Aller au contenu

Ichtos

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    15

  • Inscription

  • Dernière visite

Ichtos's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Ichtos

    Ecran bleu - IRQL NOT LESS OR EQUAL

    Ichtos a répondu à un(e) sujet de Ichtos dans Software

    Bonjour. Voici le message d'erreur: IRQL not less or Equal. J'ai déjà rencontré le même problème il y a deux mois et j'avais pu trouver la solution sur ce forum grace à l'aide avisée de Gof . Toute aide me sera précieuse. Merci d'avance.
  2. Ichtos

    Ecran bleu - IRQL NOT LESS OR EQUAL

    Ichtos a répondu à un(e) sujet de Ichtos dans Software

    Bonjour, je vais surveiller cela. Je suis revenu à la dernière configuration correcte (via je ne sais plus quel logiciel) et j'arrive de nouveau à acceder à windows. Le rapport fait il apparaître une anomalie ? Merci de ta prochaine réponse. P
  3. Ichtos
    Bonjour. De nouveau infecté. Ecran bleu. Même en mode sans echec, problème de connexion...Merci pour toute aide qui pourra m'être donnée. Voici le Hijack this Logfile of HijackThis v1.99.1 Scan saved at 01:23:52, on 17/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Pascal\Local Settings\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;www.yahoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4235A961-A7DE-4EF4-83CF-49234A28DFE2}: NameServer = 212.27.32.176,212.27.32.177 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  4. Ichtos
    Toute la procédure a été appliquée. Je ne peux que vivement te remercier pour le temps passé sur ce "dossier". Je n'ai pas tout compris, mais je n'aurai jamais pu faire ça tout seul !!! Merci encore.
  5. Ichtos
    RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Pascal at 2009-05-09 19:35:32 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 9 GB (22%) free of 41 GB Total RAM: 1023 MB (33% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:40, on 09/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Secunia\PSI\psi.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe C:\Program Files\Fichiers communs\Adobe\Web\AOM.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\Pascal\Local Settings\Bureau\Pascal\RSIT.exe C:\Program Files\trend micro\Pascal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;www.yahoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4235A961-A7DE-4EF4-83CF-49234A28DFE2}: NameServer = 212.27.32.176,212.27.32.177 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe -- End of file - 9467 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Ulead Remote Control Center"=C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe [2005-03-18 49152] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2003-10-31 32768] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "nwiz"=nwiz.exe /install [] "NVRTCLK"=C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [2003-12-30 24576] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-12-16 266240] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Matchlock Scheduling"=C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe [2005-03-14 45056] "hplampc"=C:\WINDOWS\system32\hplampc.exe [2002-01-17 40448] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-01-12 185896] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "EoEngine"=C:\Program Files\EoRezo\EoEngine.exe [] "SoftwareHelper"=C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-11 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856] "BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-03-09 2564408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DTV Remote Control.lnk - C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Documents and Settings\Pascal\Menu Démarrer\Programmes\Démarrage Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\UMC.exe"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\UMC.exe:*:Enabled:UMC" "F:\emule\emule.exe"="F:\emule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse" "C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\rmc.exe"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\rmc.exe:*:Enabled:RMC" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe"="C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe:*:Enabled:RaConfig2500" "C:\Program Files\QuickTime\QTTask.exe"="C:\Program Files\QuickTime\QTTask.exe:*:Enabled:QTTask" "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer" "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"="C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\web\Flash FTP\FlashFXP.exe"="E:\web\Flash FTP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======File associations====== .js - open - ======List of files/folders created in the last 1 months====== 2009-05-09 18:41:03 ----D---- C:\Program Files\trend micro 2009-05-09 18:41:02 ----D---- C:\rsit 2009-05-09 18:26:38 ----SHD---- C:\RECYCLER 2009-05-09 17:10:05 ----D---- C:\HaxFix 2009-05-09 15:29:02 ----A---- C:\ComboFix.txt 2009-05-09 12:16:18 ----A---- C:\Boot.bak 2009-05-09 12:16:12 ----RASHD---- C:\cmdcons 2009-05-09 12:13:07 ----A---- C:\WINDOWS\zip.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\vFind.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWSC.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWREG.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\sed.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\grep.exe 2009-05-09 12:12:57 ----D---- C:\WINDOWS\ERDNT 2009-05-09 12:12:19 ----D---- C:\Qoobox 2009-05-09 10:11:25 ----D---- C:\Program Files\FreeAngel 2009-05-09 01:56:19 ----D---- C:\Documents and Settings\Pascal\Application Data\WinRAR 2009-05-09 01:34:43 ----D---- C:\WINDOWS\ERUNT 2009-05-09 01:33:17 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-09 01:31:13 ----D---- C:\SDFix 2009-05-09 00:44:08 ----D---- C:\Program Files\CCleaner 2009-05-08 19:42:36 ----D---- C:\Program Files\RegSupreme Pro 2009-05-08 16:11:50 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe 2009-05-08 15:56:58 ----D---- C:\VundoFix Backups 2009-05-08 15:56:58 ----A---- C:\VundoFix.txt 2009-05-08 11:51:59 ----D---- C:\WINDOWS\CSC 2009-05-02 18:05:20 ----D---- C:\WINDOWS\system32\NtmsData 2009-04-30 21:48:20 ----D---- C:\Program Files\Avira 2009-04-30 21:48:20 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-04-28 00:45:30 ----D---- C:\Documents and Settings\Pascal\Application Data\PCF-VLC 2009-04-18 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-18 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-18 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-18 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-18 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-18 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-14 03:00:39 ----D---- C:\WINDOWS\system32\KB905474 2009-04-12 09:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-04-12 09:54:53 ----A---- C:\WINDOWS\system32\MRT.INI 2009-04-12 09:54:51 ----D---- C:\WINDOWS\system32\MpEngineStore 2009-04-12 09:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-04-12 09:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-04-12 09:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-04-12 09:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-04-12 09:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-04-12 09:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-04-12 09:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-04-12 09:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-04-12 09:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-04-12 09:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-04-12 09:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\java.exe ======List of files/folders modified in the last 1 months====== 2009-05-09 19:32:44 ----D---- C:\Program Files\BitComet 2009-05-09 19:18:31 ----D---- C:\Documents and Settings\Pascal\Application Data\EoRezo 2009-05-09 19:17:00 ----RD---- C:\Program Files 2009-05-09 19:04:38 ----SD---- C:\WINDOWS\Tasks 2009-05-09 19:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-09 18:52:32 ----D---- C:\Documents and Settings\Pascal\Application Data\OpenOffice.org2 2009-05-09 18:26:37 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-09 18:24:58 ----D---- C:\Program Files\Mozilla Firefox 2009-05-09 18:23:54 ----D---- C:\WINDOWS\Temp 2009-05-09 18:15:04 ----D---- C:\WINDOWS\Prefetch 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32\spool 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32\drivers 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32 2009-05-09 18:14:59 ----D---- C:\WINDOWS 2009-05-09 17:07:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-09 16:14:25 ----D---- C:\ProgramData 2009-05-09 16:14:25 ----D---- C:\Program Files\Angle Interactive 2009-05-09 15:24:51 ----A---- C:\WINDOWS\system.ini 2009-05-09 15:22:15 ----D---- C:\WINDOWS\AppPatch 2009-05-09 15:22:12 ----D---- C:\Program Files\Fichiers communs 2009-05-09 14:50:58 ----D---- C:\WINDOWS\system32\config 2009-05-09 12:16:18 ----RASH---- C:\boot.ini 2009-05-09 12:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-09 11:11:57 ----D---- C:\Program Files\QuickTime 2009-05-09 11:11:49 ----D---- C:\Program Files\Messenger 2009-05-09 11:11:48 ----D---- C:\Program Files\Media Player Classic 2009-05-09 11:11:48 ----D---- C:\Program Files\JAlbum 6.5 2009-05-09 11:11:47 ----D---- C:\Program Files\e-anim604 2009-05-09 11:11:46 ----D---- C:\Program Files\BitZip 2009-05-09 01:41:47 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-09 00:54:30 ----D---- C:\WINDOWS\WinSxS 2009-05-09 00:54:14 ----SHD---- C:\Config.Msi 2009-05-09 00:54:10 ----SHD---- C:\WINDOWS\Installer 2009-05-09 00:52:32 ----D---- C:\Program Files\RamBooster 2.0 2009-05-09 00:47:32 ----D---- C:\WINDOWS\Minidump 2009-05-09 00:47:32 ----D---- C:\WINDOWS\Debug 2009-05-09 00:42:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-05-09 00:03:40 ----A---- C:\WINDOWS\win.ini 2009-05-08 20:17:54 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-05-08 15:34:19 ----D---- C:\WINDOWS\Help 2009-05-08 11:08:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-08 09:49:12 ----D---- C:\Program Files\ADS Tech 2009-05-08 09:48:50 ----D---- C:\WINDOWS\twain_32 2009-05-08 09:44:51 ----D---- C:\Program Files\ewido anti-spyware 4.0 2009-05-08 08:43:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 19:20:38 ----HD---- C:\WINDOWS\inf 2009-05-01 01:45:57 ----AC---- C:\WINDOWS\RtlRack.ini 2009-04-22 00:05:54 ----D---- C:\Downloads 2009-04-18 03:10:41 ----D---- C:\WINDOWS\system32\wbem 2009-04-18 03:03:59 ----D---- C:\WINDOWS\system32\fr-fr 2009-04-18 03:03:59 ----D---- C:\Program Files\Internet Explorer 2009-04-18 03:01:28 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-12 00:56:05 ----D---- C:\WINDOWS\system32\CatRoot 2009-04-11 22:01:13 ----D---- C:\WINDOWS\network diagnostic 2009-04-11 21:48:29 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-11 21:48:26 ----D---- C:\Program Files\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-29 17119] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 CX2388X;ADS DVBT 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88cap.sys [2004-10-20 160000] R2 CX88TS;ADS 2388x Transport Stream Capture; C:\WINDOWS\system32\drivers\cx88ts.sys [2004-09-22 13056] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480] R3 CXAVXBAR;ADS 2388x AVStream Crossbar; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-10-12 8704] R3 CXBDATUNE;ADS BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-01-06 107904] R3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808] R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-12-15 218368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 REGSpy;REGSpy; \??\C:\??\C:\??\C:\??\C:\??\C:\??\C:\??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys [] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\DOCUME~1\Pascal\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 hp4200c;%usbscan.SvcDesc%; C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-19 9312] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-10-04 47360] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-05-16 759072] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-12-16 139264] R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543] R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-11 152984] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-12-16 131133] R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-12-16 57409] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 VundoFixSvc;VundoFix Service; C:\WINDOWS\system32\VundoFixSVC.exe [2009-05-08 24576] S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] -----------------EOF-----------------
  6. Ichtos
    J'ai supprimé les fichiers à la main sous c: program files et sous documents & settings. Il me reste SoftwareUpdateHP. On a fini ?
  7. Ichtos
    Voila le log. Del bat OK SystemLook v1.0 by jpshortstuff (24.04.09) Log created at 19:03 on 09/05/2009 by Pascal (Administrator - Elevation successful) ========== contents ========== del /Q C:\WINDOWS\tasks\At1.job - Unable to open file. del /Q C:\WINDOWS\tasks\At10.job - Unable to open file. del /Q C:\WINDOWS\tasks\At100.job - Unable to open file. -=End Of File=- concernant Eorezo, comment s'appelle le fichier ? Nouveau RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Pascal at 2009-05-09 19:06:10 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 9 GB (22%) free of 41 GB Total RAM: 1023 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:06:19, on 09/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Secunia\PSI\psi.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe C:\Program Files\Fichiers communs\Adobe\Web\AOM.exe C:\Documents and Settings\Pascal\Local Settings\Bureau\Pascal\RSIT.exe C:\Program Files\trend micro\Pascal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;www.yahoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4235A961-A7DE-4EF4-83CF-49234A28DFE2}: NameServer = 212.27.32.176,212.27.32.177 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe -- End of file - 9385 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Ulead Remote Control Center"=C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe [2005-03-18 49152] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2003-10-31 32768] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "nwiz"=nwiz.exe /install [] "NVRTCLK"=C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [2003-12-30 24576] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-12-16 266240] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Matchlock Scheduling"=C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe [2005-03-14 45056] "hplampc"=C:\WINDOWS\system32\hplampc.exe [2002-01-17 40448] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-01-12 185896] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "EoEngine"=C:\Program Files\EoRezo\EoEngine.exe [2009-02-23 472872] "SoftwareHelper"=C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-11 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856] "BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-03-09 2564408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DTV Remote Control.lnk - C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Documents and Settings\Pascal\Menu Démarrer\Programmes\Démarrage Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\UMC.exe"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\UMC.exe:*:Enabled:UMC" "F:\emule\emule.exe"="F:\emule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse" "C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\rmc.exe"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\rmc.exe:*:Enabled:RMC" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe"="C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe:*:Enabled:RaConfig2500" "C:\Program Files\QuickTime\QTTask.exe"="C:\Program Files\QuickTime\QTTask.exe:*:Enabled:QTTask" "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer" "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"="C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\web\Flash FTP\FlashFXP.exe"="E:\web\Flash FTP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======File associations====== .js - open - ======List of files/folders created in the last 1 months====== 2009-05-09 18:41:03 ----D---- C:\Program Files\trend micro 2009-05-09 18:41:02 ----D---- C:\rsit 2009-05-09 18:26:38 ----SHD---- C:\RECYCLER 2009-05-09 17:10:05 ----D---- C:\HaxFix 2009-05-09 15:29:02 ----A---- C:\ComboFix.txt 2009-05-09 12:16:18 ----A---- C:\Boot.bak 2009-05-09 12:16:12 ----RASHD---- C:\cmdcons 2009-05-09 12:13:07 ----A---- C:\WINDOWS\zip.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\vFind.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWSC.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWREG.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\sed.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\grep.exe 2009-05-09 12:12:57 ----D---- C:\WINDOWS\ERDNT 2009-05-09 12:12:19 ----D---- C:\Qoobox 2009-05-09 10:11:25 ----D---- C:\Program Files\FreeAngel 2009-05-09 01:56:19 ----D---- C:\Documents and Settings\Pascal\Application Data\WinRAR 2009-05-09 01:34:43 ----D---- C:\WINDOWS\ERUNT 2009-05-09 01:33:17 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-09 01:31:13 ----D---- C:\SDFix 2009-05-09 00:44:08 ----D---- C:\Program Files\CCleaner 2009-05-08 19:42:36 ----D---- C:\Program Files\RegSupreme Pro 2009-05-08 16:11:50 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe 2009-05-08 15:56:58 ----D---- C:\VundoFix Backups 2009-05-08 15:56:58 ----A---- C:\VundoFix.txt 2009-05-08 11:51:59 ----D---- C:\WINDOWS\CSC 2009-05-02 18:05:20 ----D---- C:\WINDOWS\system32\NtmsData 2009-04-30 21:48:20 ----D---- C:\Program Files\Avira 2009-04-30 21:48:20 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-04-28 00:45:30 ----D---- C:\Documents and Settings\Pascal\Application Data\PCF-VLC 2009-04-18 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-18 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-18 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-18 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-18 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-18 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-14 03:00:39 ----D---- C:\WINDOWS\system32\KB905474 2009-04-12 09:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-04-12 09:54:53 ----A---- C:\WINDOWS\system32\MRT.INI 2009-04-12 09:54:51 ----D---- C:\WINDOWS\system32\MpEngineStore 2009-04-12 09:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-04-12 09:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-04-12 09:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-04-12 09:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-04-12 09:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-04-12 09:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-04-12 09:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-04-12 09:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-04-12 09:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-04-12 09:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-04-12 09:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\java.exe ======List of files/folders modified in the last 1 months====== 2009-05-09 19:04:38 ----SD---- C:\WINDOWS\Tasks 2009-05-09 19:02:44 ----D---- C:\Program Files\BitComet 2009-05-09 19:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-09 18:52:32 ----D---- C:\Documents and Settings\Pascal\Application Data\OpenOffice.org2 2009-05-09 18:41:03 ----RD---- C:\Program Files 2009-05-09 18:26:37 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-09 18:24:58 ----D---- C:\Program Files\Mozilla Firefox 2009-05-09 18:23:54 ----D---- C:\WINDOWS\Temp 2009-05-09 18:15:04 ----D---- C:\WINDOWS\Prefetch 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32\spool 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32\drivers 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32 2009-05-09 18:14:59 ----D---- C:\WINDOWS 2009-05-09 17:07:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-09 16:14:25 ----D---- C:\ProgramData 2009-05-09 16:14:25 ----D---- C:\Program Files\Angle Interactive 2009-05-09 15:24:51 ----A---- C:\WINDOWS\system.ini 2009-05-09 15:22:15 ----D---- C:\WINDOWS\AppPatch 2009-05-09 15:22:12 ----D---- C:\Program Files\Fichiers communs 2009-05-09 14:50:58 ----D---- C:\WINDOWS\system32\config 2009-05-09 12:16:18 ----RASH---- C:\boot.ini 2009-05-09 12:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-09 11:11:57 ----D---- C:\Program Files\QuickTime 2009-05-09 11:11:49 ----D---- C:\Program Files\Messenger 2009-05-09 11:11:48 ----D---- C:\Program Files\Media Player Classic 2009-05-09 11:11:48 ----D---- C:\Program Files\JAlbum 6.5 2009-05-09 11:11:47 ----D---- C:\Program Files\e-anim604 2009-05-09 11:11:46 ----D---- C:\Program Files\BitZip 2009-05-09 01:41:47 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-09 00:54:30 ----D---- C:\WINDOWS\WinSxS 2009-05-09 00:54:14 ----SHD---- C:\Config.Msi 2009-05-09 00:54:10 ----SHD---- C:\WINDOWS\Installer 2009-05-09 00:52:32 ----D---- C:\Program Files\RamBooster 2.0 2009-05-09 00:47:32 ----D---- C:\WINDOWS\Minidump 2009-05-09 00:47:32 ----D---- C:\WINDOWS\Debug 2009-05-09 00:42:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-05-09 00:03:40 ----A---- C:\WINDOWS\win.ini 2009-05-08 20:17:54 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-05-08 15:34:19 ----D---- C:\WINDOWS\Help 2009-05-08 11:08:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-08 09:49:12 ----D---- C:\Program Files\ADS Tech 2009-05-08 09:48:50 ----D---- C:\WINDOWS\twain_32 2009-05-08 09:44:51 ----D---- C:\Program Files\ewido anti-spyware 4.0 2009-05-08 08:43:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 19:20:38 ----HD---- C:\WINDOWS\inf 2009-05-01 01:45:57 ----AC---- C:\WINDOWS\RtlRack.ini 2009-04-22 00:05:54 ----D---- C:\Downloads 2009-04-18 03:10:41 ----D---- C:\WINDOWS\system32\wbem 2009-04-18 03:03:59 ----D---- C:\WINDOWS\system32\fr-fr 2009-04-18 03:03:59 ----D---- C:\Program Files\Internet Explorer 2009-04-18 03:01:28 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-12 00:56:05 ----D---- C:\WINDOWS\system32\CatRoot 2009-04-11 22:01:13 ----D---- C:\WINDOWS\network diagnostic 2009-04-11 21:48:29 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-11 21:48:26 ----D---- C:\Program Files\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-29 17119] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 CX2388X;ADS DVBT 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88cap.sys [2004-10-20 160000] R2 CX88TS;ADS 2388x Transport Stream Capture; C:\WINDOWS\system32\drivers\cx88ts.sys [2004-09-22 13056] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480] R3 CXAVXBAR;ADS 2388x AVStream Crossbar; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-10-12 8704] R3 CXBDATUNE;ADS BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-01-06 107904] R3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808] R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-12-15 218368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 REGSpy;REGSpy; \??\C:\??\C:\??\C:\??\C:\??\C:\??\C:\??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys [] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\DOCUME~1\Pascal\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 hp4200c;%usbscan.SvcDesc%; C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-19 9312] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-10-04 47360] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-05-16 759072] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-12-16 139264] R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543] R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-11 152984] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-12-16 131133] R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-12-16 57409] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 VundoFixSvc;VundoFix Service; C:\WINDOWS\system32\VundoFixSVC.exe [2009-05-08 24576] S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] -----------------EOF-----------------
  8. Ichtos
    Comment se comporte le PC ? Tout va bien ? Qu'en est-il des redirections ? ==> Tout semble OK. Plus de redirection. PC plus rapide, autres petits bugs réparés...
  9. Ichtos
    Le log: Logfile of random's system information tool 1.06 (written by random/random) Run by Pascal at 2009-05-09 18:41:02 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 9 GB (22%) free of 41 GB Total RAM: 1023 MB (39% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:41:21, on 09/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Secunia\PSI\psi.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Pascal\Local Settings\Bureau\Pascal\RSIT.exe C:\Program Files\trend micro\Pascal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;www.yahoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user') O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4235A961-A7DE-4EF4-83CF-49234A28DFE2}: NameServer = 212.27.32.176,212.27.32.177 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe -- End of file - 9167 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At100.job C:\WINDOWS\tasks\At101.job C:\WINDOWS\tasks\At102.job C:\WINDOWS\tasks\At103.job C:\WINDOWS\tasks\At104.job C:\WINDOWS\tasks\At105.job C:\WINDOWS\tasks\At106.job C:\WINDOWS\tasks\At107.job C:\WINDOWS\tasks\At108.job C:\WINDOWS\tasks\At109.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At110.job C:\WINDOWS\tasks\At111.job C:\WINDOWS\tasks\At112.job C:\WINDOWS\tasks\At113.job C:\WINDOWS\tasks\At114.job C:\WINDOWS\tasks\At115.job C:\WINDOWS\tasks\At116.job C:\WINDOWS\tasks\At117.job C:\WINDOWS\tasks\At118.job C:\WINDOWS\tasks\At119.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At120.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At25.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At39.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At49.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At50.job C:\WINDOWS\tasks\At51.job C:\WINDOWS\tasks\At52.job C:\WINDOWS\tasks\At53.job C:\WINDOWS\tasks\At54.job C:\WINDOWS\tasks\At55.job C:\WINDOWS\tasks\At56.job C:\WINDOWS\tasks\At57.job C:\WINDOWS\tasks\At58.job C:\WINDOWS\tasks\At59.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At60.job C:\WINDOWS\tasks\At61.job C:\WINDOWS\tasks\At62.job C:\WINDOWS\tasks\At63.job C:\WINDOWS\tasks\At64.job C:\WINDOWS\tasks\At65.job C:\WINDOWS\tasks\At66.job C:\WINDOWS\tasks\At67.job C:\WINDOWS\tasks\At68.job C:\WINDOWS\tasks\At69.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At70.job C:\WINDOWS\tasks\At71.job C:\WINDOWS\tasks\At72.job C:\WINDOWS\tasks\At73.job C:\WINDOWS\tasks\At74.job C:\WINDOWS\tasks\At75.job C:\WINDOWS\tasks\At76.job C:\WINDOWS\tasks\At77.job C:\WINDOWS\tasks\At78.job C:\WINDOWS\tasks\At79.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At80.job C:\WINDOWS\tasks\At81.job C:\WINDOWS\tasks\At82.job C:\WINDOWS\tasks\At83.job C:\WINDOWS\tasks\At84.job C:\WINDOWS\tasks\At85.job C:\WINDOWS\tasks\At86.job C:\WINDOWS\tasks\At87.job C:\WINDOWS\tasks\At88.job C:\WINDOWS\tasks\At89.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At90.job C:\WINDOWS\tasks\At91.job C:\WINDOWS\tasks\At92.job C:\WINDOWS\tasks\At93.job C:\WINDOWS\tasks\At94.job C:\WINDOWS\tasks\At95.job C:\WINDOWS\tasks\At96.job C:\WINDOWS\tasks\At97.job C:\WINDOWS\tasks\At98.job C:\WINDOWS\tasks\At99.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Ulead Remote Control Center"=C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe [2005-03-18 49152] "RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2003-10-31 32768] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "nwiz"=nwiz.exe /install [] "NVRTCLK"=C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe [2003-12-30 24576] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-12-16 266240] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Matchlock Scheduling"=C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe [2005-03-14 45056] "hplampc"=C:\WINDOWS\system32\hplampc.exe [2002-01-17 40448] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-01-12 185896] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "EoEngine"=C:\Program Files\EoRezo\EoEngine.exe [2009-02-23 472872] "SoftwareHelper"=C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-11 148888] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856] "BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-03-09 2564408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DTV Remote Control.lnk - C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Documents and Settings\Pascal\Menu Démarrer\Programmes\Démarrage Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server" "C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\UMC.exe"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\UMC.exe:*:Enabled:UMC" "F:\emule\emule.exe"="F:\emule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse" "C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\rmc.exe"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\rmc.exe:*:Enabled:RMC" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe"="C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe:*:Enabled:RaConfig2500" "C:\Program Files\QuickTime\QTTask.exe"="C:\Program Files\QuickTime\QTTask.exe:*:Enabled:QTTask" "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:TeaTimer" "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"="C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe:*:Enabled:SeaPort" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\web\Flash FTP\FlashFXP.exe"="E:\web\Flash FTP\FlashFXP.exe:*:Enabled:FlashFXP v3" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======File associations====== .js - open - ======List of files/folders created in the last 1 months====== 2009-05-09 18:41:03 ----D---- C:\Program Files\trend micro 2009-05-09 18:41:02 ----D---- C:\rsit 2009-05-09 18:26:38 ----SHD---- C:\RECYCLER 2009-05-09 17:10:05 ----D---- C:\HaxFix 2009-05-09 15:29:02 ----A---- C:\ComboFix.txt 2009-05-09 12:16:18 ----A---- C:\Boot.bak 2009-05-09 12:16:12 ----RASHD---- C:\cmdcons 2009-05-09 12:13:07 ----A---- C:\WINDOWS\zip.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\vFind.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWSC.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\SWREG.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\sed.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\NIRCMD.exe 2009-05-09 12:13:07 ----A---- C:\WINDOWS\grep.exe 2009-05-09 12:12:57 ----D---- C:\WINDOWS\ERDNT 2009-05-09 12:12:19 ----D---- C:\Qoobox 2009-05-09 10:11:25 ----D---- C:\Program Files\FreeAngel 2009-05-09 01:56:19 ----D---- C:\Documents and Settings\Pascal\Application Data\WinRAR 2009-05-09 01:34:43 ----D---- C:\WINDOWS\ERUNT 2009-05-09 01:33:17 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-09 01:31:13 ----D---- C:\SDFix 2009-05-09 00:44:08 ----D---- C:\Program Files\CCleaner 2009-05-08 19:42:36 ----D---- C:\Program Files\RegSupreme Pro 2009-05-08 16:11:50 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe 2009-05-08 15:56:58 ----D---- C:\VundoFix Backups 2009-05-08 15:56:58 ----A---- C:\VundoFix.txt 2009-05-08 11:51:59 ----D---- C:\WINDOWS\CSC 2009-05-02 18:05:20 ----D---- C:\WINDOWS\system32\NtmsData 2009-04-30 21:48:20 ----D---- C:\Program Files\Avira 2009-04-30 21:48:20 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-04-28 00:45:30 ----D---- C:\Documents and Settings\Pascal\Application Data\PCF-VLC 2009-04-18 03:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-18 03:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-18 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-18 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-18 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-18 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-14 03:00:39 ----D---- C:\WINDOWS\system32\KB905474 2009-04-12 09:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-04-12 09:54:53 ----A---- C:\WINDOWS\system32\MRT.INI 2009-04-12 09:54:51 ----D---- C:\WINDOWS\system32\MpEngineStore 2009-04-12 09:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-04-12 09:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-04-12 09:49:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-04-12 09:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-04-12 09:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-04-12 09:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-04-12 09:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-04-12 09:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-04-12 09:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-04-12 09:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-04-12 09:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-11 21:48:44 ----A---- C:\WINDOWS\system32\java.exe ======List of files/folders modified in the last 1 months====== 2009-05-09 18:41:03 ----RD---- C:\Program Files 2009-05-09 18:37:44 ----D---- C:\Program Files\BitComet 2009-05-09 18:26:37 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-09 18:24:58 ----D---- C:\Program Files\Mozilla Firefox 2009-05-09 18:23:54 ----D---- C:\WINDOWS\Temp 2009-05-09 18:15:04 ----D---- C:\WINDOWS\Prefetch 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32\spool 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32\drivers 2009-05-09 18:14:59 ----D---- C:\WINDOWS\system32 2009-05-09 18:14:59 ----D---- C:\WINDOWS 2009-05-09 17:07:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-09 17:06:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-09 16:14:25 ----D---- C:\ProgramData 2009-05-09 16:14:25 ----D---- C:\Program Files\Angle Interactive 2009-05-09 15:58:34 ----D---- C:\Documents and Settings\Pascal\Application Data\OpenOffice.org2 2009-05-09 15:24:51 ----A---- C:\WINDOWS\system.ini 2009-05-09 15:22:15 ----D---- C:\WINDOWS\AppPatch 2009-05-09 15:22:12 ----D---- C:\Program Files\Fichiers communs 2009-05-09 14:50:58 ----D---- C:\WINDOWS\system32\config 2009-05-09 12:16:18 ----RASH---- C:\boot.ini 2009-05-09 12:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-09 11:11:57 ----D---- C:\Program Files\QuickTime 2009-05-09 11:11:49 ----D---- C:\Program Files\Messenger 2009-05-09 11:11:48 ----D---- C:\Program Files\Media Player Classic 2009-05-09 11:11:48 ----D---- C:\Program Files\JAlbum 6.5 2009-05-09 11:11:47 ----D---- C:\Program Files\e-anim604 2009-05-09 11:11:46 ----D---- C:\Program Files\BitZip 2009-05-09 01:41:47 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-09 00:54:30 ----D---- C:\WINDOWS\WinSxS 2009-05-09 00:54:14 ----SHD---- C:\Config.Msi 2009-05-09 00:54:10 ----SHD---- C:\WINDOWS\Installer 2009-05-09 00:52:32 ----D---- C:\Program Files\RamBooster 2.0 2009-05-09 00:47:32 ----D---- C:\WINDOWS\Minidump 2009-05-09 00:47:32 ----D---- C:\WINDOWS\Debug 2009-05-09 00:42:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-05-09 00:03:40 ----A---- C:\WINDOWS\win.ini 2009-05-08 20:17:54 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-05-08 15:34:19 ----D---- C:\WINDOWS\Help 2009-05-08 11:08:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-08 09:49:12 ----D---- C:\Program Files\ADS Tech 2009-05-08 09:48:50 ----D---- C:\WINDOWS\twain_32 2009-05-08 09:44:51 ----D---- C:\Program Files\ewido anti-spyware 4.0 2009-05-08 08:43:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 19:20:38 ----HD---- C:\WINDOWS\inf 2009-05-01 01:45:57 ----AC---- C:\WINDOWS\RtlRack.ini 2009-04-22 00:05:54 ----D---- C:\Downloads 2009-04-18 03:10:41 ----D---- C:\WINDOWS\system32\wbem 2009-04-18 03:03:59 ----D---- C:\WINDOWS\system32\fr-fr 2009-04-18 03:03:59 ----D---- C:\Program Files\Internet Explorer 2009-04-18 03:01:28 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-14 03:00:40 ----SD---- C:\WINDOWS\Tasks 2009-04-12 00:56:05 ----D---- C:\WINDOWS\system32\CatRoot 2009-04-11 22:01:13 ----D---- C:\WINDOWS\network diagnostic 2009-04-11 21:48:29 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-11 21:48:26 ----D---- C:\Program Files\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-29 17119] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 CX2388X;ADS DVBT 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88cap.sys [2004-10-20 160000] R2 CX88TS;ADS 2388x Transport Stream Capture; C:\WINDOWS\system32\drivers\cx88ts.sys [2004-09-22 13056] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264] R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480] R3 CXAVXBAR;ADS 2388x AVStream Crossbar; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-10-12 8704] R3 CXBDATUNE;ADS BDA DVB Tuner/Demod; C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-01-06 107904] R3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928] R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808] R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-12-15 218368] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S2 REGSpy;REGSpy; \??\C:\??\C:\??\C:\??\C:\??\C:\??\C:\??\C:\Program Files\Softwin\BitDefender Professional Edition\regspy.sys [] S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\DOCUME~1\Pascal\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 hp4200c;%usbscan.SvcDesc%; C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-19 9312] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-10-04 47360] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-05-16 759072] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289] R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-12-16 139264] R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543] R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-11 152984] R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-12-16 131133] R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-12-16 57409] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680] S3 VundoFixSvc;VundoFix Service; C:\WINDOWS\system32\VundoFixSVC.exe [2009-05-08 24576] S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] -----------------EOF----------------- Le info info.txt logfile of random's system information tool 1.06 2009-05-09 18:41:23 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79} ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700} Adibou découvre les lettres et les chiffres 4-5 ans-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AC48BF9-34A5-425A-92A4-4AD8A0D76916}\setup.exe" -l0x40c -removeonly Adibou joue à lire et à compter 6-7 ans-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E4A07ED-8D35-4999-8F8D-F003C88142AF}\setup.exe" -l0x40c -removeonly Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} ADS DVBT BDA Drivers-->C:\WINDOWS\dtvunist.exe ADS DVBT Utilities-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D69A600D-E016-4544-A11B-F1E500121110}\setup.exe" -l0x40c -uninst AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x40c a-squared Free 1.6.5-->"C:\Program Files\a-squared\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2} ASUSDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall AVI Joiner-->"C:\Program Files\avijoin\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE BitComet 1.10-->C:\Program Files\BitComet\uninst.exe BitZip - Powered by Miro-->C:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe BitZip (remove only)-->C:\Program Files\BitZip\Uninstall.exe Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x40c anything Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x40c anything CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Command On Demand for Command Software-->rundll32 advpack.dll,LaunchINFSection C:\csscod\uninst.inf,DefaultUninstall Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Debugging Tools for Windows (x86)-->MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637} Easy Video Splitter 1.28-->"C:\Program Files\Easy Video Splitter\unins000.exe" EasyGuppY v4.0.3-->"C:\Program Files\EasyGuppY\unins000.exe" eMule-->"F:\emule\Uninstall.exe" ffdshow [rev 1900] [2008-03-15]-->"C:\Program Files\ffdshow\unins000.exe" FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe FreeAngel version 0.87-->"C:\Program Files\FreeAngel\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C} Go_FTP-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Go_FTP\ST6UNST.LOG" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hollywood FX 5.5 Additional Effects-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog HTML-Kit-->"E:\web\HK\HTML-Kit\unins000.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0} InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} JAlbum 6.5-->C:\Program Files\JAlbum 6.5\Uninstall.exe Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Juice 2.2-->C:\Program Files\Juice\uninst.exe Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} Lapin Malin Initiation à l'anglais v2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E13AE282-1E35-412D-9D4B-9FE3B81D3813}\setup.exe" Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LISTAC la version 2.01 du 23/03/04-->"C:\Program Files\listac\unins000.exe" Ma-Config.com-->MsiExec.exe /X{06526E3A-92DD-4F45-90CD-902953F1A8D2} Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manual CanoScan LiDE 25-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}\setup.exe" -l0x40c Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036 NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} OpenOffice.org 2.0-->MsiExec.exe /I{3869903C-0EF4-48D9-A12F-145AD549BA12} Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe" Picasa 2-->"G:\Picasa2\Uninstall.exe" Pinnacle device drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F866D37-22D0-435D-94F1-31A64D566D0E}\Setup.exe" -l0x40c Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log proDAD Heroglyph 1.0-->"C:\Program Files\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp proDAD Heroglyph 2.0-->"C:\Program Files\proDAD\Heroglyph-2.0\uninstall.exe" uninstall spcp PATHVERSION 2.0 QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE RegSupreme Pro-->"C:\Program Files\RegSupreme Pro\unins000.exe" RT2500 Wireless LAN Card-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Smart Explorer 6.1-->"C:\Program Files\Smart Explorer\unins000.exe" SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x40c UNINSTALL Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL Studio Numérique de Lapin Malin-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B51AFA85-23A2-4FE8-BB82-AFDA97F36F31}\setup.exe" -l0x40c -removeonly System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Ulead InstaMedia 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D78185-94FD-4131-B7F0-7E7771C58E1B}\setup.exe" -l0x40c Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Contrôle parental-->MsiExec.exe /X{EE02C20E-E82B-4693-8106-862D6F6DB6E5} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A} Windows Live Toolbar-->MsiExec.exe /X{915809D6-1F93-45F2-9699-5F1DA64DC24B} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.40-2-->"C:\Program Files\WinHTTrack\unins000.exe" XnView 1.96-->"C:\Program Files\XnView\unins000.exe" XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe" ======Security center information====== AV: Bitdefender Antivirus FW: F-Secure Anti-Virus 2006 6.10 (disabled) FW: NVIDIA Firewall ======System event log====== Computer Name: ATHLON Event Code: 1005 Message: Votre ordinateur a détecté que l'adresse IP 82.232.226.40 pour la carte avec l'adresse réseau 0007CB0000FF est déjà utilisée sur le réseau. Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse. Record Number: 214613 Source Name: Dhcp Time Written: 20090503170256.000000+120 Event Type: Avertissement User: Computer Name: ATHLON Event Code: 1005 Message: Votre ordinateur a détecté que l'adresse IP 82.232.226.40 pour la carte avec l'adresse réseau 0007CB0000FF est déjà utilisée sur le réseau. Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse. Record Number: 214612 Source Name: Dhcp Time Written: 20090503170256.000000+120 Event Type: Avertissement User: Computer Name: ATHLON Event Code: 1005 Message: Votre ordinateur a détecté que l'adresse IP 82.232.226.40 pour la carte avec l'adresse réseau 0007CB0000FF est déjà utilisée sur le réseau. Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse. Record Number: 214611 Source Name: Dhcp Time Written: 20090503170245.000000+120 Event Type: Avertissement User: Computer Name: ATHLON Event Code: 1005 Message: Votre ordinateur a détecté que l'adresse IP 82.232.226.40 pour la carte avec l'adresse réseau 0007CB0000FF est déjà utilisée sur le réseau. Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse. Record Number: 214610 Source Name: Dhcp Time Written: 20090503170245.000000+120 Event Type: Avertissement User: Computer Name: ATHLON Event Code: 1005 Message: Votre ordinateur a détecté que l'adresse IP 82.232.226.40 pour la carte avec l'adresse réseau 0007CB0000FF est déjà utilisée sur le réseau. Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse. Record Number: 214609 Source Name: Dhcp Time Written: 20090502184959.000000+120 Event Type: Avertissement User: =====Application event log===== Computer Name: ATHLON Event Code: 1004 Message: L'utilisateur a accepté le CLUF. Record Number: 58557 Source Name: WgaSetup Time Written: 20090504014338.000000+120 Event Type: Informations User: Computer Name: ATHLON Event Code: 1002 Message: Starting interactive setup. Record Number: 58556 Source Name: WgaSetup Time Written: 20090504014336.000000+120 Event Type: Informations User: Computer Name: ATHLON Event Code: 1006 Message: Le CLUF a déjà été accepté. Record Number: 58555 Source Name: WgaSetup Time Written: 20090504014335.000000+120 Event Type: Informations User: Computer Name: ATHLON Event Code: 0 Message: Record Number: 58554 Source Name: gusvc Time Written: 20090503214145.000000+120 Event Type: Informations User: Computer Name: ATHLON Event Code: 0 Message: Record Number: 58553 Source Name: gusvc Time Written: 20090503214045.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0c00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip -----------------EOF-----------------
  10. Ichtos
    Arf, celui-là était long ! Voila le rapport: HAXFIX logfile - by Marckie version 5.076 09/05/2009 17:10:24,96 running from C:\HaxFix --- Checking for Haxdoor --- checking for a3d files a3d files not found checking for matching notify keys no matching notify keys found checking for matching services no matching services found checking for matching safeboot services no matching safeboot services found --- Checking for Goldun - Spybanker --- checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for random used files and services -- these files are not necessarily malicious -- scanning all folders C:\Documents and Settings\All Users\Documents\Ma musique\Échantillons de musique\Thumbs.db C:\Documents and Settings\Pascal\Application Data\OpenOffice.org2\share\template\french\wizard\web\stl-tracks.stw C:\Documents and Settings\Pascal\Local Settings\Bureau\Cath\assedic2.sxw C:\Documents and Settings\Pascal\Local Settings\Bureau\Pascal\ahfsteltakthree\Thumbs.db C:\Documents and Settings\Pascal\Local Settings\Bureau\Pascal\Priva_M\Thumbs.db C:\Documents and Settings\Pascal\Local Settings\Bureau\Pascal\VirtualDub-1.8.6\vdub.exe C:\Program Files\XviD\vidccleaner.exe C:\Program Files\Adobe\Photoshop 6.0\Help\c16op64.htm C:\Program Files\AdorageI-GfxDatas\ado7\Fotoalbum\alpha\Fotoalbum_0328.TIF C:\Program Files\AdorageI-GfxDatas\ado7\Vorhang\gfx\Vorhang_0124.JPG C:\Program Files\AdorageI-GfxDatas\Images4\clapboard\alpha\okm0008.TIF C:\Program Files\AdorageI-GfxDatas\texture-image\Gradient\Text17.JPG C:\Program Files\Fichiers communs\NVIDIA Shared\Audio\NvAudioWizardZHC.dll C:\Program Files\NVIDIA Corporation\NetworkAccessManager\frontend\L1036\html\HOT_Connection_Tbl.html C:\Program Files\OpenOffice.org 2.0\program\ipb680mi.dll C:\Program Files\OpenOffice.org 2.0\program\ipx680mi.dll C:\Program Files\OpenOffice.org 2.0\program\jpipe.dll C:\Program Files\OpenOffice.org 2.0\share\template\fr\wizard\report\cnt-05.ott C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libau_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\liblpcm_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libmux_mpjpeg_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libpacketizer_copy_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libpodcast_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libshout_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libshowintf_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\vlc-plugins\libstream_out_gather_plugin.dll C:\Program Files\Participatory Culture Foundation\Miro\xulrunner\regxpcom.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\Effects\03 - Quads and Pieces\PLS-2 Out 2 In.hfx C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\Effects\09 - Doors and Borders\PLS-Border-Steel.hfx C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\Effects\19 - Business\PLS-Eraser.hfx C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\Effects\34 - Industrial 1\Gears.hfx C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\Objects\42 - Wild World 2\Peace Video 1.hfo C:\Program Files\Pinnacle\Studio 9\Plugins\RTFx\BWAutoColor.fex C:\Program Files\proDAD\Heroglyph-2.0\layoutmetricexp.dll C:\Program Files\proDAD\Heroglyph-1.0\clipart\frame\Mask03\adi-1\y6_013.JPG C:\Program Files\proDAD\Heroglyph-1.0\clipart\misc\glitter\out0152.JPG C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr C:\Program Files\WinHTTrack\src\htsmms.c C:\Qoobox\Quarantine\C\WINDOWS\instsp2.exe.vir C:\Qoobox\Quarantine\C\WINDOWS\system32\ipfwrd.sys.vir C:\System Volume Information\_restore{05D3BF26-2972-4564-8FB3-68026FBC91B0}\RP225\A0061138.exe C:\System Volume Information\_restore{05D3BF26-2972-4564-8FB3-68026FBC91B0}\RP225\A0061145.sys C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe C:\WINDOWS\Fonts\ega40857.fon C:\WINDOWS\Fonts\modern.fon C:\WINDOWS\inf\netepvcm.PNF C:\WINDOWS\inf\mtxvideo.PNF C:\WINDOWS\system32\asferror.dll C:\WINDOWS\system32\kbdjpn.dll C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.inf C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.inf C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\asferror.dll C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\asferror.dll C:\WINDOWS\ServicePackFiles\i386\dlttape.sys C:\WINDOWS\ServicePackFiles\i386\ident2.htm C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll C:\WINDOWS\ServicePackFiles\i386\mscortim.dll C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe C:\WINDOWS\ServicePackFiles\i386\tty.dll C:\WINDOWS\system32\dllcache\asferror.dll C:\WINDOWS\system32\dllcache\infoctrs.dll C:\WINDOWS\system32\dllcache\kbdjpn.dll C:\WINDOWS\system32\dllcache\modern.fon C:\WINDOWS\system32\drivers\cxavxbar.sys C:\WINDOWS\system32\en-US\icardie.dll.mui C:\WINDOWS\system32\oobe\setup\ident2.htm HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CXAVXBAR Imagepath REG_EXPAND_SZ system32\drivers\cxavxbar.sys checking for browser helper objects no known browser helper objects found checking for appinit files no files found checking for possible infected files please submit these file here: http://www.bleepingcomputer.com/submit-mal....php?channel=11 no files found checking for Active Setup Installed Components no known Active Setup Installed Components found checking iexplore.exe iexplore.exe is not infected --- Checking for other Goldun, Spybanker and Haxdoor files --- C:\WINDOWS\system32\bdod.bin --- Catchme logfile - thank you Gmer --- catchme 0.3.1380.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 18:15:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 --- Analysing Catchme logfile --- no matching regkeys found Finished!
  11. Ichtos
    et voila: Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2099 Windows 5.1.2600 Service Pack 3 09/05/2009 16:14:25 mbam-log-2009-05-09 (16-14-25).txt Type de recherche: Examen rapide Eléments examinés: 79493 Temps écoulé: 2 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipfwrd (Trojan.Goldun) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Angle Interactive\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully. C:\ProgramData\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully. C:\ProgramData\RD Platinum v5.0\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Angle Interactive\RD Platinum v5.0\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully. C:\ProgramData\RD Platinum v5.0\backup\08_11_2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully. C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
  12. Ichtos
    Et voila ! ComboFix 09-05-08.03 - Pascal 09/05/2009 15:21.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.413 [GMT 2:00] Lancé depuis: c:\documents and settings\Pascal\Local Settings\Bureau\Pascal\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Pascal\Local Settings\Bureau\Pascal\CFScript.txt AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) FW: F-Secure Anti-Virus 2006 6.10 *disabled* FW: NVIDIA Firewall *enabled* FILE :: c:\documents and settings\Pascal\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.lnk c:\documents and settings\Pascal\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk c:\windows\instsp2.exe c:\windows\system32\pck.bin . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Pascal\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk c:\windows\i_setup c:\windows\instsp2.exe c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\ipfwrd.sys c:\windows\system32\kwave.sys c:\windows\system32\pck.bin . ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 )))))))))))))))))))))))))))))))))))) . 2009-05-09 08:11 . 2009-05-09 08:13 -------- d-----w c:\program files\FreeAngel 2009-05-08 23:41 . 2009-05-08 23:41 579584 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-05-08 23:34 . 2009-05-08 23:34 -------- d-----w c:\windows\ERUNT 2009-05-08 23:31 . 2009-05-08 23:59 -------- d-----w C:\SDFix 2009-05-08 22:44 . 2009-05-08 22:44 -------- d-----w c:\program files\CCleaner 2009-05-08 17:42 . 2009-05-08 17:42 -------- d-----w c:\program files\RegSupreme Pro 2009-05-08 15:38 . 2009-05-08 15:38 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Opera 2009-05-08 14:11 . 2009-05-08 14:11 24576 ----a-w c:\windows\system32\VundoFixSVC.exe 2009-05-08 13:56 . 2009-05-08 16:57 -------- d-----w C:\VundoFix Backups 2009-05-08 09:25 . 2009-05-08 09:25 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-05-08 08:26 . 2009-05-08 22:40 7264 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-02 16:05 . 2009-05-02 17:20 -------- d-----w c:\windows\system32\NtmsData 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\documents and settings\LocalService\Menu Démarrer 2009-04-30 19:48 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\program files\Avira 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-04-27 22:45 . 2009-04-27 22:45 -------- d-----w c:\documents and settings\Pascal\Application Data\PCF-VLC 2009-04-17 18:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 18:04 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-17 18:04 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-17 18:04 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 18:04 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 18:04 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 18:04 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 18:04 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 18:04 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 18:03 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll 2009-04-17 18:03 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 01:00 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-14 01:00 . 2009-04-14 01:00 -------- d-----w c:\windows\system32\KB905474 2009-04-14 01:00 . 2009-03-10 20:26 1438080 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-12 07:54 . 2009-04-12 07:54 -------- d-----w c:\windows\system32\MpEngineStore 2009-04-11 23:12 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-11 23:01 . 2008-09-04 17:16 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 13:21 . 2009-04-05 21:23 -------- d-----w c:\program files\BitComet 2009-05-09 09:11 . 2005-08-29 15:50 -------- d-----w c:\program files\QuickTime 2009-05-09 09:11 . 2007-08-07 07:43 -------- d-----w c:\program files\Media Player Classic 2009-05-09 09:11 . 2006-10-15 22:12 -------- d-----w c:\program files\JAlbum 6.5 2009-05-09 09:11 . 2006-08-26 08:24 -------- d-----w c:\program files\e-anim604 2009-05-09 09:11 . 2007-09-23 07:47 -------- d-----w c:\program files\BitZip 2009-05-08 22:52 . 2008-07-29 07:13 -------- d-----w c:\program files\RamBooster 2.0 2009-05-08 13:43 . 2009-05-08 13:50 239440 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat 2009-05-08 09:08 . 2008-11-10 08:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-08 07:49 . 2005-08-29 14:52 -------- d-----w c:\program files\ADS Tech 2009-05-08 07:45 . 2006-09-05 21:59 40360 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 07:44 . 2006-07-27 22:40 -------- d-----w c:\program files\ewido anti-spyware 4.0 2009-05-08 06:43 . 2004-08-05 12:00 465170 ----a-w c:\windows\system32\perfh00C.dat 2009-05-08 06:43 . 2004-08-05 12:00 73554 ----a-w c:\windows\system32\perfc00C.dat 2009-04-11 19:48 . 2009-04-04 00:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-11 19:48 . 2005-08-30 12:12 -------- d-----w c:\program files\Java 2009-04-06 13:32 . 2008-11-10 08:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-11-10 08:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 01:11 . 2008-11-08 11:18 -------- d-----w c:\program files\Opera 2009-04-04 01:03 . 2006-10-01 09:04 -------- d-----w c:\program files\XnView 2009-04-04 00:49 . 2009-04-04 00:49 -------- d-----w c:\program files\Secunia 2009-04-02 23:04 . 2009-04-02 23:04 -------- d-----w c:\program files\Netscape 2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys 2009-03-06 14:20 . 2004-08-05 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:13 . 2004-08-05 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:10 . 2004-08-05 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:06 . 2004-08-04 00:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:05 . 2004-08-05 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:24 . 2004-08-05 12:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:23 . 2004-08-05 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-05 12:00 735744 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-05 12:00 739840 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2004-08-05 12:00 685568 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2004-08-05 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2008-07-11 23:26 . 2008-07-11 23:25 11963063 -c--a-w c:\program files\BitDefender.rar 2006-08-13 18:33 . 2006-08-13 18:33 143746 -c--a-w c:\program files\generoche.ged 2006-08-11 20:46 . 2006-08-11 20:46 10091750 -c--a-w c:\program files\PAF5EnglishSetup.exe 2006-07-30 23:25 . 2006-07-30 23:25 16371880 -c--a-w c:\program files\V01978_m4_700.wmv 2006-07-30 21:25 . 2006-07-30 21:24 12814336 -c--a-w c:\program files\mp10setup.exe 2006-02-26 20:27 . 2006-02-26 20:26 81140785 -c--a-w c:\program files\OOo_2.0.1_Win32Intel_install_fr.exe 2005-11-15 18:50 . 2005-11-15 18:50 24871536 -c--a-w c:\program files\sj655fr.exe 2005-11-11 19:57 . 2005-11-11 19:57 1200623 -c--a-w c:\program files\ezsplitter.exe . ((((((((((((((((((((((((((((( SnapShot@2009-05-09_10.31.36 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-09 13:24 . 2009-05-09 13:24 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead Remote Control Center"="c:\program files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe" [2005-03-18 49152] "RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-12-16 266240] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matchlock Scheduling"="c:\program files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe" [2005-03-14 45056] "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-12 185896] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872] "SoftwareHelper"="c:\documents and settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] c:\documents and settings\Pascal\Menu D‚marrer\Programmes\D‚marrage\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DTV Remote Control.lnk - c:\program files\ADS Tech\DVBT Utilities\ADSRMT.exe [2005-8-29 73728] RaConfig2500.lnk - c:\program files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-8-29 532480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Ulead Systems\\Ulead InstaMedia 2.0\\UMC.exe"= "f:\\emule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\Program Files\\Ulead Systems\\Ulead InstaMedia 2.0\\rmc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\RALINK\\RT2500 Wireless LAN Card\\Installer\\WINXP\\RaConfig2500.exe"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"= "c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19131:TCP"= 19131:TCP:BitComet 19131 TCP "19131:UDP"= 19131:UDP:BitComet 19131 UDP R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [16/05/2008 16:31 759072] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 21:48 108289] R2 CX2388X;ADS DVBT 23880 Video Capture;c:\windows\system32\drivers\cx88cap.sys [29/08/2005 16:53 160000] R2 CX88TS;ADS 2388x Transport Stream Capture;c:\windows\system32\drivers\cx88ts.sys [29/08/2005 16:53 13056] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [20/12/2008 12:35 56344] R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 18:01 533344] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [04/12/2008 17:03 226640] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [29/08/2005 17:12 180480] R3 CXBDATUNE;ADS BDA DVB Tuner/Demod;c:\windows\system32\drivers\cxBDAtun.sys [29/08/2005 16:53 107904] R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [03/11/2005 22:42 21344] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 13:03 7808] S1 ipfwrd;TDIFilter Driver;c:\windows\system32\ipfwrd.sys --> c:\windows\system32\ipfwrd.sys [?] S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS [16/11/2005 00:11 9312] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/06/2008 09:13 576680] S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove . Contenu du dossier 'Tâches planifiées' 2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ uInternet Settings,ProxyOverride = local;www.yahoo.fr uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec FlashGet IE: Télécharger tout avec FlashGet IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm LSP: %SYSTEMROOT%\system32\nvappfilter.dll TCP: {4235A961-A7DE-4EF4-83CF-49234A28DFE2} = 212.27.32.176,212.27.32.177 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.fr/static/download/pixacodndupload.cab FF - ProfilePath - c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr/ FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.proxy.no_proxies_on - ,www.yahoo.fr. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 15:24 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1000) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(4400) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\rundll32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-05-09 15:29 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-09 13:28 ComboFix2.txt 2009-05-09 13:01 ComboFix3.txt 2009-05-09 10:36 Avant-CF: 9 641 107 456 octets libres Après-CF: 9 618 501 632 octets libres 264 --- E O F --- 2009-04-18 01:04
  13. Ichtos
    Et voila le rapport: ComboFix 09-05-08.03 - Pascal 09/05/2009 14:49.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.539 [GMT 2:00] Lancé depuis: c:\documents and settings\Pascal\Local Settings\Bureau\Pascal\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Pascal\Local Settings\Bureau\Pascal\CFScript.txt AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) FW: F-Secure Anti-Virus 2006 6.10 *disabled* FW: NVIDIA Firewall *enabled* FILE :: c:\documents and settings\Pascal\LOCALSettings\Temp\nenum13E.sys c:\windows\system32\a9k.bin c:\windows\system32\binatoko.dll c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.dll c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ChkDisk.ink c:\windows\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll c:\windows\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.ink c:\windows\system32\fesusipa.dll c:\windows\system32\ipfwrd.dll c:\windows\system32\lmn_setup.exe c:\windows\system32\mufojale.dll c:\windows\system32\refodegu.dll.vir c:\windows\system32\vudutowo.dll c:\windows\system32\zawomebe.dll.vir c:\windows\TEMP\_A00FE492A.exe c:\windows\TEMP\yxsr5e.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\a9k.bin c:\windows\system32\binatoko.dll c:\windows\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\ipfwrd.dll c:\windows\system32\kwave.sys c:\windows\system32\lmn_setup.exe c:\windows\system32\refodegu.dll.vir c:\windows\system32\zawomebe.dll.vir . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FILESPY -------\Legacy_NENUM13E -------\Service_FILESpy -------\Service_nenum13E ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 )))))))))))))))))))))))))))))))))))) . 2009-05-09 08:11 . 2009-05-09 08:13 -------- d-----w c:\program files\FreeAngel 2009-05-09 08:05 . 2009-05-09 08:05 -------- d-----w c:\windows\i_setup 2009-05-08 23:41 . 2009-05-08 23:41 579584 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-05-08 23:34 . 2009-05-08 23:34 -------- d-----w c:\windows\ERUNT 2009-05-08 23:31 . 2009-05-08 23:59 -------- d-----w C:\SDFix 2009-05-08 22:44 . 2009-05-08 22:44 -------- d-----w c:\program files\CCleaner 2009-05-08 17:42 . 2009-05-08 17:42 -------- d-----w c:\program files\RegSupreme Pro 2009-05-08 15:38 . 2009-05-08 15:38 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Opera 2009-05-08 14:11 . 2009-05-08 14:11 24576 ----a-w c:\windows\system32\VundoFixSVC.exe 2009-05-08 13:56 . 2009-05-08 16:57 -------- d-----w C:\VundoFix Backups 2009-05-08 09:25 . 2009-05-08 09:25 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-05-08 08:26 . 2009-05-08 22:40 7264 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-07 21:05 . 2009-05-07 21:05 0 ----a-w c:\windows\system32\pck.bin 2009-05-07 20:04 . 2009-05-08 07:03 8720 ----a-w c:\windows\system32\ipfwrd.sys 2009-05-05 19:21 . 2009-05-07 19:35 8704 ----a-w c:\windows\instsp2.exe 2009-05-02 16:05 . 2009-05-02 17:20 -------- d-----w c:\windows\system32\NtmsData 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\documents and settings\LocalService\Menu Démarrer 2009-04-30 19:48 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\program files\Avira 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-04-27 22:45 . 2009-04-27 22:45 -------- d-----w c:\documents and settings\Pascal\Application Data\PCF-VLC 2009-04-17 18:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 18:04 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-17 18:04 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-17 18:04 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 18:04 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 18:04 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 18:04 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 18:04 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 18:04 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 18:03 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll 2009-04-17 18:03 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 01:00 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-14 01:00 . 2009-04-14 01:00 -------- d-----w c:\windows\system32\KB905474 2009-04-14 01:00 . 2009-03-10 20:26 1438080 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-12 07:54 . 2009-04-12 07:54 -------- d-----w c:\windows\system32\MpEngineStore 2009-04-11 23:12 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-11 23:01 . 2008-09-04 17:16 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 12:42 . 2009-04-05 21:23 -------- d-----w c:\program files\BitComet 2009-05-09 09:11 . 2005-08-29 15:50 -------- d-----w c:\program files\QuickTime 2009-05-09 09:11 . 2007-08-07 07:43 -------- d-----w c:\program files\Media Player Classic 2009-05-09 09:11 . 2006-10-15 22:12 -------- d-----w c:\program files\JAlbum 6.5 2009-05-09 09:11 . 2006-08-26 08:24 -------- d-----w c:\program files\e-anim604 2009-05-09 09:11 . 2007-09-23 07:47 -------- d-----w c:\program files\BitZip 2009-05-08 22:52 . 2008-07-29 07:13 -------- d-----w c:\program files\RamBooster 2.0 2009-05-08 13:43 . 2009-05-08 13:50 239440 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat 2009-05-08 09:08 . 2008-11-10 08:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-08 07:49 . 2005-08-29 14:52 -------- d-----w c:\program files\ADS Tech 2009-05-08 07:45 . 2006-09-05 21:59 40360 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 07:44 . 2006-07-27 22:40 -------- d-----w c:\program files\ewido anti-spyware 4.0 2009-05-08 06:43 . 2004-08-05 12:00 465170 ----a-w c:\windows\system32\perfh00C.dat 2009-05-08 06:43 . 2004-08-05 12:00 73554 ----a-w c:\windows\system32\perfc00C.dat 2009-04-11 19:48 . 2009-04-04 00:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-11 19:48 . 2005-08-30 12:12 -------- d-----w c:\program files\Java 2009-04-06 13:32 . 2008-11-10 08:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-11-10 08:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 01:11 . 2008-11-08 11:18 -------- d-----w c:\program files\Opera 2009-04-04 01:03 . 2006-10-01 09:04 -------- d-----w c:\program files\XnView 2009-04-04 00:49 . 2009-04-04 00:49 -------- d-----w c:\program files\Secunia 2009-04-02 23:04 . 2009-04-02 23:04 -------- d-----w c:\program files\Netscape 2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys 2009-03-06 14:20 . 2004-08-05 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:13 . 2004-08-05 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:10 . 2004-08-05 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:06 . 2004-08-04 00:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:05 . 2004-08-05 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:24 . 2004-08-05 12:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:23 . 2004-08-05 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-05 12:00 735744 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-05 12:00 739840 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2004-08-05 12:00 685568 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2004-08-05 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2008-07-11 23:26 . 2008-07-11 23:25 11963063 -c--a-w c:\program files\BitDefender.rar 2006-08-13 18:33 . 2006-08-13 18:33 143746 -c--a-w c:\program files\generoche.ged 2006-08-11 20:46 . 2006-08-11 20:46 10091750 -c--a-w c:\program files\PAF5EnglishSetup.exe 2006-07-30 23:25 . 2006-07-30 23:25 16371880 -c--a-w c:\program files\V01978_m4_700.wmv 2006-07-30 21:25 . 2006-07-30 21:24 12814336 -c--a-w c:\program files\mp10setup.exe 2006-02-26 20:27 . 2006-02-26 20:26 81140785 -c--a-w c:\program files\OOo_2.0.1_Win32Intel_install_fr.exe 2005-11-15 18:50 . 2005-11-15 18:50 24871536 -c--a-w c:\program files\sj655fr.exe 2005-11-11 19:57 . 2005-11-11 19:57 1200623 -c--a-w c:\program files\ezsplitter.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\i_setup ---- ((((((((((((((((((((((((((((( SnapShot@2009-05-09_10.31.36 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-09 12:56 . 2009-05-09 12:56 16384 c:\windows\Temp\Perflib_Perfdata_110.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead Remote Control Center"="c:\program files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe" [2005-03-18 49152] "RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-12-16 266240] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matchlock Scheduling"="c:\program files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe" [2005-03-14 45056] "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-12 185896] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872] "SoftwareHelper"="c:\documents and settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] c:\documents and settings\Pascal\Menu D‚marrer\Programmes\D‚marrage\ ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-5 33792] Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DTV Remote Control.lnk - c:\program files\ADS Tech\DVBT Utilities\ADSRMT.exe [2005-8-29 73728] RaConfig2500.lnk - c:\program files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-8-29 532480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Ulead Systems\\Ulead InstaMedia 2.0\\UMC.exe"= "f:\\emule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\Program Files\\Ulead Systems\\Ulead InstaMedia 2.0\\rmc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\RALINK\\RT2500 Wireless LAN Card\\Installer\\WINXP\\RaConfig2500.exe"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"= "c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19131:TCP"= 19131:TCP:BitComet 19131 TCP "19131:UDP"= 19131:UDP:BitComet 19131 UDP R1 ipfwrd;TDIFilter Driver;c:\windows\system32\ipfwrd.sys [07/05/2009 22:04 8720] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [16/05/2008 16:31 759072] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 21:48 108289] R2 CX2388X;ADS DVBT 23880 Video Capture;c:\windows\system32\drivers\cx88cap.sys [29/08/2005 16:53 160000] R2 CX88TS;ADS 2388x Transport Stream Capture;c:\windows\system32\drivers\cx88ts.sys [29/08/2005 16:53 13056] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [20/12/2008 12:35 56344] R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 18:01 533344] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [04/12/2008 17:03 226640] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [29/08/2005 17:12 180480] R3 CXBDATUNE;ADS BDA DVB Tuner/Demod;c:\windows\system32\drivers\cxBDAtun.sys [29/08/2005 16:53 107904] R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [03/11/2005 22:42 21344] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 13:03 7808] S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS [16/11/2005 00:11 9312] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/06/2008 09:13 576680] S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove . Contenu du dossier 'Tâches planifiées' 2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18] . - - - - ORPHELINS SUPPRIMES - - - - Notify-ipfwrd - ipfwrd.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ uInternet Settings,ProxyOverride = local;www.yahoo.fr uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec FlashGet IE: Télécharger tout avec FlashGet IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm LSP: %SYSTEMROOT%\system32\nvappfilter.dll TCP: {4235A961-A7DE-4EF4-83CF-49234A28DFE2} = 212.27.32.176,212.27.32.177 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.fr/static/download/pixacodndupload.cab FF - ProfilePath - c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr/ FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.proxy.no_proxies_on - ,www.yahoo.fr. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 14:56 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(1000) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(3404) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-05-09 15:01 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-09 13:00 ComboFix2.txt 2009-05-09 10:36 Avant-CF: 9 643 585 536 octets libres Après-CF: 9 620 742 144 octets libres 294 --- E O F --- 2009-04-18 01:04
  14. Ichtos
    Merci pour ton aide. Concernant la procédure, OK pour tout sauf pour l'antivirus. J'ai ien fermé antivir, mais apparemment j'ai encore un fichier bitdefender qui tourne. Pourtant j'ai bien désinstallé ce logiciel il y a quelques mois. Je ne sais pas identifier les fichiers qui seraient encore dans la bécane. Une question, est-ce que je réactive le tea timer le spybot ? Voila le rapport néammoins ComboFix 09-05-08.03 - Pascal 09/05/2009 12:23.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.672 [GMT 2:00] Lancé depuis: c:\documents and settings\Pascal\Local Settings\Bureau\Pascal\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) FW: F-Secure Anti-Virus 2006 6.10 *disabled* FW: NVIDIA Firewall *enabled* . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\protect.dll c:\documents and settings\Pascal\protect.dll c:\windows\patch.exe c:\windows\system32\__c00B6B12.dat c:\windows\system32\a9k.bin c:\windows\system32\ak1.exe c:\windows\system32\akitegak.ini c:\windows\system32\asizowuv.ini c:\windows\system32\autochk.dll c:\windows\system32\awesusoz.ini c:\windows\system32\bozuhanu.dll c:\windows\system32\config\systemprofile\protect.dll c:\windows\system32\divitawu.dll c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\drivers\ovfsthwwivrwhxaomjflxjboyxrqvayxwxvoel.sys c:\windows\system32\ebedddebef8_d.dll c:\windows\system32\fesusipa.dll c:\windows\system32\fijovopo.exe c:\windows\system32\fupilito.dll c:\windows\system32\hozifofe.dll c:\windows\system32\hurasivi.dll c:\windows\system32\ibewodaz.ini c:\windows\system32\ikuvuyoh.ini c:\windows\system32\koyahune.dll c:\windows\system32\kwave.sys c:\windows\system32\lmppcsetup.exe c:\windows\system32\makezimu.exe c:\windows\system32\neresazi.exe c:\windows\system32\opelagih.ini c:\windows\system32\ovfsthefyrkmvgrrtgccelguhbddfaengrrncw.dat c:\windows\system32\ovfsthekpcnvdogdqgaoudrkkedhoyqdlqryiu.dll c:\windows\system32\ovfsthlhqdbnthfdboilruggigvwglvlhkvlia.dat c:\windows\system32\ovfsthowjalqwmbhtxcabrngkvrjhoxjisbaaa.dll c:\windows\system32\ovfsthxngedilyalnpujkxtqxrdhnjqagqcofu.dll c:\windows\system32\pozofohu.dll c:\windows\system32\pudosuji.exe c:\windows\system32\ruzamako.exe c:\windows\system32\unapozut.ini c:\windows\system32\upuyanah.ini c:\windows\system32\vesiwudo.exe c:\windows\system32\vozizowu.dll c:\windows\system32\vudutowo.dll c:\windows\system32\welemige.dll c:\windows\system32\zadowebi.dll c:\windows\system32\zanelupo.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthtymtpgcrkbkqyjtydvcnvpsxxybhdsup ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 )))))))))))))))))))))))))))))))))))) . 2009-05-09 08:11 . 2009-05-09 08:13 -------- d-----w c:\program files\FreeAngel 2009-05-09 08:05 . 2009-05-09 08:05 -------- d-----w c:\windows\i_setup 2009-05-09 08:02 . 2009-05-09 08:17 27648 ----a-w c:\windows\system32\lmn_setup.exe 2009-05-08 23:41 . 2009-05-08 23:41 579584 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-05-08 23:34 . 2009-05-08 23:34 -------- d-----w c:\windows\ERUNT 2009-05-08 23:31 . 2009-05-08 23:59 -------- d-----w C:\SDFix 2009-05-08 22:44 . 2009-05-08 22:44 -------- d-----w c:\program files\CCleaner 2009-05-08 17:42 . 2009-05-08 17:42 -------- d-----w c:\program files\RegSupreme Pro 2009-05-08 15:38 . 2009-05-08 15:38 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Opera 2009-05-08 14:11 . 2009-05-08 14:11 24576 ----a-w c:\windows\system32\VundoFixSVC.exe 2009-05-08 13:56 . 2009-05-08 16:57 -------- d-----w C:\VundoFix Backups 2009-05-08 09:25 . 2009-05-08 09:25 -------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-05-08 08:26 . 2009-05-08 22:40 7264 ----a-w c:\windows\system32\d3d9caps.dat 2009-05-08 07:03 . 2009-05-08 07:03 23666 ----a-w c:\windows\system32\ipfwrd.dll 2009-05-05 19:21 . 2009-05-07 19:35 8704 ----a-w c:\windows\instsp2.exe 2009-05-02 16:05 . 2009-05-02 17:20 -------- d-----w c:\windows\system32\NtmsData 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\documents and settings\LocalService\Menu Démarrer 2009-04-30 19:48 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\program files\Avira 2009-04-30 19:48 . 2009-04-30 19:48 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-04-27 22:45 . 2009-04-27 22:45 -------- d-----w c:\documents and settings\Pascal\Application Data\PCF-VLC 2009-04-17 18:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 18:04 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-17 18:04 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-17 18:04 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 18:04 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 18:04 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 18:04 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 18:04 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 18:04 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 18:03 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll 2009-04-17 18:03 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 01:00 . 2009-03-10 20:18 454024 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-14 01:00 . 2009-04-14 01:00 -------- d-----w c:\windows\system32\KB905474 2009-04-14 01:00 . 2009-03-10 20:26 1438080 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-12 07:54 . 2009-04-12 07:54 -------- d-----w c:\windows\system32\MpEngineStore 2009-04-11 23:12 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-11 23:01 . 2008-09-04 17:16 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 10:31 . 2009-05-09 10:31 0 ----a-w c:\windows\system32\a9k.bin 2009-05-09 10:17 . 2009-04-05 21:23 -------- d-----w c:\program files\BitComet 2009-05-09 09:11 . 2005-08-29 15:50 -------- d-----w c:\program files\QuickTime 2009-05-09 09:11 . 2007-08-07 07:43 -------- d-----w c:\program files\Media Player Classic 2009-05-09 09:11 . 2006-10-15 22:12 -------- d-----w c:\program files\JAlbum 6.5 2009-05-09 09:11 . 2006-08-26 08:24 -------- d-----w c:\program files\e-anim604 2009-05-09 09:11 . 2007-09-23 07:47 -------- d-----w c:\program files\BitZip 2009-05-08 22:52 . 2008-07-29 07:13 -------- d-----w c:\program files\RamBooster 2.0 2009-05-08 13:43 . 2009-05-08 13:50 239440 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat 2009-05-08 09:08 . 2008-11-10 08:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-08 07:49 . 2005-08-29 14:52 -------- d-----w c:\program files\ADS Tech 2009-05-08 07:45 . 2006-09-05 21:59 40360 -c--a-w c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-08 07:44 . 2006-07-27 22:40 -------- d-----w c:\program files\ewido anti-spyware 4.0 2009-05-08 06:43 . 2004-08-05 12:00 465170 ----a-w c:\windows\system32\perfh00C.dat 2009-05-08 06:43 . 2004-08-05 12:00 73554 ----a-w c:\windows\system32\perfc00C.dat 2009-05-06 18:20 . 2009-02-06 18:20 86528 --sha-w c:\windows\system32\zawomebe.dll.vir 2009-05-04 18:10 . 2009-02-04 18:10 88064 --sha-w c:\windows\system32\refodegu.dll.vir 2009-04-30 23:19 . 2009-01-30 23:19 87552 --sha-w c:\windows\system32\binatoko.dll 2009-04-11 19:48 . 2009-04-04 00:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-11 19:48 . 2005-08-30 12:12 -------- d-----w c:\program files\Java 2009-04-06 13:32 . 2008-11-10 08:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-11-10 08:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 01:11 . 2008-11-08 11:18 -------- d-----w c:\program files\Opera 2009-04-04 01:03 . 2006-10-01 09:04 -------- d-----w c:\program files\XnView 2009-04-04 00:49 . 2009-04-04 00:49 -------- d-----w c:\program files\Secunia 2009-04-02 23:04 . 2009-04-02 23:04 -------- d-----w c:\program files\Netscape 2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys 2009-03-06 14:20 . 2004-08-05 12:00 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:13 . 2004-08-05 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:10 . 2004-08-05 12:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 17:06 . 2004-08-04 00:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:05 . 2004-08-05 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:24 . 2004-08-05 12:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:23 . 2004-08-05 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-05 12:00 735744 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-05 12:00 739840 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2004-08-05 12:00 685568 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2004-08-05 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2008-07-11 23:26 . 2008-07-11 23:25 11963063 -c--a-w c:\program files\BitDefender.rar 2006-08-13 18:33 . 2006-08-13 18:33 143746 -c--a-w c:\program files\generoche.ged 2006-08-11 20:46 . 2006-08-11 20:46 10091750 -c--a-w c:\program files\PAF5EnglishSetup.exe 2006-07-30 23:25 . 2006-07-30 23:25 16371880 -c--a-w c:\program files\V01978_m4_700.wmv 2006-07-30 21:25 . 2006-07-30 21:24 12814336 -c--a-w c:\program files\mp10setup.exe 2006-02-26 20:27 . 2006-02-26 20:26 81140785 -c--a-w c:\program files\OOo_2.0.1_Win32Intel_install_fr.exe 2005-11-15 18:50 . 2005-11-15 18:50 24871536 -c--a-w c:\program files\sj655fr.exe 2005-11-11 19:57 . 2005-11-11 19:57 1200623 -c--a-w c:\program files\ezsplitter.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] "BitComet"="c:\program files\BitComet\BitComet.exe" [2009-03-09 2564408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ulead Remote Control Center"="c:\program files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe" [2005-03-18 49152] "RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-12-16 266240] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matchlock Scheduling"="c:\program files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe" [2005-03-14 45056] "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-12 185896] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2009-02-23 472872] "SoftwareHelper"="c:\documents and settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ ChkDisk.dll [2009-5-9 24064] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ ChkDisk.dll [2009-5-9 24064] c:\documents and settings\Pascal\Menu D‚marrer\Programmes\D‚marrage\ ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-5 33792] Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DTV Remote Control.lnk - c:\program files\ADS Tech\DVBT Utilities\ADSRMT.exe [2005-8-29 73728] RaConfig2500.lnk - c:\program files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-8-29 532480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\fesusipa.dll c:\windows\system32\vudutowo.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\filespy.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipfwrd.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Ulead Systems\\Ulead InstaMedia 2.0\\UMC.exe"= "f:\\emule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\Program Files\\Ulead Systems\\Ulead InstaMedia 2.0\\rmc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\RALINK\\RT2500 Wireless LAN Card\\Installer\\WINXP\\RaConfig2500.exe"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"= "c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19131:TCP"= 19131:TCP:BitComet 19131 TCP "19131:UDP"= 19131:UDP:BitComet 19131 UDP R1 ipfwrd;TDIFilter Driver;c:\windows\system32\ipfwrd.sys [] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [16/05/2008 16:31 759072] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 21:48 108289] R2 CX2388X;ADS DVBT 23880 Video Capture;c:\windows\system32\drivers\cx88cap.sys [29/08/2005 16:53 160000] R2 CX88TS;ADS 2388x Transport Stream Capture;c:\windows\system32\drivers\cx88ts.sys [29/08/2005 16:53 13056] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [20/12/2008 12:35 56344] R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 18:01 533344] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [04/12/2008 17:03 226640] R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [29/08/2005 17:12 180480] R3 CXBDATUNE;ADS BDA DVB Tuner/Demod;c:\windows\system32\drivers\cxBDAtun.sys [29/08/2005 16:53 107904] R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [03/11/2005 22:42 21344] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 13:03 7808] S1 FILESpy;FILESpy;\??\c:\??\c:\??\c:\??\c:\??\c:\??\c:\??\c:\program files\Softwin\BitDefender Professional Edition\filespy.sys --> C:C:C:C:C:C:c:\program files\Softwin\BitDefender Professional Edition\filespy.sys [?] S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS [16/11/2005 00:11 9312] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/06/2008 09:13 576680] S3 nenum13E;nenum13E;\??\c:\docume~1\Pascal\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Pascal\LOCALS~1\Temp\nenum13E.sys [?] S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove . Contenu du dossier 'Tâches planifiées' 2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 20:18] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-nusipolive - c:\windows\system32\mufojale.dll HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\yxsr5e.exe HKU-Default-Run-A00FE492A.exe - c:\windows\TEMP\_A00FE492A.exe HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vudutowo.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.fr/ uInternet Settings,ProxyOverride = local;www.yahoo.fr uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger avec FlashGet IE: Télécharger tout avec FlashGet IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm LSP: %SYSTEMROOT%\system32\nvappfilter.dll TCP: {4235A961-A7DE-4EF4-83CF-49234A28DFE2} = 212.27.32.176,212.27.32.177 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - hxxp://www.pixaco.fr/static/download/pixacodndupload.cab FF - ProfilePath - c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.fr/ FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - plugin: c:\documents and settings\Pascal\Application Data\Mozilla\Firefox\Profiles\zmtlv07p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.proxy.no_proxies_on - ,www.yahoo.fr. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-09 12:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\system32\ipfwrd.sys 8720 bytes executable c:\windows\system32\pck.bin 0 bytes Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,0f,00,34,b5,24, 18,6b,47,c8,28,51,af,b0,29,a3,98,ac,15,c1,60,59,59,f5,28,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):7c,ec,a1,77,45,94,0e,0e,b1,7a,ba,d3,35,ae,cf,08,0c,df,5e,55,4e, 40,00,7d,cf,ee,d0,33,f7,82,66,1c,ac,07,bc,a0,51,06,a4,8c,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,55,93,de,16,cf, dc,72,28,71,3b,04,66,8b,46,0d,96,9f,0e,8a,41,a1,0f,e4,de,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f6,f8,8b,16,a2, e4,88,46,25,da,ec,7e,55,20,c9,26,63,4f,42,89,1d,7f,86,86,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,f8,89,01,bc,eb, 82,3e,c7,3e,1e,9e,e0,57,5a,93,61,8b,99,e1,06,4e,b3,9c,07,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,2f,76,f1,4a,2a, 2f,ff,9d,cd,44,cd,b9,a6,33,6c,cd,8c,9e,b7,ed,43,1c,93,8d,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,4c,3b,f7,83,f4, 8a,4d,6d,b0,18,ed,a7,3f,8d,37,a4,74,a7,32,2b,b0,ed,bf,4e,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c8,9a,a4,58,1e, f5,f6,15,31,77,e1,ba,b1,f8,68,02,99,33,c2,41,f0,73,17,c7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,92,42,e8,de,67, 3d,55,1a,83,6c,56,8b,a0,85,96,ab,69,d1,59,d5,bf,3a,9c,0f,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,67,13,7e,b3,bd, 1e,03,27,51,fa,6e,91,28,9e,14,cc,20,cf,52,f9,c5,9b,6e,1f,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,f4,ae,1d,af,ac, e7,91,39,b1,cd,45,5a,a8,c4,f8,b9,06,23,ff,2d,9e,f9,e6,1d,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,bd,68,f1,6b,62, 80,c3,2b,e3,0e,66,d5,eb,bc,2f,6b,a5,4c,86,e8,ad,78,5c,f8,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,44,85,c5,f0,29, 3b,75,ca,fa,ea,66,7f,d4,3b,6b,70,32,d5,62,50,28,31,eb,40,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(944) c:\windows\system32\ipfwrd.dll c:\windows\system32\nvappfilter.dll c:\windows\system32\msi.dll - - - - - - - > 'lsass.exe'(1000) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(5664) c:\windows\system32\ipfwrd.dll c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-05-09 12:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-09 10:36 Avant-CF: 9 757 659 136 octets libres Après-CF: 9 755 328 512 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptOut 401 --- E O F --- 2009-04-18 01:04
  15. Ichtos
    Bonjour à tour et merci par avance pour les personnes qui voudront bien m'aider. Depuis environ 1 semaine, je souffre des symptomes d'un google redirect. Quand je clique sur certains liens (Navigateurs Firefox et Opera), je suis automatiquement redirigé vers des sites commerciaux et des moteurs de recherche. Mon antivirus: Antivir. J'ai déja scanné le systeme en mode sans echec, mais le virus semble toujours là. A toutes fins, je copie le rapport Hijack this de ce matin. Merci à tous ceux qui sauront me dire quelles lignes je peux supprimer. Pascal Logfile of HijackThis v1.99.1 Scan saved at 11:13:46, on 09/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe \?\globalroot\C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Pascal\Local Settings\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;www.yahoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {24520f9e-e233-426c-9947-4c012d439c32} - C:\WINDOWS\system32\bejaline.dll (file missing) O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [944aed9e] rundll32.exe "C:\WINDOWS\system32\zadowebi.dll",b O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKLM\..\Run: [nusipolive] Rundll32.exe "C:\WINDOWS\system32\mufojale.dll",s O4 - HKLM\..\Run: [CPM9779de02] Rundll32.exe "c:\windows\system32\vudutowo.dll",a O4 - HKLM\..\Run: [babyGoCP] C:\Program Files\FreeAngel\FreeAngel.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - Startup: ChkDisk.lnk = ? O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe O4 - Global Startup: DTV Remote Control.lnk = C:\Program Files\ADS Tech\DVBT Utilities\ADSRMT.exe O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigm...geUploader4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4235A961-A7DE-4EF4-83CF-49234A28DFE2}: NameServer = 212.27.32.176,212.27.32.177 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\zekuboli.dll c:\windows\system32\nepovefe.dll c:\windows\system32\pologodi.dll c:\windows\system32\wugobaha.dll C:\WINDOWS\system32\fesusipa.dll c:\windows\system32\savogiju.dll c:\windows\system32\vudutowo.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: ipfwrd - C:\WINDOWS\SYSTEM32\ipfwrd.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vudutowo.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
×
×
  • Créer...