splitter

Membres

Afficher le profil Afficher son activité

Compteur de contenus
12
Inscription
le 31 mai 2009
Dernière visite
le 9 juin 2009

Autres informations

Mes langues
français

splitter's Achievements

Junior Member (3/12)

Réputation sur la communauté

Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

salut, oui le pc va bien, j'ai supprimé la plupart des crack. Sinon j'ai laissé l'antivirus que j'utilisai bloqué pour le moment, j'en ai installé un autre : Avira. Est ce que j'enlève l'ancien antivirus complètement ??
- le 8 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

excusez moi pour le dérangement mais je ne sais pas si les résultats de l'analyse sont bonnes ou non ???
- le 3 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

bonsoir , tout est bon ???
- le 2 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

ComboFix 09-05-31.06 - nidhal 01/06/2009 21:59.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3000.1485 [GMT 2:00] Lancé depuis: c:\users\nidhal\Desktop\ComboFi.exe Commutateurs utilisés :: c:\users\nidhal\Downloads\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\programdata\4780A12C.exe" "c:\users\nidhal\appdata\local\ewaqmqy.exe" "c:\users\nidhal\appdata\local\smgma.bat" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\RegCure c:\users\nidhal\appdata\local\smgma.bat c:\windows\PEV.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-01 au 2009-06-01 )))))))))))))))))))))))))))))))))))) . 2009-06-01 19:17 . 2009-06-01 19:18 -------- d-----w- C:\ToolBar SD 2009-06-01 18:57 . 2009-06-01 19:16 -------- d-----w- c:\program files\Navilog1 2009-06-01 18:57 . 2008-05-22 00:15 434 ----a-w- c:\windows\myClean.bat 2009-06-01 17:15 . 2009-06-01 17:15 -------- d-----w- C:\rsit 2009-06-01 17:15 . 2009-06-01 17:15 -------- d-----w- c:\program files\trend micro 2009-06-01 10:46 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-01 10:46 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-01 10:03 . 2009-06-01 10:03 -------- d-----w- c:\programdata\LightScribe 2009-05-31 20:11 . 2009-05-31 20:11 -------- d-sh--w- C:\found.000 2009-05-31 17:29 . 2009-06-01 20:04 -------- d-----w- c:\users\nidhal\AppData\Local\temp 2009-05-31 13:52 . 2009-05-31 13:54 -------- d-s---w- C:\ldl 2009-05-31 13:08 . 2009-05-31 13:08 -------- d-----w- c:\users\nidhal\AppData\Roaming\Malwarebytes 2009-05-31 13:07 . 2009-05-31 13:07 -------- d-----w- c:\programdata\Malwarebytes 2009-05-31 01:23 . 2009-06-01 10:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 23:58 . 2009-05-31 13:57 117760 ----a-w- c:\users\nidhal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-30 23:57 . 2009-05-30 23:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-05-30 23:53 . 2009-05-30 23:57 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-05-30 23:53 . 2009-05-30 23:53 -------- d-----w- c:\users\nidhal\AppData\Roaming\SUPERAntiSpyware.com 2009-05-30 09:18 . 2009-05-30 12:48 -------- d-----w- c:\users\nidhal\hiphop4 2009-05-30 00:56 . 2002-11-02 07:53 57344 ----a-w- c:\windows\system32\WNASPINT.DLL 2009-05-29 20:05 . 2009-05-29 20:05 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-05-29 20:05 . 2009-05-29 20:17 -------- d-----w- c:\users\nidhal\AppData\Roaming\DAEMON Tools Lite 2009-05-29 19:22 . 2009-05-29 19:22 -------- d-----w- c:\programdata\DAEMON Tools Pro 2009-05-29 19:18 . 2009-05-29 19:18 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-29 19:18 . 2009-05-29 19:18 -------- d-----w- c:\users\nidhal\AppData\Roaming\DAEMON Tools Pro 2009-05-29 18:57 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll 2009-05-29 18:57 . 2001-08-28 11:00 24626 ----a-w- c:\windows\system32\scrrnfr.dll 2009-05-29 18:57 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2009-05-29 18:57 . 1999-03-25 18:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-05-29 18:57 . 1998-07-12 22:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL 2009-05-29 18:57 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL 2009-05-29 18:57 . 1998-07-13 15:53 44544 ----a-w- c:\windows\system32\GIF89.DLL 2009-05-29 18:57 . 1998-07-12 22:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll 2009-05-29 18:57 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2009-05-29 18:57 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2009-05-29 14:57 . 2009-05-29 14:57 -------- d-----w- c:\windows\Sun 2009-05-28 09:47 . 2009-05-28 09:47 -------- d-----w- c:\users\nidhal\AppData\Local\ESET 2009-05-27 21:48 . 2009-05-27 21:48 -------- d-----w- c:\users\nidhal\AppData\Local\Cycling '74 2009-05-27 20:05 . 2009-05-28 15:15 -------- d-----w- c:\users\nidhal\AppData\Roaming\Cycling '74 2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w- c:\users\Public\Roaming 2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w- c:\users\nidhal\Library 2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w- c:\users\nidhal\AppData\Roaming\com.adobe.ExMan 2009-05-04 22:40 . 2009-05-04 22:40 -------- d-----w- c:\program files\Adobe Media Player 2009-05-03 15:29 . 2009-05-03 15:33 -------- d-----w- c:\users\nidhal\AppData\Roaming\OtakuSoftware 2009-05-03 11:44 . 2009-05-03 11:44 -------- d-----w- c:\program files\CodeGazer 2009-05-03 11:24 . 2009-05-03 11:24 -------- d-----w- c:\users\nidhal\AppData\Local\Stardock . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-01 18:57 . 2008-06-18 16:18 -------- d-----w- c:\program files\SiteAdvisor 2009-06-01 14:20 . 2009-04-20 21:48 -------- d-----w- c:\programdata\Google Updater 2009-06-01 10:57 . 2008-04-15 21:57 703476 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-01 10:57 . 2008-04-15 21:57 140010 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-01 09:54 . 2008-06-18 15:33 -------- d-----w- c:\programdata\hpqLog 2009-05-31 22:16 . 2008-11-26 15:01 680 ----a-w- c:\users\nidhal\AppData\Local\d3d9caps.dat 2009-05-31 17:34 . 2008-11-02 12:19 12 ----a-w- c:\windows\bthservsdp.dat 2009-05-31 16:36 . 2008-11-02 18:29 -------- d-----w- c:\program files\ESET 2009-05-30 23:52 . 2008-11-02 18:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-30 12:58 . 2008-06-18 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-29 15:07 . 2008-12-23 15:46 -------- d-----w- c:\program files\Ontrack 2009-05-27 19:46 . 2008-06-18 16:19 -------- d-----w- c:\program files\Java 2009-05-26 14:53 . 2008-11-02 12:47 207472 ----a-w- c:\users\nidhal\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-14 10:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-04 22:50 . 2009-02-21 21:09 -------- d-----w- c:\programdata\FLEXnet 2009-05-04 22:37 . 2008-11-02 19:58 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-03 22:27 . 2008-01-21 02:23 240128 ----a-w- c:\windows\system32\uxtheme.dll 2009-05-03 22:27 . 2008-01-21 02:23 615424 ----a-w- c:\windows\system32\themeui.dll 2009-05-03 21:30 . 2009-01-11 02:37 -------- d-----w- c:\program files\nidhal 2009-05-03 21:30 . 2008-11-14 14:39 -------- d-----w- c:\program files\YesMessenger 2009-05-03 21:30 . 2008-11-28 16:16 -------- d-----w- c:\program files\Aglare FLV to AVI Converter 2009-04-27 16:42 . 2009-01-24 00:25 -------- d-----w- c:\users\nidhal\AppData\Roaming\dvdcss 2009-04-27 11:13 . 2008-11-02 22:37 -------- d-----w- c:\users\nidhal\AppData\Roaming\Sony 2009-04-20 02:02 . 2008-11-02 20:14 -------- d-----w- c:\program files\Google 2009-04-14 17:56 . 2009-04-14 17:56 -------- d-----w- c:\programdata\Apowersoft 2009-04-14 17:16 . 2009-04-14 17:16 -------- d-----w- c:\program files\Common Files\xing shared 2009-04-14 17:16 . 2008-11-02 16:53 -------- d-----w- c:\program files\Common Files\Real 2009-04-14 17:15 . 2009-04-14 17:15 -------- d-----w- c:\program files\Real 2009-04-09 20:05 . 2009-03-22 13:26 -------- d-----w- c:\program files\GMX-PhotoPainter 2009-04-09 13:21 . 2009-04-09 13:21 93312 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys 2009-04-09 13:18 . 2009-04-09 13:18 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-04-09 13:10 . 2009-04-09 13:10 113960 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-04-07 17:27 . 2009-04-07 17:27 -------- d-----w- c:\program files\Virtools 2009-03-22 12:08 . 2009-03-22 11:58 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-03-22 12:08 . 2009-03-22 11:58 88 --sha-r- c:\windows\system32\2F964512F1.sys 2009-03-17 03:38 . 2009-04-16 10:48 13824 ----a-w- c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 10:48 24064 ----a-w- c:\windows\system32\amxread.dll 2009-03-09 03:19 . 2008-12-10 16:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-08 12:34 . 2009-03-08 12:34 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2008-12-01 09:23 . 2009-01-10 10:51 557056 ----a-w- c:\program files\EdenFlirt.exe 2008-11-06 17:34 . 2008-11-06 17:34 6834 ----a-w- c:\program files\KLF2.5GPU.log 2008-06-18 15:47 . 2008-06-18 15:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-05-31_17.27.27 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-06-01 09:56 68966 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-11-02 12:29 . 2009-06-01 09:56 12196 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-189134021-1314559775-1526549425-1004_UserData.bin - 2008-04-17 10:30 . 2009-05-31 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-17 10:30 . 2009-06-01 09:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-17 10:30 . 2009-06-01 09:54 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-17 10:30 . 2009-05-31 17:12 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-17 10:30 . 2009-05-31 17:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-17 10:30 . 2009-06-01 09:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-05-30 23:57 . 2009-05-30 23:57 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2009-05-30 23:57 . 2009-06-01 19:57 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2009-05-30 23:57 . 2009-05-30 23:57 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-05-30 23:57 . 2009-06-01 19:57 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe - 2009-05-31 17:18 . 2009-05-31 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-06-01 09:53 . 2009-06-01 09:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-05-31 17:18 . 2009-05-31 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-06-01 09:53 . 2009-06-01 09:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2006-11-02 13:05 . 2009-05-31 17:20 111744 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-06-01 09:56 111744 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 10:33 . 2009-06-01 10:57 616680 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-05-30 14:38 616680 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-05-30 14:38 113804 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-06-01 10:57 113804 c:\windows\System32\perfc009.dat - 2006-11-02 12:47 . 2009-05-31 17:12 2710080 c:\windows\System32\FNTCACHE.DAT + 2006-11-02 12:47 . 2009-06-01 09:53 2710080 c:\windows\System32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}] 2009-02-16 14:44 1882136 ----a-w- c:\program files\PHPNukeFR\tbPHPN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}] 2008-11-23 22:03 1784856 ----a-w- c:\program files\Eazel-FR\tbEaze.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DeskSpace"="c:\users\nidhal\AppData\Roaming\DeskSpace\deskspace.exe" [2007-09-18 1066496] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0A6E8D4F-73B1-422D-AB26-E07CF8B2A6C3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{52F96CAF-EA2B-4EB1-9FDF-0A44E6D32194}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{DAF3DB55-C606-437C-9829-4A5568ADCD5B}"= UDP:c:\program files\DNA\btdna.exe:DNA "{0C165A3D-52D3-4C96-916B-51B35ABD7015}"= TCP:c:\program files\DNA\btdna.exe:DNA "TCP Query User{D89D47D8-8600-479B-AD85-DAC9D0E4C79C}c:\\program files\\resolume 2.41\\resolume.exe"= UDP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41 "UDP Query User{2B2D4087-B106-4C6B-A9E6-FCF7168FA7D5}c:\\program files\\resolume 2.41\\resolume.exe"= TCP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41 "TCP Query User{46138ACC-D15A-416D-944D-B773653EB2E3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{D3822369-44F4-4598-9D26-CE123A9CE79A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{0675ADB0-0180-4628-8CD9-3C121B6796F0}"= UDP:5353:Adobe CSI CS4 "{26EF0A72-D7AF-4243-B4C3-574F507F9DC6}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{A0C92186-3229-4A41-8DA8-2B739DB8CB9C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "TCP Query User{CE9D5B12-3F98-4BEF-A250-D6E6D906B576}c:\\program files\\adobe\\photoshop cs\\photoshop.exe"= UDP:c:\program files\adobe\photoshop cs\photoshop.exe:Adobe Photoshop CS "UDP Query User{76EC50A9-0FEE-42CB-B30B-C9959B63FB1B}c:\\program files\\adobe\\photoshop cs\\photoshop.exe"= TCP:c:\program files\adobe\photoshop cs\photoshop.exe:Adobe Photoshop CS "TCP Query User{EE821677-1774-47F0-8839-54CEDD2E26C2}c:\\users\\nidhal\\downloads\\keygen.gmx.photopainter.1.0.exe"= UDP:c:\users\nidhal\downloads\keygen.gmx.photopainter.1.0.exe:keygen.gmx.photopainter.1.0.exe "UDP Query User{87F843F1-15CA-43EF-AEE5-2CC861A3B832}c:\\users\\nidhal\\downloads\\keygen.gmx.photopainter.1.0.exe"= TCP:c:\users\nidhal\downloads\keygen.gmx.photopainter.1.0.exe:keygen.gmx.photopainter.1.0.exe "TCP Query User{68A2C0EC-A4A3-44D2-9015-F767551532D2}c:\\users\\nidhal\\downloads\\keygen.deskspace.3d.virtual.desktop.1.5.1.exe"= UDP:c:\users\nidhal\downloads\keygen.deskspace.3d.virtual.desktop.1.5.1.exe:keygen.deskspace.3d.virtual.d esktop.1.5.1.exe "UDP Query User{3728B043-F681-42F1-B9FF-05C74F6847B4}c:\\users\\nidhal\\downloads\\keygen.deskspace.3d.virtual.desktop.1.5.1.exe"= TCP:c:\users\nidhal\downloads\keygen.deskspace.3d.virtual.desktop.1.5.1.exe:keygen.deskspace.3d.virtual.d esktop.1.5.1.exe "{74CFA214-21BB-4CF3-9F27-13D505745EDF}"= Disabled:UDP:c:\program files\nidhal\EdenFlirt.exe:Eden Flirt "{0817A5B6-DA77-452C-BB80-9B10EDB19839}"= Disabled:TCP:c:\program files\nidhal\EdenFlirt.exe:Eden Flirt "TCP Query User{2F7879F1-3983-48E1-80D4-66A89ADEA559}c:\\soldat\\soldat.exe"= Disabled:UDP:c:\soldat\soldat.exe:Soldat "UDP Query User{42A5A289-E8D7-493E-A9B2-5B34E861381D}c:\\soldat\\soldat.exe"= Disabled:TCP:c:\soldat\soldat.exe:Soldat "{D093A84E-6002-43D3-A508-D87926A8A288}"= Disabled:UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{9D8F6302-D5E4-4CC1-8E92-E5A174A58806}"= Disabled:TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{9DA847D7-95C6-4234-9BEC-00AC0967A2DC}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{589FF7B0-A4E7-4F46-9174-31B43D3C5A4D}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{D0CE7988-A9A6-4E04-934B-31B4A349198C}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [14/05/2008 02:36 51376] R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [14/05/2008 02:36 12928] R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [09/04/2009 15:18 107256] R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [14/05/2008 02:36 12496] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [16/05/2007 01:08 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 04:23 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 04:23 21504] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [09/04/2009 15:21 93312] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [14/05/2008 22:41 34184] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [14/05/2008 02:35 256512] R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [18/06/2008 18:18 77824] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 20:13 24880] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [18/06/2008 17:46 576024] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [18/06/2008 18:20 193840] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 16:40 3668480] S2 gupdate1c9a1cc53c109d0;Service Google Update (gupdate1c9a1cc53c109d0);c:\program files\Google\Update\GoogleUpdate.exe [11/03/2009 00:05 133104] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 04:23 179712] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 14:12 1112560] S4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09/04/2009 15:19 731840] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-06-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-02 21:48] 2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-10 22:05] 2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{882C3845-3DE0-43AD-B765-960D7354DC26}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102473 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb uInternet Settings,ProxyOverride = *.local IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\users\nidhal\AppData\Roaming\Mozilla\Firefox\Profiles\2f4v35gd.default\ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\users\nidhal\Program Files\DNA\plugins\npbtdna.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-01 22:04 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-189134021-1314559775-1526549425-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1A5AF066-9F09-0BA8-3DFC-D72F180CFBA2}*] "padifeidkdfiblbpmfchgcecapednpgf"=hex:69,61,6c,6b,63,66,6a,62,6b,6a,64,69,6d, 6a,6f,66,69,62,00,77 "abnjldoakdlakemgiadpfoenligjdeempe"=hex:69,61,6c,6b,63,66,6a,62,6b,6a,64,69, 6d,6a,6f,66,69,62,00,77 "panjldoakdlakemgiadpfoenligjheij"=hex:69,61,6b,6b,62,66,69,6d,6d,65,67,6f,63, 61,63,63,6a,70,00,77 "oadifeidkdfiblbpmfchgcecapadab"=hex:69,61,6b,6b,62,66,69,6d,6d,65,67,6f,63,61, 63,63,6a,70,00,77 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\System32\APSHook.dll - - - - - - - > 'lsass.exe'(768) c:\windows\System32\APSHook.dll c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . Heure de fin: 2009-06-01 22:05 ComboFix-quarantined-files.txt 2009-06-01 20:05 ComboFix2.txt 2009-05-31 17:29 Avant-CF: 35 387 535 360 octets libres Après-CF: 35 528 843 264 octets libres 310 --- E O F --- 2009-05-31 05:15
- le 2 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

ok Gof jvais lfaire et plus de crack sur mon ordi. promis !!!
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

comment je fais pour les antivirus que j'ai bloqué ??? je les désinstalle ???
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

Search Navipromo version 3.7.7 commencé le 01/06/2009 à 20:59:57,16 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T5670 @ 1.80GHz ) BIOS : Default System BIOS USER : nidhal ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:139 Go (Free:33 Go) D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go) E:\ (CD or DVD) F:\ (Local Disk) - FAT32 - Total:0 Go (Free:0 Go) G:\ (USB) - FAT32 - Total:3917 Mo (Free:2 Go) Recherche executé en mode normal *** Recherche dossiers dans "C:\windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\nidhal\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\nidhal\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\nidhal\AppData\Local" *** *** Recherche dossiers dans "C:\Users\nidhal\AppData\Roaming" *** *** Recherche dossiers dans "C:\Users\MCAFEE~1\appdata\roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\windows\system32" * * Recherche dans "C:\Users\nidhal\AppData\Local\Microsoft" * * Recherche dans "C:\Users\nidhal\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\nidhal\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\windows\system32" : * Dans "C:\Users\nidhal\AppData\Local\Microsoft" : * Dans "C:\Users\nidhal\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\nidhal\AppData\Local" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 01/06/2009 à 21:12:12,47 *** -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T5670 @ 1.80GHz ) BIOS : Default System BIOS USER : nidhal ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:139 Go (Free:33 Go) D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go) E:\ (CD or DVD) F:\ (Local Disk) - FAT32 - Total:0 Go (Free:0 Go) G:\ (USB) - FAT32 - Total:3917 Mo (Free:2 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 01/06/2009|21:18 ) [ UAC => 1 ] -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2102473" "Local Page"="C:\\windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\nidhal\AppData\Roaming\Microsoft\Windows\Recent\Adobe_Flash_CS4_Keygen____Serial_key.lnk C:\Users\nidhal\AppData\Roaming\Microsoft\Windows\Recent\Crack (2).lnk C:\Users\nidhal\AppData\Roaming\Microsoft\Windows\Recent\crack.lnk C:\Users\nidhal\AppData\Roaming\Microsoft\Windows\Recent\Installation Crack.lnk C:\Users\nidhal\Desktop\adobe flash\Adobe Flash CS4\crack.zip C:\Users\nidhal\Desktop\hiphop rapidshare\2\Crack C:\Users\nidhal\Desktop\hiphop rapidshare\2\Crack\crack.txt C:\Users\nidhal\Desktop\hiphop rapidshare\2\Crack\HipHop6.exe C:\Users\nidhal\Desktop\kwalks\brushes\texture\cracksandwalls.abr C:\Users\nidhal\Documents\bazar\[www.exanim.com]\Resolume.v2.41.incl.KeyGen-BEAT C:\Users\nidhal\Documents\bazar\[www.exanim.com]\Resolume.v2.41.incl.KeyGen-BEAT\Nouveau dossier C:\Users\nidhal\Documents\bazar\[www.exanim.com]\Resolume.v2.41.incl.KeyGen-BEAT\Nouveau dossier\B-Res241.part2.rar C:\Users\nidhal\Documents\bazar\[www.exanim.com]\Resolume.v2.41.incl.KeyGen-BEAT\Nouveau dossier\KeyGen.exe C:\Users\nidhal\Downloads\hiphop ejay\Hip Hop eJay 6\Crack C:\Users\nidhal\Downloads\hiphop ejay\Hip Hop eJay 6\Installation Crack.txt C:\Users\nidhal\Downloads\hiphop ejay\Hip Hop eJay 6\Crack\HipHop6.exe C:\Users\nidhal\hiphop4\ejay4\Crack C:\Users\nidhal\hiphop4\ejay4\Crack\hhejay_crk.exe [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 01/06/2009|21:18 - Option : [1] -----------\\ Fin du rapport a 21:18:30,93
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

salut, excusez moi pour mon retard. ça pris un temps fou ! sinon j'ai remarqué que Firefox bouffe bq de mémoire ??? ( 50 755 k ) Rapport de Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2206 Windows 6.0.6001 Service Pack 1 01/06/2009 19:09:44 mbam-log-2009-06-01 (19-09-43).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|) Eléments examinés: 292884 Temps écoulé: 3 hour(s), 22 minute(s), 22 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) rapports de RANDOM'S SYSTEM: Logfile of random's system information tool 1.06 (written by random/random) Run by nidhal at 2009-06-01 19:15:40 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 33 GB (24%) free of 142 GB Total RAM: 3000 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:51, on 01/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\system32\taskeng.exe C:\windows\Explorer.EXE c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\SiteAdvisor\6173\SiteAdv.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\System32\hkcmd.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Users\nidhal\AppData\Roaming\DeskSpace\deskspace.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\windows\System32\mobsync.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\PROGRA~1\McAfee\MANAGE~1\Agent\myAgtTry.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\windows\system32\Taskmgr.exe C:\windows\system32\SearchFilterHost.exe C:\Users\nidhal\Desktop\RSIT.exe C:\Program Files\trend micro\nidhal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR\tbEaze.dll O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DeskSpace] C:\Users\nidhal\AppData\Roaming\DeskSpace\deskspace.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll C:\Windows\System32\APSHook.dll APSHook.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1c9a1cc53c109d0) (gupdate1c9a1cc53c109d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\system32\PSIService.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Rslmgnwo - QLogic Corporation - C:\windows\system32\drivers\ql40xx.sys O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 11347 bytes ======Scheduled tasks folder====== C:\windows\tasks\Google Software Updater.job C:\windows\tasks\GoogleUpdateTaskMachine.job C:\windows\tasks\User_Feed_Synchronization-{882C3845-3DE0-43AD-B765-960D7354DC26}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}] C:\Program Files\SiteAdvisor\6173\SiteAdv.dll [2007-08-28 910624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}] PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-02-16 1882136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-06 1372160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-14 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}] BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-05-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}] Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaze.dll [2008-11-24 1784856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2005-04-16 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll [2007-08-28 910624] {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - Eazel-FR Toolbar - C:\Program Files\Eazel-FR\tbEaze.dll [2008-11-24 1784856] {1c491116-c175-45e1-a570-6fb14fea8b7b} - PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-02-16 1882136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048] "SiteAdvisor"=C:\Program Files\SiteAdvisor\6173\SiteAdv.exe [2007-08-28 36640] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456] "PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-05-08 238984] "Persistence"=C:\windows\system32\igfxpers.exe [2008-06-10 145944] "IgfxTray"=C:\windows\system32\igfxtray.exe [2008-06-10 150040] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [2008-06-10 170520] "accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-16 293168] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-05-26 414480] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664] "ehTray.exe"=C:\windows\ehome\ehTray.exe [2008-01-21 125952] "DeskSpace"=C:\Users\nidhal\AppData\Roaming\DeskSpace\deskspace.exe [2007-09-18 1066496] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-31 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\359F5809-00B8-4455-A73A-9EA62A51101B] C:\ProgramData\4780A12C.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS] c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-04-09 2029640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ewaqmqy] c:\users\nidhal\appdata\local\ewaqmqy.exe ewaqmqy [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [2008-12-09 95552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [2008-12-09 558400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [2008-05-12 318488] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe [2009-01-05 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\60beca34-538f-4d41-892d-ec7234e7f0f8.exe [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-31 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-14 198160] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\Windows\System32\APSHook.dll C:\Windows\System32\APSHook.dll APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\windows\system32\igfxdev.dll [2008-05-21 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-06-01 19:15:40 ----D---- C:\rsit 2009-06-01 19:15:40 ----D---- C:\Program Files\trend micro 2009-06-01 12:03:14 ----D---- C:\ProgramData\LightScribe 2009-05-31 22:11:20 ----SHD---- C:\found.000 2009-05-31 19:29:15 ----SHD---- C:\$RECYCLE.BIN 2009-05-31 19:29:12 ----D---- C:\windows\temp 2009-05-31 19:29:11 ----A---- C:\ComboFix.txt 2009-05-31 19:15:14 ----SD---- C:\ComboFi 2009-05-31 18:57:27 ----A---- C:\windows\zip.exe 2009-05-31 18:57:27 ----A---- C:\windows\SWXCACLS.exe 2009-05-31 18:57:27 ----A---- C:\windows\SWSC.exe 2009-05-31 18:57:27 ----A---- C:\windows\SWREG.exe 2009-05-31 18:57:27 ----A---- C:\windows\sed.exe 2009-05-31 18:57:27 ----A---- C:\windows\PEV.exe 2009-05-31 18:57:27 ----A---- C:\windows\NIRCMD.exe 2009-05-31 18:57:27 ----A---- C:\windows\grep.exe 2009-05-31 15:52:49 ----SD---- C:\ldl 2009-05-31 15:40:56 ----D---- C:\windows\ERDNT 2009-05-31 15:38:27 ----AD---- C:\Qoobox 2009-05-31 15:08:45 ----D---- C:\Users\nidhal\AppData\Roaming\Malwarebytes 2009-05-31 15:07:12 ----D---- C:\ProgramData\Malwarebytes 2009-05-31 03:23:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-31 01:57:52 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2009-05-31 01:53:41 ----SHD---- C:\Config.Msi 2009-05-31 01:53:41 ----D---- C:\Users\nidhal\AppData\Roaming\SUPERAntiSpyware.com 2009-05-31 01:53:41 ----D---- C:\Program Files\SUPERAntiSpyware 2009-05-30 15:01:26 ----A---- C:\windows\system32\HSEngine.dll 2009-05-30 15:01:25 ----A---- C:\windows\system32\FXStudioDLL.dll 2009-05-30 15:01:25 ----A---- C:\windows\system32\eJ_Autor.dll 2009-05-30 15:01:24 ----A---- C:\windows\system32\RapBoxDSP.dll 2009-05-30 15:01:24 ----A---- C:\windows\system32\NewWaveAnzeige.dll 2009-05-30 15:01:24 ----A---- C:\windows\system32\fader.dll 2009-05-30 15:01:24 ----A---- C:\windows\system32\DartWeb.dll 2009-05-30 15:01:24 ----A---- C:\windows\system32\DartSock.dll 2009-05-30 15:01:23 ----A---- C:\windows\system32\WndRgn.dll 2009-05-30 15:01:23 ----A---- C:\windows\system32\loadimage.dll 2009-05-30 15:01:23 ----A---- C:\windows\system32\eJ_Tool.dll 2009-05-30 15:01:23 ----A---- C:\windows\system32\devil.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\pxd32d5.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\pthread.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\Msvbvm50.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\Lvgl13n.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\Lvdx13n.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\lvdlg13n.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\LTWND13n.DLL 2009-05-30 15:01:22 ----A---- C:\windows\system32\LTWEB13n.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\fxstudio.dll 2009-05-30 15:01:22 ----A---- C:\windows\system32\Bassdec.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\lttwn13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\lttw213n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\lttls13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\LTTLB13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\Ltsgm13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\LTRTN13n.DLL 2009-05-30 15:01:21 ----A---- C:\windows\system32\Ltpnt13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltpdg13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltkrn13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltisi13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltimg13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltfil13n.DLL 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltefx13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\LtDlgRes13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltdlg13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\LTDIS13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltdic13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\ltcry13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\LTCON13n.dll 2009-05-30 15:01:21 ----A---- C:\windows\system32\LTCLR13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\LTAUT13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\ltann13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfwmp13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\Lfwmf13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfvpg13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfvec13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lftif13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lftga13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\LFSMP13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfshp13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfsgi13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfsct13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfRaw13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\LFPTK13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfpsd13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfpdf13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfPCL13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfpcd13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfmsp13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lflmb13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lflma13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfkodak.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfjbg13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\LFJ2K13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfiff13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfgif13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lfgbr13n.dll 2009-05-30 15:01:20 ----A---- C:\windows\system32\lffpx7.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lffpx13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfflc13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfeps13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfdxf13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfdrw13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfCUT13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\Lfcmx13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\LFCMP13n.DLL 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfclp13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfcal13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfbmp13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfawd13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfavi13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfAFP13n.dll 2009-05-30 15:01:19 ----A---- C:\windows\system32\lfacs13n.dll 2009-05-30 15:01:03 ----A---- C:\windows\system32\ccrpbds5.dll 2009-05-30 02:56:09 ----A---- C:\windows\system32\WNASPINT.DLL 2009-05-29 23:55:53 ----D---- C:\windows\pss 2009-05-29 22:05:50 ----D---- C:\ProgramData\DAEMON Tools Lite 2009-05-29 22:05:31 ----D---- C:\Users\nidhal\AppData\Roaming\DAEMON Tools Lite 2009-05-29 21:22:05 ----D---- C:\ProgramData\DAEMON Tools Pro 2009-05-29 21:18:37 ----D---- C:\Users\nidhal\AppData\Roaming\DAEMON Tools Pro 2009-05-29 20:57:17 ----A---- C:\windows\system32\VB6STKIT.DLL 2009-05-29 20:57:17 ----A---- C:\windows\system32\VB6FR.DLL 2009-05-29 20:57:17 ----A---- C:\windows\system32\TABCTFR.DLL 2009-05-29 20:57:17 ----A---- C:\windows\system32\SSubTmr6.dll 2009-05-29 20:57:17 ----A---- C:\windows\system32\scrrnfr.dll 2009-05-29 20:57:17 ----A---- C:\windows\system32\inetfr.DLL 2009-05-29 20:57:16 ----A---- C:\windows\system32\MSCMCFR.DLL 2009-05-29 20:57:16 ----A---- C:\windows\system32\Mscc2fr.dll 2009-05-29 20:57:16 ----A---- C:\windows\system32\GIF89.DLL 2009-05-29 20:57:16 ----A---- C:\windows\system32\CMDLGFR.DLL 2009-05-29 16:57:39 ----D---- C:\windows\Sun 2009-05-29 14:07:16 ----D---- C:\Users\nidhal\AppData\Roaming\Mozilla 2009-05-28 10:16:28 ----D---- C:\ProgramData\ESET 2009-05-27 22:05:38 ----D---- C:\Users\nidhal\AppData\Roaming\Cycling '74 2009-05-27 21:46:34 ----A---- C:\windows\system32\javaws.exe 2009-05-27 21:46:34 ----A---- C:\windows\system32\javaw.exe 2009-05-27 21:46:34 ----A---- C:\windows\system32\java.exe 2009-05-10 19:09:28 ----D---- C:\Users\nidhal\AppData\Roaming\com.adobe.ExMan 2009-05-05 00:40:57 ----D---- C:\Program Files\Adobe Media Player 2009-05-03 17:29:29 ----D---- C:\Users\nidhal\AppData\Roaming\OtakuSoftware 2009-05-03 13:44:00 ----D---- C:\Program Files\CodeGazer ======List of files/folders modified in the last 1 months====== 2009-06-01 19:15:51 ----D---- C:\windows\Prefetch 2009-06-01 19:15:40 ----D---- C:\Program Files 2009-06-01 17:34:14 ----D---- C:\windows\Tasks 2009-06-01 16:51:26 ----SHD---- C:\System Volume Information 2009-06-01 16:20:15 ----D---- C:\ProgramData\Google Updater 2009-06-01 13:01:27 ----SHD---- C:\windows\Installer 2009-06-01 12:57:22 ----D---- C:\windows\System32 2009-06-01 12:57:22 ----D---- C:\windows\inf 2009-06-01 12:57:22 ----A---- C:\windows\system32\PerfStringBackup.INI 2009-06-01 12:53:31 ----D---- C:\windows\system32\drivers 2009-06-01 12:03:14 ----HD---- C:\ProgramData 2009-06-01 11:54:01 ----D---- C:\ProgramData\hpqLog 2009-06-01 11:40:32 ----A---- C:\windows\ntbtlog.txt 2009-06-01 11:24:14 ----D---- C:\Program Files\Mozilla Firefox 2009-05-31 19:29:14 ----AD---- C:\windows\system32\fr-FR 2009-05-31 19:29:12 ----D---- C:\Windows 2009-05-31 19:27:28 ----A---- C:\windows\system.ini 2009-05-31 19:24:53 ----D---- C:\windows\AppPatch 2009-05-31 19:24:51 ----D---- C:\Program Files\Common Files 2009-05-31 18:36:29 ----D---- C:\Program Files\ESET 2009-05-31 18:31:47 ----D---- C:\windows\system32\catroot2 2009-05-31 15:49:12 ----D---- C:\windows\Minidump 2009-05-31 03:30:28 ----D---- C:\windows\system32\Tasks 2009-05-31 01:52:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-05-30 20:51:20 ----D---- C:\windows\system32\wfp 2009-05-30 20:50:46 ----D---- C:\windows\system32\spool 2009-05-30 20:50:39 ----D---- C:\windows\system32\Msdtc 2009-05-30 20:46:42 ----D---- C:\windows\system32\config 2009-05-30 20:44:37 ----D---- C:\windows\SoftwareDistribution 2009-05-30 14:58:11 ----HD---- C:\Program Files\InstallShield Installation Information 2009-05-30 00:16:17 ----D---- C:\Users\nidhal\AppData\Roaming\Adobe 2009-05-29 17:07:51 ----D---- C:\Program Files\Ontrack 2009-05-29 15:00:24 ----D---- C:\Program Files\SiteAdvisor 2009-05-28 13:44:29 ----D---- C:\ProgramData\Adobe 2009-05-28 09:48:42 ----D---- C:\Program Files\RegCure 2009-05-27 21:46:32 ----D---- C:\Program Files\Java 2009-05-14 12:12:41 ----D---- C:\windows\winsxs 2009-05-14 12:05:54 ----D---- C:\windows\system32\catroot 2009-05-14 12:05:44 ----D---- C:\Program Files\Windows Mail 2009-05-10 19:18:59 ----D---- C:\Program Files\Adobe 2009-05-07 00:16:30 ----A---- C:\windows\system32\mrt.exe 2009-05-05 00:50:58 ----D---- C:\ProgramData\FLEXnet 2009-05-05 00:37:27 ----D---- C:\Program Files\Common Files\Adobe 2009-05-04 01:03:30 ----D---- C:\windows\system32\wbem 2009-05-04 01:03:30 ----D---- C:\windows\registration 2009-05-04 00:27:22 ----A---- C:\windows\system32\uxtheme.dll 2009-05-04 00:27:21 ----A---- C:\windows\system32\themeui.dll 2009-05-04 00:27:21 ----A---- C:\windows\system32\shsvcs.dll 2009-05-03 23:30:59 ----D---- C:\Program Files\YesMessenger 2009-05-03 23:30:59 ----D---- C:\Program Files\nidhal 2009-05-03 23:30:56 ----D---- C:\Program Files\Aglare FLV to AVI Converter 2009-05-03 22:50:41 ----D---- C:\windows\system32\LogFiles 2009-05-03 18:20:31 ----RSD---- C:\windows\Fonts ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256] R1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2008-07-14 207688] R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2008-07-14 55176] R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-14 12496] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944] R2 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2009-04-09 113960] R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2009-04-09 93312] R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-08-07 34608] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464] R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 BthEnum;Service d'énumérateur Bluetooth; C:\windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 btwaudio;Périphérique audio Bluetooth; C:\windows\system32\drivers\btwaudio.sys [2008-02-01 80424] R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-02-01 80936] R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344] R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768] R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-05-21 2369536] R3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2008-07-14 79240] R3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2008-07-14 35240] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2008-10-09 1810856] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-01-17 298496] S2 adfs;adfs; C:\windows\system32\drivers\adfs.sys [] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288] S3 BTHPORT;Pilote de port Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 Dot4;Pilote MS IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2008-07-14 34152] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408] S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624] S3 usbaudio;Pilote USB audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 usbvideo;Périphérique vidéo USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576] R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504] R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504] R2 EngineServer;EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [2008-07-14 13632] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208] R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184] R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512] R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824] R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-08-07 24880] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728] R2 myAgtSvc;Service de protection contre les virus et les logiciels espions McAfee; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2008-12-09 218432] R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504] R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-05-12 576024] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504] R2 ProtexisLicensing;ProtexisLicensing; C:\windows\system32\PSIService.exe [2006-11-02 174656] R2 SiteAdvisor Service;Service SiteAdvisor; C:\Program Files\SiteAdvisor\6173\SAService.exe [2008-06-18 341280] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192] R3 McShield;McShield; C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe [2008-07-14 144704] R3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] S2 gupdate1c9a1cc53c109d0;Service Google Update (gupdate1c9a1cc53c109d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-11 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-20 183280] S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-21 33800] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-21 655624] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560] S3 Rslmgnwo;Rslmgnwo; C:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384] S4 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 20680] S4 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-04-09 731840] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-06-01 19:15:55 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly -->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe 2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB} 3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79} ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9} Adobe After Effects CS3-->C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A} Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C} Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972} Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88} Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1 Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE} Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356} Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9} Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E} Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019} Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708} Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Agere Systems HDA Modem-->agrsmdel ALLCapture 2.0-->"C:\Program Files\ALLCapture 2.0\unins000.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{A1410161-F615-4B91-A019-FA33833EF00D} CineForm NEO Player 3.3-->C:\Program Files\CineForm\NEO-Player\uninst.exe Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} Credential Manager for HP ProtectTools-->rundll32.exe "c:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {0F98662A-EA83-414F-8766-3FCE46A32641} DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Drive Encryption for HP ProtectTools-->MsiExec.exe /I{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC} Eazel-FR Toolbar-->C:\PROGRA~1\Eazel-FR\UNWISE.EXE /U C:\PROGRA~1\Eazel-FR\INSTALL.LOG ESU for Microsoft Vista SP1-->MsiExec.exe /I{01F81577-D786-49D7-BAAF-B8A8B44CE251} Favorit-->c:\users\nidhal\appdata\local\smgma.bat File Sanitizer For HP ProtectTools-->C:\Program Files\InstallShield Installation Information\{789C97CE-9E17-4126-BDF4-11FF458BF705}\setup.exe -runfromtemp -l0x0009 -removeonly Flash Movie Player 1.5-->C:\Program Files\Flash Movie Player\uninst.exe Freez FLV to AVI/MPEG/WMV Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe" GMX-PhotoPainter 1.0.0.0636-->"C:\Program Files\GMX-PhotoPainter\unins000.exe" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2-->"C:\Users\nidhal\Downloads\HijackThis.exe" /uninstall HP 3D DriveGuard-->MsiExec.exe /X{4C203E35-B5C7-4E35-9834-619668C0FFEE} HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{420BBA1D-B275-4891-838C-EA88FE87A632}\setup.exe" -l0x9 -removeonly HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BB128BE-2670-485D-A221-B00715BCEBCF}\setup.exe" -l0x9 -removeonly HP Help and Support-->MsiExec.exe /X{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F} HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} HP JavaCard for HP ProtectTools-->MsiExec.exe /I{2086797F-A4BA-4CD3-8104-09B8D39DA5D8} HP ProtectTools Security Manager Suite-->C:\Windows\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\Windows\Installer\21363080.msi HP ProtectTools Security Manager-->MsiExec.exe /I{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7} HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst HP Software Setup 5.00.A.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9 HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} HP User Guides 0108-->MsiExec.exe /I{B79DB290-9F72-4B20-9776-848D7832705B} HP Wallpaper-->MsiExec.exe /I{F173C2B3-296F-458C-98FF-1676A42EBA02} HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x040c -removeonly HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} Intel® Graphics Media Accelerator Driver-->C:\windows\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} K-Lite Codec Pack 4.4.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Knoll Light Factory 2.5-->C:\windows\unvise32.exe C:\Program Files\KLF2.5GPU.log kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe" Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE} Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE} Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Neon v2 Beta-->"C:\Neon v2\unins000.exe" NewBlue Art Effects-->C:\Program Files\Sony\Vegas 7.0\Video Plug-Ins\Uninstal.exe NewBlue Motion Effects-->C:\Program Files\Sony\Vegas 7.0\Video Plug-Ins\Uninstal.exe OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe" Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall PDF Complete-->C:\Program Files\PDF Complete\uninstall.exe PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} PHPNukeFR Toolbar-->C:\PROGRA~1\PHPNUK~1\UNWISE.EXE /U C:\PROGRA~1\PHPNUK~1\INSTALL.LOG Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9} Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe" RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Reason 4.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe" Resolume 2.41-->"C:\Program Files\Resolume 2.41\unins000.exe" Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810} Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817} Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D} Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb Service de protection contre les virus et les logiciels espions McAfee-->C:\PROGRA~1\McAfee\MANAGE~1\Agent\myinx /Script=C:\PROGRA~1\McAfee\MANAGE~1\VScan\vsasap.inx /Section=DefaultUninstall Service de protection du navigateur McAfee-->C:\Program Files\McAfee\Managed VirusScan\Agent\myINX.exe /Script=C:\Program Files\McAfee\Managed VirusScan\BrowseProtection\BrowseProtection.inx /Section=DefaultUninstall Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B} Sony Media Manager 2.2-->MsiExec.exe /X{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF} Sony Vegas 7.0-->MsiExec.exe /X{8411FA28-D32D-4518-92F0-3FBD80A702BC} SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly SpiceFilters Plugins for Vegas Video-->C:\windows\IsUninst.exe -f"C:\Program Files\Pixelan\UninstPSMX.isu" SpiceMaster Plugin for Vegas Video-->C:\windows\IsUninst.exe -f"C:\Program Files\Pixelan\UninstPSMV.isu" Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Trapcode Starglow-->C:\windows\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeStarglow.log Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80} VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Painter 5 trial (Standalone)-->C:\PROGRA~1\VP5ETR~1\UNWISE.EXE C:\PROGRA~1\VP5ETR~1\INSTALL.LOG Vista Default Settings-->MsiExec.exe /I{207A8D54-51C9-48B6-80E6-CBA5403B3ED4} VistaGlazz 1.1-->"C:\Program Files\CodeGazer\VistaGlazz\unins000.exe" WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: Total Protection Service (outdated) AS: Total Protection Service (outdated) AS: Windows Defender AS: SUPERAntiSpyware ======System event log====== Computer Name: PC-de-nidhal Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 307868 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20090601095209.981786-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-nidhal Event Code: 15016 Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur. Record Number: 307883 Source Name: Microsoft-Windows-HttpEvent Time Written: 20090601095341.832021-000 Event Type: Erreur User: Computer Name: PC-de-nidhal Event Code: 7000 Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 307931 Source Name: Service Control Manager Time Written: 20090601095430.000000-000 Event Type: Erreur User: Computer Name: PC-de-nidhal Event Code: 7000 Message: Le service adfs n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 307932 Source Name: Service Control Manager Time Written: 20090601095430.000000-000 Event Type: Erreur User: Computer Name: PC-de-nidhal Event Code: 1001 Message: L’initialisation de l’application a échoué. Dernière erreur : 0x80070032 Record Number: 308007 Source Name: Microsoft-Windows-LanguagePackSetup Time Written: 20090601095619.959021-000 Event Type: Erreur User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: PC-de-nidhal Event Code: 1001 Message: Échec de détection du produit ‘{E09B48B5-E141-427A-AB0C-D3605127224A}’, fonctionnalité ‘SqlRun’ lors de la demande du composant ‘{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}’ Record Number: 31916 Source Name: MsiInstaller Time Written: 20090601105334.000000-000 Event Type: Avertissement User: PC-de-nidhal\nidhal Computer Name: PC-de-nidhal Event Code: 1004 Message: Échec de détection du produit ‘{E09B48B5-E141-427A-AB0C-D3605127224A}’, fonctionnalité ‘SqlRun’, composant ‘{0E98126E-4AA3-4B2B-89DC-9AE4E5595C1E}. La ressource ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\SuperSocketNetLib\ProtocolOrder’ n’existe pas. Record Number: 31917 Source Name: MsiInstaller Time Written: 20090601105340.000000-000 Event Type: Avertissement User: PC-de-nidhal\nidhal Computer Name: PC-de-nidhal Event Code: 1001 Message: Échec de détection du produit ‘{E09B48B5-E141-427A-AB0C-D3605127224A}’, fonctionnalité ‘SqlRun’ lors de la demande du composant ‘{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}’ Record Number: 31918 Source Name: MsiInstaller Time Written: 20090601105340.000000-000 Event Type: Avertissement User: PC-de-nidhal\nidhal Computer Name: PC-de-nidhal Event Code: 1004 Message: Échec de détection du produit ‘{E09B48B5-E141-427A-AB0C-D3605127224A}’, fonctionnalité ‘SqlRun’, composant ‘{0E98126E-4AA3-4B2B-89DC-9AE4E5595C1E}. La ressource ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\SuperSocketNetLib\ProtocolOrder’ n’existe pas. Record Number: 31919 Source Name: MsiInstaller Time Written: 20090601105447.000000-000 Event Type: Avertissement User: PC-de-nidhal\nidhal Computer Name: PC-de-nidhal Event Code: 1001 Message: Échec de détection du produit ‘{E09B48B5-E141-427A-AB0C-D3605127224A}’, fonctionnalité ‘SqlRun’ lors de la demande du composant ‘{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}’ Record Number: 31920 Source Name: MsiInstaller Time Written: 20090601105447.000000-000 Event Type: Avertissement User: PC-de-nidhal\nidhal =====Security event log===== Computer Name: PC-de-nidhal Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-21-189134021-1314559775-1526549425-1004 Nom du compte : nidhal Domaine du compte : PC-de-nidhal ID d’ouverture de session : 0x7baf1 Privilèges : SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 35923 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090318141045.515992-000 Event Type: Succès de l'audit User: Computer Name: PC-de-nidhal Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-NIDHAL$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : nidhal Domaine du compte : PC-de-nidhal GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x3b0 Nom du processus : C:\Windows\System32\svchost.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 35924 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090318141050.804392-000 Event Type: Succès de l'audit User: Computer Name: PC-de-nidhal Event Code: 4634 Message: Fermeture de session d’un compte. Sujet : ID de sécurité : S-1-5-21-189134021-1314559775-1526549425-1004 Nom du compte : nidhal Domaine du compte : PC-de-nidhal ID du compte : 0x7cbfd Type d’ouverture de session : 2 Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur. Record Number: 35925 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090318141050.804392-000 Event Type: Succès de l'audit User: Computer Name: PC-de-nidhal Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-NIDHAL$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 2 Nouvelle ouverture de session : ID de sécurité : S-1-5-21-189134021-1314559775-1526549425-1004 Nom du compte : nidhal Domaine du compte : PC-de-nidhal ID d’ouverture de session : 0x7cbf2 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x3b0 Nom du processus : C:\Windows\System32\svchost.exe Informations sur le réseau : Nom de la station de travail : PC-DE-NIDHAL Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 35926 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090318141050.804392-000 Event Type: Succès de l'audit User: Computer Name: PC-de-nidhal Event Code: 4634 Message: Fermeture de session d’un compte. Sujet : ID de sécurité : S-1-5-21-189134021-1314559775-1526549425-1004 Nom du compte : nidhal Domaine du compte : PC-de-nidhal ID du compte : 0x7cbf2 Type d’ouverture de session : 2 Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur. Record Number: 35927 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090318141050.804392-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\ActivIdentity\ActivClient;c:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime Alternative\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=BNB "RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ "EMC_AUTOPLAY"=c:\Program Files\Common Files\Roxio Shared\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

les instructions que j'ai suivi étaient sur ce forum et sur http://www.bleepingcomputer.com/combofix/f...manual_recovery
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

il arrive à démarrer maintenant mais il est trop lourd. voilà ce que j'ai décoché : demarrage: eset smart security mcafee total protection superantispyware services: eset http server eset service
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a répondu à un(e) sujet de splitter dans Analyses et éradication malwares

bonjour Gof et merci de me répondre, j'ai utilisé combofix accompagné par un forum ... j'ai fermé tout les logiciels de sécurité, j'ai même désinstallé quelques uns mais je ne sais pas pourquoi il m'a fait sortir au début une fenêtre me disant que 2 logiciels de securité sont ouverts. En tout cas la procédure s'est normalement passé aprés. il n'y a aucun message d'erreur quand il bloque, il reste à charger et il ne s'arrête pas même quant la petite lumière du chargement s'arrête .??? je vais essayer mnt de faire ce que tu m'as dis
- le 1 juin 2009
- 19 réponses
Mon PC bloque aprés utilisation de Combofix !!!

splitter a posté un sujet dans Analyses et éradication malwares

bonjour, je suis nouveau sur ce forum. j'ai utilisé combofix pour enlever un win32/Agent.ODG virus dans la memoire de mon pc. tout est bien passé, j'ai suivi les instructions mais après le premier redémarrage l'ordinateur bloque sur la page d'accueil. j'ai redemarré plusieurs fois mais sans resultat, il reste bloqué des heures et des heures mais il fonctionne normalement en mode sans échec. aidez moi svp !!!! voici le rapport de combofix, merci d'avance : ComboFix 09-05-30.06 - nidhal 31/05/2009 19:20.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3000.2121 [GMT 2:00] Lancé depuis: c:\users\nidhal\Desktop\ComboFi.exe AV: Total Protection Service *On-access scanning enabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C} SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Total Protection Service *enabled* (Outdated) {DEBE977C-6A5A-49CC-937A-9E8BB3202260} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll c:\windows\system32\CMCT3FR.DLL c:\windows\system32\drivers\gxvxctsomeqdfdqyxxyvsxmjxnpuqgereinbf.sys c:\windows\system32\gxvxcmlqxwqtertcxexojiyuctgravictcwvb.dll c:\windows\system32\gxvxcugyvtuwfrtqqbnnjtfjgrrccbccbjibq.dll c:\windows\system32\x64 D:\resycled F:\Autorun.inf F:\resycled . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-31 )))))))))))))))))))))))))))))))))))) . 2009-05-31 17:27 . 2009-05-31 17:27 -------- d-----w- c:\users\nidhal\AppData\Local\temp 2009-05-31 13:52 . 2009-05-31 13:54 -------- d-s---w- C:\ldl 2009-05-31 13:08 . 2009-05-31 13:08 -------- d-----w- c:\users\nidhal\AppData\Roaming\Malwarebytes 2009-05-31 13:07 . 2009-05-31 13:07 -------- d-----w- c:\progra~2\Malwarebytes 2009-05-31 01:23 . 2009-05-31 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 23:58 . 2009-05-31 13:57 117760 ----a-w- c:\users\nidhal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-30 23:57 . 2009-05-30 23:57 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com 2009-05-30 23:53 . 2009-05-30 23:57 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-05-30 23:53 . 2009-05-30 23:53 -------- d-----w- c:\users\nidhal\AppData\Roaming\SUPERAntiSpyware.com 2009-05-30 09:18 . 2009-05-30 12:48 -------- d-----w- c:\users\nidhal\hiphop4 2009-05-30 00:56 . 2002-11-02 07:53 57344 ----a-w- c:\windows\system32\WNASPINT.DLL 2009-05-29 20:05 . 2009-05-29 20:05 -------- d-----w- c:\progra~2\DAEMON Tools Lite 2009-05-29 20:05 . 2009-05-29 20:17 -------- d-----w- c:\users\nidhal\AppData\Roaming\DAEMON Tools Lite 2009-05-29 19:22 . 2009-05-29 19:22 -------- d-----w- c:\progra~2\DAEMON Tools Pro 2009-05-29 19:18 . 2009-05-29 19:18 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-29 19:18 . 2009-05-29 19:18 -------- d-----w- c:\users\nidhal\AppData\Roaming\DAEMON Tools Pro 2009-05-29 18:57 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll 2009-05-29 18:57 . 2001-08-28 11:00 24626 ----a-w- c:\windows\system32\scrrnfr.dll 2009-05-29 18:57 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2009-05-29 18:57 . 1999-03-25 18:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-05-29 18:57 . 1998-07-12 22:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL 2009-05-29 18:57 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL 2009-05-29 18:57 . 1998-07-13 15:53 44544 ----a-w- c:\windows\system32\GIF89.DLL 2009-05-29 18:57 . 1998-07-12 22:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll 2009-05-29 18:57 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2009-05-29 18:57 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2009-05-29 14:57 . 2009-05-29 14:57 -------- d-----w- c:\windows\Sun 2009-05-28 09:47 . 2009-05-28 09:47 -------- d-----w- c:\users\nidhal\AppData\Local\ESET 2009-05-27 21:48 . 2009-05-27 21:48 -------- d-----w- c:\users\nidhal\AppData\Local\Cycling '74 2009-05-27 20:05 . 2009-05-28 15:15 -------- d-----w- c:\users\nidhal\AppData\Roaming\Cycling '74 2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w- c:\users\Public\Roaming 2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w- c:\users\nidhal\Library 2009-05-10 17:09 . 2009-05-10 17:09 -------- d-----w- c:\users\nidhal\AppData\Roaming\com.adobe.ExMan 2009-05-04 22:40 . 2009-05-04 22:40 -------- d-----w- c:\program files\Adobe Media Player 2009-05-03 15:29 . 2009-05-03 15:33 -------- d-----w- c:\users\nidhal\AppData\Roaming\OtakuSoftware 2009-05-03 11:44 . 2009-05-03 11:44 -------- d-----w- c:\program files\CodeGazer 2009-05-03 11:24 . 2009-05-03 11:24 -------- d-----w- c:\users\nidhal\AppData\Local\Stardock . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-31 17:17 . 2008-11-02 12:19 12 ----a-w- c:\windows\bthservsdp.dat 2009-05-31 16:36 . 2008-11-02 18:29 -------- d-----w- c:\program files\ESET 2009-05-31 13:55 . 2008-06-18 15:33 -------- d-----w- c:\progra~2\hpqLog 2009-05-31 13:19 . 2009-04-20 21:48 -------- d-----w- c:\progra~2\Google Updater 2009-05-30 23:52 . 2008-11-02 18:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-30 14:38 . 2008-04-15 21:57 703476 ----a-w- c:\windows\system32\perfh00C.dat 2009-05-30 14:38 . 2008-04-15 21:57 140010 ----a-w- c:\windows\system32\perfc00C.dat 2009-05-30 12:58 . 2008-06-18 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-29 21:49 . 2008-05-05 12:28 91 ----a-w- c:\users\nidhal\AppData\Local\smgma.bat 2009-05-29 15:07 . 2008-12-23 15:46 -------- d-----w- c:\program files\Ontrack 2009-05-29 13:00 . 2008-06-18 16:18 -------- d-----w- c:\program files\SiteAdvisor 2009-05-28 07:48 . 2008-11-11 11:44 -------- d-----w- c:\program files\RegCure 2009-05-27 19:46 . 2008-06-18 16:19 -------- d-----w- c:\program files\Java 2009-05-26 14:53 . 2008-11-02 12:47 207472 ----a-w- c:\users\nidhal\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-14 10:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-04 22:50 . 2009-02-21 21:09 -------- d-----w- c:\progra~2\FLEXnet 2009-05-04 22:37 . 2008-11-02 19:58 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-03 22:27 . 2008-01-21 02:23 240128 ----a-w- c:\windows\system32\uxtheme.dll 2009-05-03 22:27 . 2008-01-21 02:23 615424 ----a-w- c:\windows\system32\themeui.dll 2009-05-03 21:30 . 2009-01-11 02:37 -------- d-----w- c:\program files\nidhal 2009-05-03 21:30 . 2008-11-14 14:39 -------- d-----w- c:\program files\YesMessenger 2009-05-03 21:30 . 2008-11-28 16:16 -------- d-----w- c:\program files\Aglare FLV to AVI Converter 2009-04-27 16:42 . 2009-01-24 00:25 -------- d-----w- c:\users\nidhal\AppData\Roaming\dvdcss 2009-04-27 11:13 . 2008-11-02 22:37 -------- d-----w- c:\users\nidhal\AppData\Roaming\Sony 2009-04-20 10:13 . 2008-11-02 12:47 -------- d-----w- c:\users\nidhal\AppData\Roaming\SiteAdvisor 2009-04-20 02:02 . 2008-11-02 20:14 -------- d-----w- c:\program files\Google 2009-04-14 17:56 . 2009-04-14 17:56 -------- d-----w- c:\progra~2\Apowersoft 2009-04-14 17:16 . 2009-04-14 17:16 -------- d-----w- c:\program files\Common Files\xing shared 2009-04-14 17:16 . 2008-11-02 16:53 -------- d-----w- c:\program files\Common Files\Real 2009-04-14 17:15 . 2009-04-14 17:15 -------- d-----w- c:\program files\Real 2009-04-09 20:05 . 2009-03-22 13:26 -------- d-----w- c:\program files\GMX-PhotoPainter 2009-04-09 13:21 . 2009-04-09 13:21 93312 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys 2009-04-09 13:18 . 2009-04-09 13:18 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-04-09 13:10 . 2009-04-09 13:10 113960 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-04-07 17:27 . 2009-04-07 17:27 -------- d-----w- c:\program files\Virtools 2009-03-22 12:08 . 2009-03-22 11:58 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-03-22 12:08 . 2009-03-22 11:58 88 --sha-r- c:\windows\system32\2F964512F1.sys 2009-03-17 03:38 . 2009-04-16 10:48 13824 ----a-w- c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 10:48 24064 ----a-w- c:\windows\system32\amxread.dll 2009-03-09 03:19 . 2008-12-10 16:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-03-03 04:46 . 2009-04-16 10:49 3599328 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 10:49 3547632 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 10:49 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2009-03-03 04:40 . 2009-04-16 10:49 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2009-03-03 04:40 . 2009-04-16 10:48 827392 ----a-w- c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-16 10:49 183296 ----a-w- c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 10:49 551424 ----a-w- c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 10:49 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 10:48 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 10:49 98304 ----a-w- c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 10:48 54784 ----a-w- c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-16 10:48 44032 ----a-w- c:\windows\system32\iasdatastore.dll 2009-03-03 04:36 . 2009-04-16 10:49 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-03-03 03:04 . 2009-04-16 10:49 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 10:48 17408 ----a-w- c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-16 10:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-03-03 02:16 . 2009-04-16 10:49 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2008-12-01 09:23 . 2009-01-10 10:51 557056 ----a-w- c:\program files\EdenFlirt.exe 2008-11-06 17:34 . 2008-11-06 17:34 6834 ----a-w- c:\program files\KLF2.5GPU.log 2008-06-18 15:47 . 2008-06-18 15:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}] 2009-02-16 14:44 1882136 ----a-w- c:\program files\PHPNukeFR\tbPHPN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}] 2008-11-23 22:03 1784856 ----a-w- c:\program files\Eazel-FR\tbEaze.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0A6E8D4F-73B1-422D-AB26-E07CF8B2A6C3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{A74A0508-8FB6-489C-AE34-A176185EEC26}"= UDP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent "{36A8B33D-4A65-4F59-908F-CA996CF6DB35}"= TCP:c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:Managed Services Agent "{52F96CAF-EA2B-4EB1-9FDF-0A44E6D32194}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{DAF3DB55-C606-437C-9829-4A5568ADCD5B}"= UDP:c:\program files\DNA\btdna.exe:DNA "{0C165A3D-52D3-4C96-916B-51B35ABD7015}"= TCP:c:\program files\DNA\btdna.exe:DNA "TCP Query User{D89D47D8-8600-479B-AD85-DAC9D0E4C79C}c:\\program files\\resolume 2.41\\resolume.exe"= UDP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41 "UDP Query User{2B2D4087-B106-4C6B-A9E6-FCF7168FA7D5}c:\\program files\\resolume 2.41\\resolume.exe"= TCP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41 "TCP Query User{46138ACC-D15A-416D-944D-B773653EB2E3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{D3822369-44F4-4598-9D26-CE123A9CE79A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{0675ADB0-0180-4628-8CD9-3C121B6796F0}"= UDP:5353:Adobe CSI CS4 "{26EF0A72-D7AF-4243-B4C3-574F507F9DC6}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{A0C92186-3229-4A41-8DA8-2B739DB8CB9C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "TCP Query User{CE9D5B12-3F98-4BEF-A250-D6E6D906B576}c:\\program files\\adobe\\photoshop cs\\photoshop.exe"= UDP:c:\program files\adobe\photoshop cs\photoshop.exe:Adobe Photoshop CS "UDP Query User{76EC50A9-0FEE-42CB-B30B-C9959B63FB1B}c:\\program files\\adobe\\photoshop cs\\photoshop.exe"= TCP:c:\program files\adobe\photoshop cs\photoshop.exe:Adobe Photoshop CS "TCP Query User{EE821677-1774-47F0-8839-54CEDD2E26C2}c:\\users\\nidhal\\downloads\\keygen.gmx.photopainter.1.0.exe"= UDP:c:\users\nidhal\downloads\keygen.gmx.photopainter.1.0.exe:keygen.gmx.photopainter.1.0.exe "UDP Query User{87F843F1-15CA-43EF-AEE5-2CC861A3B832}c:\\users\\nidhal\\downloads\\keygen.gmx.photopainter.1.0.exe"= TCP:c:\users\nidhal\downloads\keygen.gmx.photopainter.1.0.exe:keygen.gmx.photopainter.1.0.exe "TCP Query User{68A2C0EC-A4A3-44D2-9015-F767551532D2}c:\\users\\nidhal\\downloads\\keygen.deskspace.3d.virtual.desktop.1.5.1.exe"= UDP:c:\users\nidhal\downloads\keygen.deskspace.3d.virtual.desktop.1.5.1.exe:keygen.deskspace.3d.virtual.d esktop.1.5.1.exe "UDP Query User{3728B043-F681-42F1-B9FF-05C74F6847B4}c:\\users\\nidhal\\downloads\\keygen.deskspace.3d.virtual.desktop.1.5.1.exe"= TCP:c:\users\nidhal\downloads\keygen.deskspace.3d.virtual.desktop.1.5.1.exe:keygen.deskspace.3d.virtual.d esktop.1.5.1.exe "{74CFA214-21BB-4CF3-9F27-13D505745EDF}"= Disabled:UDP:c:\program files\nidhal\EdenFlirt.exe:Eden Flirt "{0817A5B6-DA77-452C-BB80-9B10EDB19839}"= Disabled:TCP:c:\program files\nidhal\EdenFlirt.exe:Eden Flirt "TCP Query User{2F7879F1-3983-48E1-80D4-66A89ADEA559}c:\\soldat\\soldat.exe"= Disabled:UDP:c:\soldat\soldat.exe:Soldat "UDP Query User{42A5A289-E8D7-493E-A9B2-5B34E861381D}c:\\soldat\\soldat.exe"= Disabled:TCP:c:\soldat\soldat.exe:Soldat "{D093A84E-6002-43D3-A508-D87926A8A288}"= Disabled:UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{9D8F6302-D5E4-4CC1-8E92-E5A174A58806}"= Disabled:TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{9DA847D7-95C6-4234-9BEC-00AC0967A2DC}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [14/05/2008 02:36 51376] R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [14/05/2008 02:36 12928] R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [09/04/2009 15:18 107256] R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [14/05/2008 02:36 12496] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 72944] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [16/05/2007 01:08 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 04:23 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21/01/2008 04:23 21504] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09/04/2009 15:19 731840] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [18/06/2008 18:15 13632] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [09/04/2009 15:21 93312] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [14/05/2008 02:35 256512] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 20:13 24880] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 16:40 3668480] S2 gupdate1c9a1cc53c109d0;Service Google Update (gupdate1c9a1cc53c109d0);c:\program files\Google\Update\GoogleUpdate.exe [11/03/2009 00:05 133104] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 04:23 179712] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [18/06/2008 18:20 193840] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 7408] S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [14/05/2008 22:41 34184] S4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [18/06/2008 18:18 77824] S4 myAgtSvc;Service de protection contre les virus et les logiciels espions McAfee;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [18/06/2008 18:15 218432] S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [18/06/2008 17:46 576024] S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 14:12 1112560] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-AdobeBridge - (no file) SafeBoot-procexp90.Sys . ------- Examen supplémentaire ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102473 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb uInternet Settings,ProxyOverride = *.local IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\users\nidhal\AppData\Roaming\Mozilla\Firefox\Profiles\2f4v35gd.default\ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\program files\SiteAdvisor\6173\FF\components\FFHook.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll FF - plugin: c:\users\nidhal\Program Files\DNA\plugins\npbtdna.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-31 19:27 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-189134021-1314559775-1526549425-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1A5AF066-9F09-0BA8-3DFC-D72F180CFBA2}*] "padifeidkdfiblbpmfchgcecapednpgf"=hex:69,61,6c,6b,63,66,6a,62,6b,6a,64,69,6d, 6a,6f,66,69,62,00,77 "abnjldoakdlakemgiadpfoenligjdeempe"=hex:69,61,6c,6b,63,66,6a,62,6b,6a,64,69, 6d,6a,6f,66,69,62,00,77 "panjldoakdlakemgiadpfoenligjheij"=hex:69,61,6b,6b,62,66,69,6d,6d,65,67,6f,63, 61,63,63,6a,70,00,77 "oadifeidkdfiblbpmfchgcecapadab"=hex:69,61,6b,6b,62,66,69,6d,6d,65,67,6f,63,61, 63,63,6a,70,00,77 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\System32\APSHook.dll - - - - - - - > 'lsass.exe'(736) c:\windows\System32\APSHook.dll c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . Heure de fin: 2009-05-31 19:29 ComboFix-quarantined-files.txt 2009-05-31 17:29 Avant-CF: 21 839 818 752 octets libres Après-CF: 35 025 969 152 octets libres 290 --- E O F --- 2009-05-31 05:15
- le 31 mai 2009
- 19 réponses

Connexion

splitter

Compteur de contenus

Inscription

Dernière visite

Autres informations

splitter's Achievements

Junior Member (3/12)

Réputation sur la communauté

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Mon PC bloque aprés utilisation de Combofix !!!

Zebulon

Outils en ligne

Naviguer