P0rto
-
Compteur de contenus
19 -
Inscription
-
Dernière visite
P0rto's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Ok c'est fait! J'ai aussi laissé mon témoignage sur Malware Complaints, dans la section Canada Franco. J'en profite pour te remercier pour ta patience, tes explications claires, ta rigueur et tout le temps que tu as passé à m'aider. Seule, je n'y serais certainement pas arrivée. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Non, pas de souci avec la suppression des différents outils, des points de restauration, etc. J'en ai même profité pour désinstaller quelques logiciels inutilisés qui trainaient. Par contre une question: Qu'est-ce que je fais avec le dossier C:\Qoobox? Corbeille? Il semble que ce soit des restants de fichiers de quarantaine de Combofix. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Bon matin Voici le rapport de Javara. En passant merci beaucoup pour ce petit logiciel. Il y a longtemps de cela j'avais voulu désinstaller une vieille version de Java (sur un autre ordi) et j'avais rendu Java inutilisable. Cela dit, en toute fin de processus, Javara a planté. Mais le rapport était fait et complet. JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Mar 28 21:10:54 2009 Found and removed: C:\Program Files\Java\j2re1.4.2_03 Found and removed: C:\Program Files\Java\jre1.5.0_10 Found and removed: C:\Program Files\Java\jre1.6.0 Found and removed: C:\Program Files\Java\jre1.6.0_01 Found and removed: C:\Program Files\Java\jre1.6.0_02 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\JavaPlugin.160 Found and removed: SOFTWARE\Classes\JavaPlugin.160_01 Found and removed: SOFTWARE\Classes\JavaPlugin.160_02 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Classes\JavaPlugin.142_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\JavaPlugin.142_03 Found and removed: Software\Classes\JavaPlugin.160 Found and removed: Software\Classes\JavaPlugin.160_01 Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: Software\JavaSoft\Java2D\1.6.0_01 Found and removed: Software\JavaSoft\Java2D\1.6.0_02 Found and removed: Software\JavaSoft\Java2D\1.6.0_03 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Mar 28 21:12:49 2009 ------------------------------------ Finished reporting. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
L'analyse en ligne plante (écran bleu causé par klif.sys). Il semble y avoir conflit entre Kaspersky en ligne et le logiciel Kaspersky sur mon ordi. J'ai réussi l'analyse en ligne en safe mode avec accès réseau. Tout est beau. Aucune trace de worm.win32.autorun.lut dans les fichiers thunderbird. J'oubliais! Pas de trouble pour supprimer le fichier nkq.dql ni pour vider la corbeille. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Fichier nkq.dql reçu le 2009.03.28 19:44:08 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.28 - AhnLab-V3 5.0.0.2 2009.03.28 - AntiVir 7.9.0.129 2009.03.27 - Antiy-AVL 2.0.3.1 2009.03.28 - Authentium 5.1.2.4 2009.03.27 - Avast 4.8.1335.0 2009.03.27 - AVG 8.5.0.285 2009.03.28 - BitDefender 7.2 2009.03.28 - CAT-QuickHeal 10.00 2009.03.28 - ClamAV 0.94.1 2009.03.28 - Comodo 1087 2009.03.28 - DrWeb 4.44.0.09170 2009.03.28 - eSafe 7.0.17.0 2009.03.27 - eTrust-Vet 31.6.6421 2009.03.27 - F-Prot 4.4.4.56 2009.03.27 - F-Secure 8.0.14470.0 2009.03.28 - Fortinet 3.117.0.0 2009.03.28 - GData 19 2009.03.28 - Ikarus T3.1.1.48.0 2009.03.28 - K7AntiVirus 7.10.684 2009.03.28 - Kaspersky 7.0.0.125 2009.03.28 - McAfee 5567 2009.03.28 - McAfee+Artemis 5567 2009.03.28 - McAfee-GW-Edition 6.7.6 2009.03.28 - Microsoft 1.4502 2009.03.28 - NOD32 3972 2009.03.28 - Norman 6.00.06 2009.03.27 - nProtect 2009.1.8.0 2009.03.28 - Panda 10.0.0.10 2009.03.28 - PCTools 4.4.2.0 2009.03.28 - Prevx1 V2 2009.03.28 - Rising 21.22.52.00 2009.03.28 - Sophos 4.40.0 2009.03.28 - Sunbelt 3.2.1858.2 2009.03.28 - Symantec 1.4.4.12 2009.03.28 - TheHacker 6.3.3.8.294 2009.03.28 - TrendMicro 8.700.0.1004 2009.03.28 - VBA32 3.12.10.1 2009.03.27 - ViRobot 2009.3.27.1666 2009.03.27 - Information additionnelle File size: 1024 bytes MD5...: f048f160bdd2d6d84b1af78c60088946 SHA1..: cd997af8f9481872ae7c2117453ea95b566cb86b SHA256: 4e9406dfe5d6f545d0ac2ce954c389422480218a0426d4c3744c6916d094bad3 SHA512: 0c92c35f10353e4d1b94fbd5f5513e40641736b37927987722a128ed986acf7a<br>b38c765793cd4a98b8378298644e28f1f73c51cafc3f970101d7356765f30b74 ssdeep: 3:5dlX:Dl<br> PEiD..: - TrID..: File type identification<br>Memo File Apollo Database Engine (35.3%)<br>Lumena CEL bitmap (25.3%)<br>Corel Photo Paint (16.4%)<br>VXD Driver (12.4%)<br>Sybase iAnywhere database files (7.6%) PEInfo: - RDS...: NSRL Reference Data Set<br>- Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.28 - AhnLab-V3 5.0.0.2 2009.03.28 - AntiVir 7.9.0.129 2009.03.27 - Antiy-AVL 2.0.3.1 2009.03.28 - Authentium 5.1.2.4 2009.03.27 - Avast 4.8.1335.0 2009.03.27 - AVG 8.5.0.285 2009.03.28 - BitDefender 7.2 2009.03.28 - CAT-QuickHeal 10.00 2009.03.28 - ClamAV 0.94.1 2009.03.28 - Comodo 1087 2009.03.28 - DrWeb 4.44.0.09170 2009.03.28 - eSafe 7.0.17.0 2009.03.27 - eTrust-Vet 31.6.6421 2009.03.27 - F-Prot 4.4.4.56 2009.03.27 - F-Secure 8.0.14470.0 2009.03.28 - Fortinet 3.117.0.0 2009.03.28 - GData 19 2009.03.28 - Ikarus T3.1.1.48.0 2009.03.28 - K7AntiVirus 7.10.684 2009.03.28 - Kaspersky 7.0.0.125 2009.03.28 - McAfee 5567 2009.03.28 - McAfee+Artemis 5567 2009.03.28 - McAfee-GW-Edition 6.7.6 2009.03.28 - Microsoft 1.4502 2009.03.28 - NOD32 3972 2009.03.28 - Norman 6.00.06 2009.03.27 - nProtect 2009.1.8.0 2009.03.28 - Panda 10.0.0.10 2009.03.28 - PCTools 4.4.2.0 2009.03.28 - Prevx1 V2 2009.03.28 - Rising 21.22.52.00 2009.03.28 - Sophos 4.40.0 2009.03.28 - Sunbelt 3.2.1858.2 2009.03.28 - Symantec 1.4.4.12 2009.03.28 - TheHacker 6.3.3.8.294 2009.03.28 - TrendMicro 8.700.0.1004 2009.03.28 - VBA32 3.12.10.1 2009.03.27 - ViRobot 2009.3.27.1666 2009.03.27 - Information additionnelle File size: 1024 bytes MD5...: f048f160bdd2d6d84b1af78c60088946 SHA1..: cd997af8f9481872ae7c2117453ea95b566cb86b SHA256: 4e9406dfe5d6f545d0ac2ce954c389422480218a0426d4c3744c6916d094bad3 SHA512: 0c92c35f10353e4d1b94fbd5f5513e40641736b37927987722a128ed986acf7a<br>b38c765793cd4a98b8378298644e28f1f73c51cafc3f970101d7356765f30b74 ssdeep: 3:5dlX:Dl<br> PEiD..: - TrID..: File type identification<br>Memo File Apollo Database Engine (35.3%)<br>Lumena CEL bitmap (25.3%)<br>Corel Photo Paint (16.4%)<br>VXD Driver (12.4%)<br>Sybase iAnywhere database files (7.6%) PEInfo: - RDS...: NSRL Reference Data Set<br>- -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
SystemLook a trouvé un "ami" SystemLook v1.0 by jpshortstuff (02.03.09) Log created at 13:59 on 28/03/2009 by Melanie (Administrator - Elevation successful) ========== filefind ========== Searching for "*.dql" C:\Documents and Settings\Melanie\Local Settings\nkq.dql --a--- 1024 bytes [19:03 19/08/2004] [02:33 14/04/2008] F048F160BDD2D6D84B1AF78C60088946 -=End Of File=- -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
J'ai fait le compactage de ma corbeille Thunderbird Pendant que je téléchargeais Kaspersky on-line pour vérifier la disparition du fichier, j'ai eu un écran bleu en raison du fichier "Klif.sys" (qui est un fichier de Kaspersky, apparemment, selon ce que j'ai lu rapido). Ma boîte "trash" est vide par contre dans le dossier C:\Documents and Settings\******\Application Data\Thunderbird\Profiles\*********\Mail\Local Folders\. Alors on peut quand même supposer que c'est parti. Bref, je fais l'autre truc à l'instant. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
J'ai fait del.reg J'ai lancé MBAM. Voici le rapport: Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1910 Windows 5.1.2600 Service Pack 3 2009-03-28 11:33:10 mbam-log-2009-03-28 (11-33-10).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 438836 Temps écoulé: 2 hour(s), 0 minute(s), 55 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ********************** J'ai aussi fait un scan antivirus complet avec Kaspersky on-line. Il a relevé que wormwin32autorunlut était présent dans le trash de thunderbird. J'ai fait un scan complet de nuit avec Antivir et il n'a rien détecté sur mon ordi. J'ai désinstallé Antivir et installé la version complète d'essai de Kaspersky (puisque la version on-line détecte qqch) et il n'a rien détecté ni réparé dans le dossier trash. Alors je me demande si je ne devrais pas réessayer de supprimer le Trash de Thunderbird et si oui quelle serait la meilleure façon de faire. ********************** Pour ce qui est de Fixwareout Ce n'est pas moi qui ai fait le téléchargement, c'est mon copain. Il dit avoir trouvé ça sur un forum d'aide anglo (pcpitstop), mais que les liens n'étaient plus bons alors il a recherché et téléchargé à partir de Google, d'un endroit qui lui semblait ok, mais bon...Une chose est certaine, les problèmes existaient avant qu'on essaie fixwareout (incluant l'impossibilité d'en savoir davantage sur combofix en faisant une recherche sur google), mais dur de savoir si c'est ça qui interrompait l'installation Combofix. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Allo! Il s'est passé quelque chose de weird. Comme si "la bête" s'était subitement retiré de mon ordi. Hier soir, n'étant pas capable de télécharger Combofix, j'avais essayé Fixwareout que mon copain avait téléchargé. Cela n'avait pas fonctionné. Au reboot, rien ne s'était passé. Mais tantôt, lors d'un énième reboot, fixewareout s'est réanimé et a produit un rapport. J'en ai donc profité pour réanimer Combofix et cela a fonctionné. Je te mets donc les 2 rapports ci-bas. Pour le moment, je n'ai plus de symptômes sur internet. J'attends ton avis et tes suggestions pour la suite. Fixwareout Username "Melanie" - 2009-03-26 21:39:23 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Cache de résolution DNS vidé. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "SigmatelSysTrayApp"="stsystra.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "Adobe Acrobat Speed Launcher"="\"C:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe\"" "Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe\"" "ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "PowerBar"="" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ COMBOFIX ComboFix 09-03-26.03 - Melanie 2009-03-27 20:21:10.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.582 [GMT -4:00] Lancé depuis: C:\Combo-Fix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Melanie\Application Data\inst.exe ----- BITS: Il y a peut-être des sites infectés ----- hxxp://sunmicro.ht.rd.llnw.net . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-28 )))))))))))))))))))))))))))))))))))) . 2009-03-27 18:42 . 2009-03-27 18:42 2,936,485 --a------ C:\comb.com 2009-03-27 16:31 . 2009-03-27 18:17 <REP> d-------- C:\Rooter$ 2009-03-27 16:11 . 2009-03-27 16:12 <REP> d-------- C:\rsit 2009-03-27 15:33 . 2009-03-27 15:37 <REP> d-------- C:\Load-CF 2009-03-27 15:23 . 2009-03-27 15:23 2,936,485 -ra------ C:\Combo-Fix.exe 2009-03-27 10:19 . 2009-03-27 10:16 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-03-27 10:16 . 2009-03-27 10:20 <REP> d-------- c:\documents and settings\Melanie\.housecall6.6 2009-03-26 21:46 . 2009-03-26 21:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-03-26 16:11 . 2009-03-26 16:11 <REP> d-------- c:\program files\Trend Micro 2009-03-26 13:55 . 2009-03-26 13:55 <REP> d-------- c:\program files\Malwarebytes 2009-03-26 13:55 . 2009-03-26 13:55 <REP> d-------- c:\documents and settings\Melanie\Application Data\Malwarebytes 2009-03-26 13:55 . 2009-03-26 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-26 13:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 13:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-26 08:50 . 2009-03-27 19:11 <REP> d-------- C:\fixwareout 2009-03-24 19:26 . 2009-03-24 19:26 <REP> d-------- c:\program files\bayardKids 2009-03-16 14:33 . 2009-03-19 14:14 2,048 --a------ c:\windows\system32\win32xm1.TX1 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-27 15:53 --------- d-----w c:\documents and settings\Yannick\Application Data\Lavasoft 2009-03-26 18:34 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-23 11:50 --------- d-----w c:\documents and settings\Melanie\Application Data\OpenOffice.org2 2009-03-19 17:06 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-03-19 17:06 --------- d-----w c:\program files\Java 2009-03-16 18:33 --------- d-----w c:\program files\ImpotExpert 2008 2009-03-11 23:20 --------- d-----w c:\program files\Fichiers communs\Adobe AIR 2009-02-27 02:25 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT 2009-02-26 20:25 --------- d-----w c:\documents and settings\Melanie\Application Data\EndNote 2009-02-24 23:26 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-24 23:26 --------- d-----w c:\program files\Mindscape 2009-02-23 23:47 --------- d-----w c:\documents and settings\Melanie\Application Data\Mindscape 2009-02-23 18:48 --------- d-----w c:\program files\Send to smugmug 2009-02-23 17:14 --------- d-----w c:\program files\Fichiers communs\Real 2009-02-23 17:14 --------- d-----w c:\program files\Bonjour 2009-02-23 16:40 --------- d-----w c:\program files\CCleaner 2009-02-17 02:38 --------- d-----w c:\documents and settings\Melanie\Application Data\gtk-2.0 2009-02-16 20:41 --------- d-----w c:\program files\SomePDF 2009-02-16 20:24 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-06 01:25 --------- d-----w c:\documents and settings\Melanie\Application Data\Download Manager 2009-01-31 01:46 --------- d-----w c:\program files\Microsoft Silverlight 2009-01-17 02:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-14 17:25 94,208 ----a-w c:\documents and settings\Melanie\Application Data\ezplay.sys 2009-01-14 17:24 47,360 ----a-w c:\documents and settings\Melanie\Application Data\pcouffin.sys 2008-07-22 15:46 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLea.DAT 2007-08-01 12:39 7,425,288 ----a-w c:\program files\Mozilla Sunbird.zip 2006-07-20 18:41 82,928 ----a-w c:\documents and settings\Yannick\Application Data\GDIPFONTCACHEV1.DAT 2006-07-15 15:47 81,776 ----a-w c:\documents and settings\Melanie\Application Data\GDIPFONTCACHEV1.DAT 2004-03-11 17:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe 2008-12-27 14:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008122720081228\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\Yannick\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 110592] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 385024] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-31 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"= c:\docume~1\Melanie\LOCALS~1\Temp\..\nkq.dql [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Synchronizer.lnk backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl] [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-11-07 15:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 09:47 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] --a------ 2005-06-22 17:12 386752 c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-08-09 07:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-08-09 07:03 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] --a------ 2005-08-12 16:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 22:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunbird] --a------ 2008-09-18 01:17 6354540 c:\program files\Mozilla Sunbird\sunbird.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2006-04-29 09:21 94208 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"= "c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"= "c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"= "c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"= "c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Fujifilm\\Print@Fujicolor\\fujicolor.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-02-13 12288] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e3ac1f-75e5-11dc-af50-0016414a1c97}] \Shell\AutoRun\command - g:\portableapps\PortableAppsMenu\PortableAppsMenu.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-PowerBar - (no file) MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe MSConfigStartUp-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ mStart Page = hxxp://www.google.ca/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyOverride = *.local IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll FF - ProfilePath - c:\documents and settings\Melanie\Application Data\Mozilla\Firefox\Profiles\u7m0ciey.default\ FF - prefs.js: browser.startup.homepage - www.google.ca . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 20:22:45 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? jt??9~?????????????????R??????d???????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-03-27 20:24:27 ComboFix-quarantined-files.txt 2009-03-28 00:24:17 Avant-CF: 6 284 091 392 octets libres Après-CF: 8,267,079,680 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 234 --- E O F --- 2009-03-15 08:42:33 -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Cela n'a pas fonctionné -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Je viens d'essayer à partir du C: Ça ne marche pas plus. J'ai aussi essayé sur le compte Windows de mon copain (à partir du C: aussi), des fois que...mais ça ne marche pas non plus. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Ça marche pas J'ai essayé 3-4 fois et ça bloque toujours sur un fichier (il n'y a plus d'Activité sur le disque dur. j'ai laissé tourné de quelques minutes à une bonne demi-heure) 1)dès le départ sur navipromo 2)sur un des fichiers suivants: Antivirus 20 Spyguard 20 Advanced XP qui seraient situés dans: C:\Documents and Settings\ybaril.YBARIL_DELL\Application Data Ce qui est étrange toutefois est que ces fichiers n'existent pas dans le dossier spécifié. -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Fichier userinit.exe reçu le 2009.03.27 21:08:49 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.27 - AhnLab-V3 5.0.0.2 2009.03.27 - AntiVir 7.9.0.129 2009.03.27 - Antiy-AVL 2.0.3.1 2009.03.27 - Authentium 5.1.2.4 2009.03.27 - Avast 4.8.1335.0 2009.03.27 - AVG 8.5.0.283 2009.03.27 - BitDefender 7.2 2009.03.27 - CAT-QuickHeal 10.00 2009.03.26 - ClamAV 0.94.1 2009.03.27 - Comodo 1086 2009.03.27 - DrWeb 4.44.0.09170 2009.03.27 - eSafe 7.0.17.0 2009.03.27 - eTrust-Vet 31.6.6420 2009.03.27 - F-Prot 4.4.4.56 2009.03.27 - F-Secure 8.0.14470.0 2009.03.27 - Fortinet 3.117.0.0 2009.03.27 - GData 19 2009.03.27 - Ikarus T3.1.1.48.0 2009.03.27 - K7AntiVirus 7.10.683 2009.03.27 - Kaspersky 7.0.0.125 2009.03.27 - McAfee 5566 2009.03.27 - McAfee+Artemis 5566 2009.03.27 - McAfee-GW-Edition 6.7.6 2009.03.27 - Microsoft 1.4502 2009.03.27 - NOD32 3969 2009.03.27 - Norman 6.00.06 2009.03.27 - nProtect 2009.1.8.0 2009.03.27 - Panda 10.0.0.10 2009.03.27 - PCTools 4.4.2.0 2009.03.27 - Prevx1 V2 2009.03.27 - Rising 21.22.42.00 2009.03.27 - Sophos 4.40.0 2009.03.27 - Sunbelt 3.2.1858.2 2009.03.27 - Symantec 1.4.4.12 2009.03.27 - TheHacker 6.3.3.7.292 2009.03.26 - TrendMicro 8.700.0.1004 2009.03.27 - VBA32 3.12.10.1 2009.03.26 - ViRobot 2009.3.27.1666 2009.03.27 - Information additionnelle File size: 26624 bytes MD5...: e74ddb12188c2ff57a78624dbf7332fc SHA1..: 37514e0296ac819c1f5b304bd9087ef52c12a652 SHA256: 22362cab11561d7bbae99bff4a8811fa33920b48f2027e736e1bdccb9b617cbd SHA512: eefafc350d5e6f0c3ef6e3a7c063a99a26c293470a797f37be3e3c047e6ae220<br>fe7638b8fbe0debefbb8c75f6389da2eb7f8a7de2d2397f2809f4b0c169fad85 ssdeep: 768:RioJi8jDLIDSAaQFxfftjaLacmkLGKyGo:R/JbDMDSA7FxffJaLaSLGxGo<br> PEiD..: - info.txt logfile of random's system information tool 1.06 2009-03-27 16:12:02 ======Uninstall list====== -->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Add or Remove Adobe Creative Suite 3 Web Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\247961ef275e20c5cb073c36394ac32\Setup.exe Adiboud'chou à la campagne-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58DF884F-D071-4AFA-97AC-12D6626C6E9E}\setup.exe" -l0x40c -removeonly Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004} Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{C347D234-93D8-4595-BDAA-C04638B23B48} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0} Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{6A5D1A94-624A-4D20-B178-3A283B500370} Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} ANSYS 10.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0F54C1-934A-4206-ACFF-6557816CAE4A}\setup.exe" -l0x9 -uninst Antidote-->"C:\Program Files\Druide\Antidote\IsStub32.exe" -f"C:\Program Files\Druide\Antidote\DeIsL1.isu" -c"C:\Program Files\Druide\Antidote\_ISREG32.DLL" AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{C77A6D12-C609-4C03-B86B-30405180B513} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AutoCAD 2005 - Français-->MsiExec.exe /I{5783F2D7-0301-040C-0002-0060B0CE6BBA} AutoCAD 2005 Express Tools Volumes 1-9-->MsiExec.exe /X{5783F2D7-0311-0409-0000-0060B0CE6BBA} Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove bayardKids-->MsiExec.exe /X{4ECBE839-D9AF-1AF3-1DB4-0A3F334907B8} BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe BlindWrite 6-->"C:\Program Files\VSO\BlindWrite6\unins000.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5} Brother HL-5140-->"C:\Program Files\Brother\BRHL5140\IsUn040c.exe" -f"C:\Program Files\Brother\BRHL5140\DeIsL1.isu" -cbruninst.dll Bulk Rename Utility 2, 5, 4, 2-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{991B1~1\Setup.exe /remove /q0 Capture NX-->C:\Program Files\Nikon\Capture NX\uninstall.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Derive 6-->C:\PROGRA~1\TIEDUC~1\DERIVE~1\unwise.exe C:\PROGRA~1\TIEDUC~1\DERIVE~1\INSTALL.LOG Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel Digitize-Pro-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Digitize-Pro\ST6UNST.LOG" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Solution-->"C:\Program Files\Uninstall_CDS.exe" Electronic Arts Game Updater-->C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu" EndNote-->C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG EPSON Copy Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG EPSON Photo Print-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu" EPSON Scanner Reference Guide-->C:\Program Files\epson\guide\uninstall.exe EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x40c Uninstall EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x40c UNINSTALL FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe" Gestion de l'alimentation de la carte réseau interne-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x40c UNINSTALL APPDRVNT4 GIMP 2.4.2-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" GT Legends 1.1.0.0-->"C:\GTL\Support\unins000.exe" GTK+ 2.8.9 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\unins000.exe" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"D:\download\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ImpôtExpert 2006-->MsiExec.exe /X{694915D4-4C55-457B-9293-9F8369068A19} ImpôtExpert 2007-->MsiExec.exe /X{894BAEF1-3AF6-42FF-9DA3-3B3F8D00CCD4} ImpotExpert 2008-->MsiExec.exe /X{77301550-4ACE-43A9-8563-C76ACA77CD9C} ImpôtExpert Updater 2006-->MsiExec.exe /X{7A05D003-78F1-4EA6-BE88-8203E418E48D} ImpôtExpert Updater 2007-->MsiExec.exe /X{28DBD588-207D-4A26-8EAD-EFD8F128EB6D} ImpotExpert Updater 2008-->MsiExec.exe /X{C788569F-E51F-473E-92D8-BCBC8B024841} ISI ResearchSoft - Export Helper-->C:\PROGRA~1\FICHIE~1\Risxtd\_UNINST.EXE IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101} Logiciel Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes\unins000.exe" MATLAB 7.0.4-->C:\Program Files\MATLAB704\uninstall\uninstall.exe C:\Program Files\MATLAB704\ mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{9051040C-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F} Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel Mozilla Firefox (2.0.0.13)-->G:\PortableApps\FirefoxPortable\App\firefox\uninstall\helper.exe Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe Mozilla Sunbird (1.0pre)-->C:\Program Files\Calendar\uninstall\helper.exe Mozilla Thunderbird (2.0.0.21)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSC.ADAMS 2005 r2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C8CE178-A925-4115-A69D-EA873BF7E77A}\setup.exe" -l0x9 mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML4SP2-->MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056} Multimedia Launcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL NikonCapture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DDC579-834B-4C14-8122-853994FA2214}\Setup.exe" -l0x40c UNINSTALL OpenOffice.org 2.2-->MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB} PC Chrono 1.1.0.6-->"G:\PortableApps\Chrono\unins000.exe" PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PowerDVD 5.9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} Pro/ENGINEER Release Wildfire 2.0 Datecode M150-->"C:\PTC\proeWildfire 2.0\uninstall\i486_nt\obj\psuninst.exe" "C:\PTC\proeWildfire 2.0\uninstall\instlog.txt" Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT QuickSet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x40c APPDRVNT4 QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Sansa Media Converter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x40c ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG Send to SmugMug-->MsiExec.exe /I{32D8BBAC-32C1-40C2-9452-A2714765D05B} Send to smugmug-->MsiExec.exe /I{536C8539-A8C2-4401-A4B0-C9906AEC2B09} SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Soap 3.0 Toolkit-->MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A} Some PDF Image Extractr 1.5-->"C:\Program Files\SomePDF\Some PDF Image\unins000.exe" Some PDF to Word Converter 1.5-->"C:\Program Files\SomePDF\Some PDF to Word Converter\unins000.exe" Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spyder2-->C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2\uninstal.log STATGRAPHICS Plus 5.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Statgraphics\STATGRAPHICS Plus 5.0\DeIsL1.isu" -c"C:\Program Files\Statgraphics\STATGRAPHICS Plus 5.0\_ISREG32.DLL" Structure and Thermal Simulation Release Wildfire 2.0 [M150]-->"C:\PTC\mechWildfire 2.0\uninstall\i486_nt\obj\psuninst.exe" "C:\PTC\mechWildfire 2.0\uninstall\instlog.txt" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TI Connect 1.3-->C:\PROGRA~1\TIEDUC~1\TICONN~1\UNWISE.EXE C:\PROGRA~1\TIEDUC~1\TICONN~1\INSTALL.LOG VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WingMan Software-->MsiExec.exe /X{435673AB-6821-416D-806A-E477DFA60A42} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WordPerfect Office 12-->MsiExec.exe /I{C36E332D-1A46-44A3-940F-463689EAE08D} ======System event log====== Computer Name: YBARIL_DELL Event Code: 1001 Message: Le réseau n'a attribué aucune adresse à votre ordinateur (par le serveur DHCP) pour la carte réseau avec l'adresse réseau 00130219BE7E. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur. . Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 3490 Source Name: Dhcp Time Written: 20090101015048.000000-300 Event Type: error User: Computer Name: YBARIL_DELL Event Code: 2505 Message: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{D5382967-B71F-45FD-BE4D-758217D2C00C} car un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer. Record Number: 3487 Source Name: Server Time Written: 20090101014943.000000-300 Event Type: error User: Computer Name: YBARIL_DELL Event Code: 1006 Message: Votre ordinateur n'a pas pu configurer automatiquement les paramètres IP pour la carte avec l'adresse réseau 00130219BE7E. Il s'est produit l'erreur suivante pendant la configuration : Paramètre incorrect. . Record Number: 3486 Source Name: Dhcp Time Written: 20090101014937.000000-300 Event Type: warning User: Computer Name: YBARIL_DELL Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00130219BE7E. Il s'est produit l'erreur suivante : Le délai de temporisation de sémaphore a expiré. . Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 3485 Source Name: Dhcp Time Written: 20090101014928.000000-300 Event Type: warning User: Computer Name: YBARIL_DELL Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00130219BE7E. Il s'est produit l'erreur suivante : Le délai de temporisation de sémaphore a expiré. . Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 3451 Source Name: Dhcp Time Written: 20090101000249.000000-300 Event Type: warning User: =====Application event log===== Computer Name: YBARIL_DELL Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur YBARIL_DELL\Melanie alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 3625 Source Name: Userenv Time Written: 20071110205418.000000-300 Event Type: warning User: AUTORITE NT\SYSTEM Computer Name: YBARIL_DELL Event Code: 1000 Message: Application défaillante tosbtmng.exe, version 4.0.0.37, module défaillant lcwizard.dll, version 4.0.5.0, adresse de défaillance 0x00006c37. Record Number: 3576 Source Name: Application Error Time Written: 20071103014853.000000-240 Event Type: error User: Computer Name: YBARIL_DELL Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur YBARIL_DELL\Melanie alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 3557 Source Name: Userenv Time Written: 20071026105904.000000-240 Event Type: warning User: AUTORITE NT\SYSTEM Computer Name: YBARIL_DELL Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur YBARIL_DELL\Melanie alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 3525 Source Name: Userenv Time Written: 20071012141256.000000-240 Event Type: warning User: AUTORITE NT\SYSTEM Computer Name: YBARIL_DELL Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur YBARIL_DELL\Melanie alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 3506 Source Name: Userenv Time Written: 20071008102838.000000-240 Event Type: warning User: AUTORITE NT\SYSTEM ======Environment variables====== "ANSYS_SYSDIR"=Intel "ANSYS100_DIR"=C:\Program Files\Ansys Inc\v100\ANSYS "ANSYSLIC_DIR"=C:\Program Files\Ansys Inc\Shared Files\Licensing "CADOE_DOCDIR100"=C:\Program Files\Ansys Inc\v100\CommonFiles\help\en-us\solviewer "CADOE_LIBDIR100"=C:\Program Files\Ansys Inc\v100\CommonFiles\Language\en-us "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "KMP_STACKSIZE"=4m "LANG"=fr "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "P_SCHEMA"=C:\Program Files\Ansys Inc\v100\ANSYS\ac4\schema "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\WINDOWS\system32;C:\Program Files\MATLAB704\bin\win32;C:\PTC\mechWildfire 2.0\bin;C:\PTC\proeWildfire 2.0\bin;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\GIMP-2.0\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0e08 "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% -----------------EOF----------------- Excuse moi, il manquait un bout dans log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Melanie at 2009-03-27 16:11:54 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 5 GB (12%) free of 42 GB Total RAM: 1022 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:11:59, on 2009-03-27 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Melanie\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Melanie.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU) O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU) O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Druide\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144434708015 O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/2,4,1,0/mvt.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11008 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-19 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-19 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] ""= [] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-19 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "PowerBar"= [] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-06 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe [2005-06-22 386752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-08-09 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-08-09 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunbird] C:\Program Files\Mozilla Sunbird\sunbird.exe [2008-09-18 6354540] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk] C:\PROGRA~1\FICHIE~1\AUTODE~1\ACSTAR~1.EXE [2004-02-24 10872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Acrobat\ADOBEC~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-02-28 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe" "C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe" "C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe" "C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe" "C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe" "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Fujifilm\Print@Fujicolor\fujicolor.exe"="C:\Program Files\Fujifilm\Print@Fujicolor\fujicolor.exe:*:Enabled:fujicolor" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe" "C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe" "C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe" "C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe" "C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e3ac1f-75e5-11dc-af50-0016414a1c97}] shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe ======File associations====== .js - edit - .js - open - .txt - open - ======List of files/folders created in the last 1 months====== 2009-03-27 16:11:54 ----D---- C:\rsit 2009-03-27 15:37:35 ----D---- C:\32788R22FWJFW 2009-03-27 15:33:55 ----A---- C:\menu.txt 2009-03-27 15:33:32 ----D---- C:\Load-CF 2009-03-27 12:20:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-27 12:16:54 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-26 21:46:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-03-26 16:11:12 ----D---- C:\Program Files\Trend Micro 2009-03-26 13:55:24 ----D---- C:\Documents and Settings\Melanie\Application Data\Malwarebytes 2009-03-26 13:55:18 ----D---- C:\Program Files\Malwarebytes 2009-03-26 13:55:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-03-26 08:50:20 ----D---- C:\fixwareout 2009-03-24 19:26:05 ----D---- C:\Program Files\bayardKids 2009-03-19 13:07:03 ----A---- C:\WINDOWS\system32\javaws.exe 2009-03-19 13:07:03 ----A---- C:\WINDOWS\system32\javaw.exe 2009-03-19 13:07:03 ----A---- C:\WINDOWS\system32\java.exe 2009-03-12 21:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-11 22:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 22:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-03-11 22:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ ======List of files/folders modified in the last 1 months====== 2009-03-27 15:48:12 ----D---- C:\Program Files\Mozilla Firefox 2009-03-27 14:49:36 ----D---- C:\WINDOWS 2009-03-27 14:49:15 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 2009-03-27 14:49:14 ----D---- C:\WINDOWS\Temp 2009-03-27 12:57:47 ----D---- C:\WINDOWS\Prefetch 2009-03-27 12:42:09 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-27 12:24:57 ----D---- C:\WINDOWS\system32 2009-03-27 12:24:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-27 11:55:26 ----SD---- C:\WINDOWS\Tasks 2009-03-27 11:53:40 ----RD---- C:\Program Files 2009-03-27 11:53:21 ----D---- C:\WINDOWS\system32\drivers 2009-03-27 11:52:33 ----SD---- C:\Documents and Settings\Melanie\Application Data\Microsoft 2009-03-26 17:52:42 ----D---- C:\WINDOWS\Debug 2009-03-26 14:34:39 ----D---- C:\Program Files\Mozilla Thunderbird 2009-03-24 19:26:12 ----SHD---- C:\WINDOWS\Installer 2009-03-23 07:50:33 ----A---- C:\WINDOWS\Antidote.ini 2009-03-23 07:50:04 ----D---- C:\Documents and Settings\Melanie\Application Data\OpenOffice.org2 2009-03-19 13:06:47 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-03-19 13:06:43 ----D---- C:\Program Files\Java 2009-03-16 14:33:49 ----D---- C:\Program Files\ImpotExpert 2008 2009-03-12 21:00:58 ----HD---- C:\WINDOWS\inf 2009-03-12 21:00:49 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-03-12 15:19:45 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-03-11 22:32:24 ----D---- C:\WINDOWS\WinSxS 2009-03-11 19:20:10 ----D---- C:\Program Files\Fichiers communs\Adobe AIR 2009-03-11 02:03:10 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-08 12:45:06 ----SHD---- C:\WINDOWS\CSC ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545] R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-31 21275] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2273] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-06-22 99904] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-28 1506304] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-15 11984] R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2009-01-14 94208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-14 47360] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712] R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-22 47104] R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928] R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480] R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848] R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776] S2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537] S3 BCOREUSB;BCOREUSB.Sys CSR test driver; C:\WINDOWS\System32\Drivers\BCOREUSB.sys [2005-10-03 86867] S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 Spyder2;ColorVision Spyder2; C:\WINDOWS\system32\DRIVERS\Spyder2.sys [2007-01-17 12288] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200] S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys [] S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128] S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2002-06-20 13920] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73600] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-28 405504] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2003-08-27 57344] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-19 152984] R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 268800] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2006-04-13 74360] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-16 651720] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416] -----------------EOF----------------- -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Fichier explorer.exe reçu le 2009.03.27 21:00:22 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.27 - AhnLab-V3 5.0.0.2 2009.03.27 - AntiVir 7.9.0.129 2009.03.27 - Antiy-AVL 2.0.3.1 2009.03.27 - Authentium 5.1.2.4 2009.03.27 - Avast 4.8.1335.0 2009.03.27 - AVG 8.5.0.283 2009.03.27 - BitDefender 7.2 2009.03.27 - CAT-QuickHeal 10.00 2009.03.26 - ClamAV 0.94.1 2009.03.27 - Comodo 1086 2009.03.27 - DrWeb 4.44.0.09170 2009.03.27 - eSafe 7.0.17.0 2009.03.27 - eTrust-Vet 31.6.6420 2009.03.27 - F-Prot 4.4.4.56 2009.03.27 - F-Secure 8.0.14470.0 2009.03.27 - Fortinet 3.117.0.0 2009.03.27 - GData 19 2009.03.27 - Ikarus T3.1.1.48.0 2009.03.27 - K7AntiVirus 7.10.683 2009.03.27 - Kaspersky 7.0.0.125 2009.03.27 - McAfee 5566 2009.03.27 - McAfee+Artemis 5566 2009.03.27 - McAfee-GW-Edition 6.7.6 2009.03.27 - Microsoft 1.4502 2009.03.27 - NOD32 3969 2009.03.27 - Norman 6.00.06 2009.03.27 - nProtect 2009.1.8.0 2009.03.27 - Panda 10.0.0.10 2009.03.27 - Prevx1 V2 2009.03.27 - Rising 21.22.42.00 2009.03.27 - Sophos 4.40.0 2009.03.27 - Sunbelt 3.2.1858.2 2009.03.27 - Symantec 1.4.4.12 2009.03.27 - TheHacker 6.3.3.7.292 2009.03.26 - TrendMicro 8.700.0.1004 2009.03.27 - VBA32 3.12.10.1 2009.03.26 - ViRobot 2009.3.27.1666 2009.03.27 - Information additionnelle File size: 1037824 bytes MD5...: f2317622d29f9ff0f88aeecd5f60f0dd SHA1..: d54b0b83de6ee5922dd90db1446872bf32062b25 SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13 SHA512: 42040ea59a37091103cde10f8c31535d53ae8ed1a480de8052b7ed6b2faa2807<br>1e19b4daf747e0b63f6e6d0cc9db0330d1f8ea2da4b27a81a0202ba80ab737ce ssdeep: 12288:6HmcoCUyZtwAvAs4wTCyrPT7lvGVa/oXqoJpaz/g/J/v1S:4mfty/wAvN7<br>lrPlvGEoXJaz/g/J/t<br> PEiD..: - -
[RÉSOLU] Analyse HiJackThis - worm.win32.autorun.lut
P0rto a répondu à un(e) sujet de P0rto dans Analyses et éradication malwares
Oui. Ça marche normalement. Tu veux que j'envoie le fichier?