---- C:\WINDOWS\temp
2009-02-15 14:40:07 ----D---- C:\VundoFix Backups
2009-02-15 14:40:07 ----A---- C:\VundoFix.txt
2009-02-15 12:38:11 ----D---- C:\rsit
2009-02-15 12:38:11 ----D---- C:\Program Files\trend micro
2009-02-15 12:29:48 ----A---- C:\Boot.bak
2009-02-15 12:29:38 ----RASHD---- C:\cmdcons
2009-02-15 12:28:29 ----A---- C:\WINDOWS\zip.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\VFIND.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWSC.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\SWREG.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\sed.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\grep.exe
2009-02-15 12:28:29 ----A---- C:\WINDOWS\fdsv.exe
2009-02-15 12:27:07 ----D---- C:\WINDOWS\ERDNT
2009-02-15 12:27:07 ----D---- C:\Qoobox
2009-02-15 12:06:43 ----D---- C:\WINDOWS\system32\systeme34
2009-02-11 19:11:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU
2009-02-11 19:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-02-11 19:10:54 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-02-11 19:10:54 ----D---- C:\Program Files\AVS4YOU
2009-02-05 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-02-03 19:37:15 ----D---- C:\Program Files\EA Games
2009-01-18 13:07:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-01-17 16:00:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\TuneAid
2009-01-17 16:00:10 ----D---- C:\Program Files\DigiDNA
======List of files/folders modified in the last 1 months======
2009-02-15 19:33:56 ----D---- C:\WINDOWS
2009-02-15 19:22:43 ----D---- C:\WINDOWS\system32\drivers
2009-02-15 19:22:43 ----D---- C:\WINDOWS\system32
2009-02-15 19:22:43 ----D---- C:\WINDOWS\Prefetch
2009-02-15 19:21:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-15 19:18:04 ----A---- C:\WINDOWS\system.ini
2009-02-15 19:17:11 ----SHD---- C:\WINDOWS\CSC
2009-02-15 19:17:00 ----D---- C:\Program Files\SuperCopier2
2009-02-15 19:15:35 ----D---- C:\WINDOWS\system32\config
2009-02-15 19:15:13 ----D---- C:\WINDOWS\AppPatch
2009-02-15 19:15:11 ----D---- C:\Program Files\Fichiers communs
2009-02-15 19:14:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-02-15 18:32:22 ----SHD---- C:\WINDOWS\Installer
2009-02-15 18:32:01 ----HD---- C:\WINDOWS\inf
2009-02-15 18:03:24 ----D---- C:\Program Files\Kaspersky Lab
2009-02-15 17:41:22 ----SHD---- C:\System Volume Information
2009-02-15 17:41:22 ----D---- C:\WINDOWS\system32\Restore
2009-02-15 17:36:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-15 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-15 17:15:32 ----D---- C:\WINDOWS\system32\dllcache
2009-02-15 16:50:44 ----D---- C:\Program Files\Mozilla Firefox
2009-02-15 16:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-15 16:16:39 ----D---- C:\Program Files\eMule
2009-02-15 15:48:44 ----RD---- C:\Program Files
2009-02-15 15:24:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-15 14:41:42 ----D---- C:\WINDOWS\Minidump
2009-02-15 14:41:42 ----D---- C:\WINDOWS\Debug
2009-02-15 12:29:48 ----RASH---- C:\boot.ini
2009-02-15 11:53:44 ----D---- C:\Downloads
2009-02-11 19:46:36 ----D---- C:\DVDVideoSoft
2009-02-11 18:45:16 ----D---- C:\Temp
2009-02-11 18:11:44 ----D---- C:\Program Files\BitComet
2009-02-07 15:06:23 ----A---- C:\WINDOWS\avisplitter.INI
2009-02-04 18:52:46 ----D---- C:\Program Files\WinSCP
2009-02-03 19:37:15 ----D---- C:\WINDOWS\system32\DirectX
2009-02-03 19:37:07 ----RSD---- C:\WINDOWS\assembly
2009-01-18 13:06:56 ----D---- C:\WINDOWS\WinSxS
2009-01-17 18:41:39 ----D---- C:\Program Files\Fichiers communs\DVDVideoSoft
2009-01-17 18:39:01 ----D---- C:\Program Files\DVDVideoSoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-04-02 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-24 10368]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 Sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600]
S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
S1 FNETDEVI;FNETDEVI; \??\C:\WINDOWS\system32\drivers\FNETDEVI.SYS []
S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
S2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-24 39264]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 arly6d5y;arly6d5y; C:\WINDOWS\system32\drivers\arly6d5y.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 34944]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-02 6209536]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-24 47360]
S3 PsSdk31;PsSdk31; \??\C:\WINDOWS\system32\Drivers\pssdk31.drv []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.drv []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-02 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-04-02 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-21 152984]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-02 163908]
S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
merci pour la rapidite de la reponse tes un robot ou quoi ?? lol
-
PS: je precise que tous les systemes XP sont a jour
-
Bonjour,
et tout dabord pour tous les bons conseils de ce site, vraiment pratique.
Alors voila, je viens a vous car ca va faire un week end entier que je me bat contre le vers backdoor.win32.bifrose qui a maintenant infecté 3 de mes postes.
un LAPTOP LG Centrino equipe de winXP (avast, vous allez me dire cest normal)
un NC10 samsung (virus scan, deja cest moins normal!)
un desktop core2DUO equipe de winxp pro (Kaspersky 7 a jour)
jai suivi la procedure de Malekal a la lettre en utilisant CCLEANER, MBAM, SDFIX,COMBOFIX, AVIRA + desactivation restau systeme)
mais malgres cela des que je redemarre et relance un scan MBAM, il me retrouve 130 infections de la base de registre (security hijack), je les elimine (deja ca prend 30 min) pour finir par une belle erreur winfile32.jpg bs script error et la impossible dacceder a la base de registre ou au gestionnaire des taches.
je me remet en mode sans echec et refais toute la desinfection mais toujours le meme probleme lorsque je retourne en mode normal!!
Je precise que il ny a aucun support de stockage branche ni meme de connexion reseau!
comment peut il revenir sans cesse ca me depasse!
donc jai restaure le NC10 avec backup initial mais le virus revient sans cesse (pour info cest c:/win.exe et c:/systeme34/antivir.exe qui est touche).
jai formatte le LAPTOP LG et la tout semble ok
malheureusement je ne peux pas me permettre de formatter le DESKTOP, jai un maximum de donnee+ serveur virtuel stocke dessus..
Je cherche donc une solution pour eradiquer une fois pour toute ce vers, je sais que la tache n'est pas aisé mais dans l'info rien n'est impossible...
personnelement, j'ai deja combattu bcp de vers (je bosse ds une boite dinfo, chercher l'erreur!!!)
je precise que sur le NC10, je lance INTERNET EXPLORER et jai un magnifique Hacked by proster et une belle page d'accueil en arabe...
sur le desktop, si je tente de telecharger nimporte quel fichier dans IE ou Firefox, ca me met impossible de sauvegarder le fichier, vous n'avez pas les droits...
voila desole pour le monologue, si vous avez besoin de plus de detail , n'hesitez pas, si vous avez une solution je suis preneur!!
Ce qui m'intrigue cest comment fait il pour revenir sans cesse et comment Kaspersky 7 ne l'a pas bloque avant l'infection ???
merci d'avance a la bonne ame qui trouvera la solution
alfa
infection backdoor.win32.bifrose (ou pas)
dans Analyses et éradication malwares
Posté(e)
nop pas un windows Trust...
qu'en dis tu il a l'air infecté ?