Pirchet
-
Compteur de contenus
14 -
Inscription
-
Dernière visite
Pirchet's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
MEERRRRCCII BEAUCOUP !! Que Dieu te bénisse. Que serai-je devenu sans toi et tes conseils ? :'( ? Maintenant j'ai plus de soucis à me faire, j'ai enregistré tous tes conseils dans Office Sur ce, je marque résolu et MERCI encore !! -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Bonjour. Oui il l'est. Comment remettre google S'il vous plait ? -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Enfin fini ! Voila le rapport de TCleaner : [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\TB.txt: trouvé ! C:\_OTM: trouvé ! C:\Toolbar SD: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\khadim\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\khadim\Bureau\TB.txt: trouvé ! C:\Documents and Settings\khadim\Bureau\Rsit.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\_OTM\MovedFiles\09032009_125804\VundoFix.txt: trouvé ! C:\_OTM\MovedFiles\09032009_125804\Vundofix backups: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\khadim\Bureau\OTM.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\TB.txt: supprimé ! C:\Documents and Settings\khadim\Bureau\TB.txt: supprimé ! C:\Documents and Settings\khadim\Bureau\Rsit.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\_OTM\MovedFiles\09032009_125804\VundoFix.txt: supprimé ! C:\_OTM: supprimé ! C:\Toolbar SD: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Celui de BitDefender : Vous avez bien dit scanres.htlm, donc ca donne ca : BitDefender Online Scanner Rapport d'analyse généré à: __CRT_DATETIME__ Voie d'analyse: __SCANPATH__ Statistiques Temps __TIME__ Fichiers __FILES__ Directoires __FOLDERS__ Secteurs de boot __BOOTS__ Archives __ARCHIVES__ Paquets programmes __PACKED__ Résultats Virus identifiés __VIRUSES__ Fichiers infectés __INFFILES__ Fichiers suspects __SUSFILES__ Avertissements __WARNINGS__ Désinfectés __DISINFECTED__ Fichiers effacés __DELETED__ Info sur les moteurs Définition virus __VIRUSDEFS__ Version des moteurs __ENGBUILD__ Analyse des plugins __SCANPLUGINS__ Archive des plugins __ARCHPLUGINS__ Unpack des plugins __UNPACKPLUGINS__ E-mail plugins __EMAILPLUGINS__ Système plugins __SYSPLUGINS__ Paramètres d'analyse Première action __FIRSTACT__ Seconde Action __SECACT__ Heuristique __HEURISTICS__ Acceptez les avertissements __ENABLEWARNINGS__ Extensions analysées __EXT__ Excludez les extensions __EXCLUDEEXT__ Analyse d'emails __SCANEMAILS__ Analyse des Archives __SCANARCHIVES__ Analyser paquets programmes __SCANPACKED__ Analyse des fichiers __SCANFILES__ Analyse de boot __SCANBOOT__ Fichier analysé Statut __SINGLEFILE__ MAIS J'ai vu un scanreP.htlm qui donne ca : BitDefender Online Scanner Rapport d'analyse généré à: Fri, Sep 04, 2009 - 12:50:03 Voie d'analyse: A:\;C:\;D:\;E:\; Statistiques Temps 00:45:44 Fichiers 85238 Directoires 10688 Secteurs de boot 0 Archives 1462 Paquets programmes 6398 Résultats Virus identifiés 5 Fichiers infectés 7 Fichiers suspects 0 Avertissements 0 Désinfectés 0 Fichiers effacés 7 Info sur les moteurs Définition virus 3957385 Version des moteurs AVCORE v2.1 Windows/i386 11.0.0.26 (Aug 27 2009) Analyse des plugins 17 Archive des plugins 45 Unpack des plugins 7 E-mail plugins 6 Système plugins 4 Paramètres d'analyse Première action Désinfecté Seconde Action Supprimé Heuristique Oui Acceptez les avertissements Oui Extensions analysées exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm ;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Excludez les extensions Analyse d'emails Oui Analyse des Archives Oui Analyser paquets programmes Oui Analyse des fichiers Oui Analyse de boot Oui Fichier analysé Statut C:\Documents and Settings\khadim\Local Settings\Application Data\Ares\My Shared Folder\logiciel script habbo v1 4 7 3 cracked.exe Infecté par: Trojan.Zlob.49653 C:\Documents and Settings\khadim\Local Settings\Application Data\Ares\My Shared Folder\logiciel script habbo v1 4 7 3 cracked.exe Supprimé C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP2\A0000253.EXE Infecté par: Gen:Trojan.Heur.PT.nfZ@b0dvRWn C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP2\A0000253.EXE Echec de la désinfection C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP2\A0000253.EXE Supprimé C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP8\A0004480.DLL Détecté avec: Adware.Generic.57418 C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP8\A0004480.DLL Supprimé C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP8\A0004544.exe Infecté par: Trojan.Zlob.49653 C:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP8\A0004544.exe Supprimé D:\pkkwng.exe Infecté par: Trojan.PWS.Magania.AAE D:\pkkwng.exe Supprimé D:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP8\A0004547.exe Infecté par: Trojan.PWS.Magania.AAE D:\System Volume Information\_restore{3D63977A-C48F-40AC-87FB-57E9FDD10C15}\RP8\A0004547.exe Supprimé D:\t8s2x.exe Infecté par: Trojan.PWS.OnlineGames.KCUD D:\t8s2x.exe Supprimé -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Au fait j'ai changé tous mes mots de passe ( via un autre ordi ) . Et pour les disques amovibles, depuis que je suis infecté j'ai pas mis de clefs usb etc..., meme avant que je sois infecté j'en mettais pas ^^ -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Salut. J'ai téléchargé RAV. UsbFix ne marchait pas. Rapport de RAV ( pas tout à fait ca mais il y avait pas de rapport... ) Virus 1 trouvé Virus 2 trouvé Virus 1 supprimé avec succés Virus 2 supprimé avec succés Virus supprimé avec succés VOTRE ORDINATEUR EST SAIN. =) -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Voici les rapports demandés chef : OTM : All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|”http://www.google.fr/” /E :invalid edit format. Invalid data type. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent.Notifier deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IminentRegUpdate deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DE60714F-AC17-427e-861A-FD60CBDF119A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE60714F-AC17-427e-861A-FD60CBDF119A}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: abdoulaye ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: kany ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: khadim ->Temp folder emptied: 4056 bytes File delete failed. C:\Documents and Settings\khadim\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 82646600 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: magatte ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: maoumy ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 511 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 78,85 mb OTM by OldTimer - Version 3.0.0.6 log created on 09042009_004608 Files moved on Reboot... Registry entries deleted on Reboot... Puis RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by khadim at 2009-09-04 00:55:09 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 35 GB (35%) free of 100 GB Total RAM: 446 MB (18% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:56:20, on 04/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\notepad.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Iminent\IMBooster\imbooster.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Documents and Settings\khadim\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\khadim.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=58a6abff-...mp;ref=homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1582D73-24D6-4E92-8FDF-343C1EEC7495}: NameServer = 213.154.95.126,213.154.64.13 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 10739 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{2F8A33DB-075A-4C6E-8932-5579E67EC174}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-04 669168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-29 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-19 196608] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2005-09-25 155648] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "FixCamera"=C:\WINDOWS\FixCamera.exe [] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-02-07 262144] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] "IMBooster"=C:\Program Files\Iminent\IMBooster\imbooster.exe [2009-04-08 365568] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-22 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-10 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-25 94208] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo" "C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe"="C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe:*:Disabled:Halo" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo" "C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom" "C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe"="C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-03 22:09:07 ----D---- C:\Program Files\CCleaner 2009-09-03 12:58:04 ----D---- C:\_OTM 2009-09-02 21:02:47 ----D---- C:\rsit 2009-09-02 20:51:50 ----A---- C:\TB.txt 2009-09-02 20:49:04 ----D---- C:\ToolBar SD 2009-09-02 20:02:00 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2009-09-02 16:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-09-02 16:29:11 ----D---- C:\WINDOWS\ie8updates 2009-09-02 16:21:20 ----HDC---- C:\WINDOWS\ie8 2009-09-02 15:36:48 ----D---- C:\WINDOWS\Prefetch 2009-09-02 15:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-09-02 15:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-09-02 15:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-09-02 15:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-09-02 15:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-09-02 15:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-09-02 15:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-09-02 15:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-09-02 15:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-09-02 15:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-02 15:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-09-02 15:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-09-02 15:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-09-02 15:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-09-02 15:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-09-02 15:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-09-02 15:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-09-02 15:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-09-02 15:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-09-02 15:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-09-02 15:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-09-02 15:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-09-02 15:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-09-02 15:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-09-02 15:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-09-02 15:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-09-02 15:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-09-02 15:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-09-02 15:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-09-02 15:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-09-02 15:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-09-02 15:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-09-02 15:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-09-02 15:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-09-02 15:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-09-02 15:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-09-02 15:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-09-02 15:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-09-02 15:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2009-09-02 15:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-09-02 15:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-09-02 15:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-09-02 15:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-09-02 15:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-09-02 15:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-09-02 15:11:08 ----D---- C:\WINDOWS\l2schemas 2009-09-02 15:11:07 ----D---- C:\WINDOWS\system32\fr 2009-09-02 15:11:06 ----D---- C:\WINDOWS\system32\bits 2009-09-02 14:56:48 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-02 14:51:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-08-30 19:02:12 ----D---- C:\Program Files\Dofus 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\khadim\Application Data\Yahoo! 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2009-08-29 18:50:00 ----D---- C:\Program Files\Yahoo! 2009-08-29 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-29 00:12:10 ----D---- C:\Program Files\Kaspersky Lab 2009-08-29 00:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-08-28 23:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-08-24 17:29:29 ----D---- C:\Program Files\Trend Micro 2009-08-24 12:34:51 ----D---- C:\Documents and Settings\khadim\Application Data\Malwarebytes 2009-08-24 12:34:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-24 12:34:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-22 14:59:11 ----D---- C:\WINDOWS\system32\NtmsData 2009-08-17 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$ 2009-08-14 17:24:44 ----D---- C:\Program Files\Avira 2009-08-14 10:04:50 ----D---- C:\Documents and Settings\khadim\Application Data\F-Secure 2009-08-14 00:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$ 2009-08-14 00:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$ 2009-08-14 00:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$ 2009-08-14 00:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$ 2009-08-14 00:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-14 00:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$ 2009-08-14 00:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$ 2009-08-14 00:52:05 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-14 00:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-14 00:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$ 2009-08-14 00:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-12 23:22:24 ----D---- C:\Documents and Settings\khadim\Application Data\Help 2009-08-11 13:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$ 2009-08-11 13:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$ 2009-08-09 16:59:47 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-09 16:59:43 ----D---- C:\Program Files\MSBuild 2009-08-09 16:59:41 ----D---- C:\WINDOWS\system32\en-US 2009-08-09 16:59:34 ----D---- C:\Program Files\Reference Assemblies 2009-08-09 16:58:53 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-09 16:50:02 ----D---- C:\Program Files\MSXML 6.0 ======List of files/folders modified in the last 1 months====== 2009-09-04 00:54:27 ----D---- C:\WINDOWS\Temp 2009-09-04 00:54:14 ----D---- C:\WINDOWS\system32 2009-09-04 00:54:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-04 00:50:34 ----A---- C:\WINDOWS\NeroDigital.ini 2009-09-04 00:49:32 ----D---- C:\WINDOWS 2009-09-04 00:48:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-03 22:38:40 ----D---- C:\WINDOWS\Debug 2009-09-03 22:29:06 ----D---- C:\WINDOWS\system32\drivers 2009-09-03 22:26:27 ----RD---- C:\Program Files 2009-09-03 21:58:19 ----HD---- C:\WINDOWS\inf 2009-09-03 21:57:12 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-03 21:57:04 ----D---- C:\Program Files\Fichiers communs 2009-09-03 21:56:44 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-03 12:59:07 ----SD---- C:\WINDOWS\Tasks 2009-09-03 12:56:52 ----D---- C:\Program Files\SpeedNet 5.1 Trial 2009-09-03 12:56:24 ----D---- C:\Program Files\SuperCopier2 2009-09-02 16:49:11 ----D---- C:\WINDOWS\WinSxS 2009-09-02 16:45:09 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-02 16:44:53 ----D---- C:\WINDOWS\network diagnostic 2009-09-02 16:35:20 ----D---- C:\WINDOWS\system32\fr-fr 2009-09-02 16:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Media 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Help 2009-09-02 16:35:19 ----D---- C:\Program Files\Internet Explorer 2009-09-02 16:35:18 ----HD---- C:\Config.Msi 2009-09-02 16:02:14 ----SHD---- C:\WINDOWS\Installer 2009-09-02 15:36:12 ----D---- C:\WINDOWS\system32\Setup 2009-09-02 15:36:12 ----D---- C:\WINDOWS\AppPatch 2009-09-02 15:36:11 ----D---- C:\WINDOWS\system32\wbem 2009-09-02 15:36:10 ----RSD---- C:\WINDOWS\Fonts 2009-09-02 15:32:18 ----D---- C:\Program Files\Outlook Express 2009-09-02 15:27:06 ----D---- C:\WINDOWS\security 2009-09-02 15:22:32 ----D---- C:\Program Files\Messenger 2009-09-02 15:12:03 ----D---- C:\WINDOWS\ehome 2009-09-02 15:11:59 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-02 15:11:57 ----D---- C:\WINDOWS\ime 2009-09-02 15:11:10 ----D---- C:\WINDOWS\system32\usmt 2009-09-02 15:11:06 ----D---- C:\WINDOWS\PeerNet 2009-09-02 15:11:06 ----D---- C:\Program Files\Movie Maker 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\Restore 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\npp 2009-09-02 15:03:51 ----D---- C:\WINDOWS\msagent 2009-09-02 15:03:48 ----D---- C:\WINDOWS\srchasst 2009-09-02 15:03:44 ----D---- C:\Program Files\NetMeeting 2009-09-02 15:03:39 ----D---- C:\WINDOWS\system32\Com 2009-09-02 15:03:30 ----D---- C:\Program Files\Windows Media Player 2009-09-02 15:03:28 ----D---- C:\Program Files\Windows NT 2009-09-02 15:03:18 ----D---- C:\Program Files\Fichiers communs\System 2009-09-02 15:02:19 ----D---- C:\WINDOWS\system32\oobe 2009-09-02 15:02:17 ----D---- C:\WINDOWS\system 2009-09-02 10:34:57 ----D---- C:\WINDOWS\Microsoft.NET 2009-09-01 22:00:35 ----SD---- C:\Documents and Settings\khadim\Application Data\Microsoft 2009-09-01 10:44:08 ----SHD---- C:\System Volume Information 2009-08-29 18:54:14 ----D---- C:\WINDOWS\Minidump 2009-08-23 18:32:46 ----D---- C:\Program Files\Wakfu 2009-08-23 18:30:53 ----D---- C:\Documents and Settings\khadim\Application Data\eMule 2009-08-23 18:30:51 ----D---- C:\Program Files\eMule 2009-08-22 14:59:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-08-14 17:21:32 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-08-09 17:24:17 ----RSD---- C:\WINDOWS\assembly 2009-08-09 16:54:41 ----D---- C:\WINDOWS\system32\mui 2009-08-05 10:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-03 296976] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-19 132608] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S2 Ca533av;USB PC Camera; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-08-22 516021] S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600] S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;DIGITAL CAMERA; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504] R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2007-03-10 949760] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-13 66872] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- COMPORTEMENT DU PC : - Il semble plus rapide - Le trojan volait tous mes mots de passe ( donc entrait dans ma boite mail ) et me voler certaines informations ( malheureusement j'y tenais ). Je verrais si il me les revolera et vous ferais signe - Au démarrage du PC, ce dernier ne démarrer pas correctement, il m'affichait des : ''mode sans echec, prise de commandes en mode sans echec, démarrer Windows normalement, dernière bonne ... ''. Il le fait moins souvent et vu qu'on a presque terminé il le fera peut être pluscar j'avais remarqué qu'à chaque fois qu'il le faisait, le hackeur me volait mes informations. - Un module complementaire a été éradiqué ( module chinois ) il a eu que ce qu'il mèritait celui la ! Voila mes principaux problèmes. Et je vous remercie énormément ! J'attends votre prochaine réponse avec impatience. -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Au fait le programme suspect porté un nom dérivant de MBAM ... -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Bonjour. Voici les rapports demandés : Celui de OTM : ========== PROCESSES ========== Process explorer.exe killed successfully! ========== SERVICES/DRIVERS ========== Service\Driver Boonty Games stopped successfully. Service\Driver Boonty Games deleted successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}\ not found. ========== FILES ========== C:\Program Files\F-Secure Internet Security\Uninstall moved successfully. C:\Program Files\F-Secure Internet Security\TNB moved successfully. C:\Program Files\F-Secure Internet Security\Scanner-Interface moved successfully. C:\Program Files\F-Secure Internet Security\Pegasus moved successfully. C:\Program Files\F-Secure Internet Security\ORSP Client moved successfully. C:\Program Files\F-Secure Internet Security\HIPS moved successfully. C:\Program Files\F-Secure Internet Security\Gemini moved successfully. C:\Program Files\F-Secure Internet Security\FWES\program moved successfully. C:\Program Files\F-Secure Internet Security\FWES moved successfully. C:\Program Files\F-Secure Internet Security\FSPS\program moved successfully. C:\Program Files\F-Secure Internet Security\FSPS moved successfully. C:\Program Files\F-Secure Internet Security\FSGUI moved successfully. C:\Program Files\F-Secure Internet Security\DAAS2 moved successfully. C:\Program Files\F-Secure Internet Security\Common\custom\custom2\common\_graphics\banners moved successfully. C:\Program Files\F-Secure Internet Security\Common\custom\custom2\common\_graphics moved successfully. C:\Program Files\F-Secure Internet Security\Common\custom\custom2\common moved successfully. C:\Program Files\F-Secure Internet Security\Common\custom\custom2 moved successfully. C:\Program Files\F-Secure Internet Security\Common\custom moved successfully. C:\Program Files\F-Secure Internet Security\Common moved successfully. C:\Program Files\F-Secure Internet Security\Anti-Virus moved successfully. C:\Program Files\F-Secure Internet Security moved successfully. C:\Documents and Settings\All Users\Application Data\fssg moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\setup moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\logs\ORSP Client moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSMA moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\logs\FSFW moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\logs\DAAS2 moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\logs\custom moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\logs moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\revocation moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\keys moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\crl moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\cert moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\Daas2\acl moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure\Daas2 moved successfully. C:\Documents and Settings\All Users\Application Data\f-secure moved successfully. C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully. C:\Program Files\Fichiers communs\BOONTY Shared moved successfully. OTM by OldTimer - Version 3.0.0.6 log created on 09032009_215610 Puis de Mbam : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2737 Windows 5.1.2600 Service Pack 3 03/09/2009 22:26:27 mbam-log-2009-09-03 (22-26-27).txt Type de recherche: Examen rapide Eléments examinés: 123300 Temps écoulé: 6 minute(s), 52 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 16 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 13 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hottvplayer.htplayer (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hottvplayer.htplayer.1 (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox (Adware.Popup) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow (Adware.WhenU) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StormCodec_Helper (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\abdoulaye\Menu Démarrer\Programmes\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\magatte\Menu Démarrer\Programmes\WhenU (Adware.WhenU) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\abdoulaye\Menu Démarrer\Programmes\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\abdoulaye\Menu Démarrer\Programmes\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully. C:\Documents and Settings\magatte\Menu Démarrer\Programmes\WhenU\Customer Support.lnk (Adware.WhenU) -> Quarantined and deleted successfully. C:\Documents and Settings\magatte\Menu Démarrer\Programmes\WhenU\Learn More About WhenU Save.url (Adware.WhenU) -> Quarantined and deleted successfully. C:\Documents and Settings\magatte\Menu Démarrer\Programmes\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenU) -> Quarantined and deleted successfully. C:\Documents and Settings\magatte\Menu Démarrer\Programmes\WhenU\Uninstall Instructions.lnk (Adware.WhenU) -> Quarantined and deleted successfully. C:\Documents and Settings\magatte\Menu Démarrer\Programmes\WhenU\WhenU.com Website.url (Adware.WhenU) -> Quarantined and deleted successfully. C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully. C:\Documents and Settings\abdoulaye\Local Settings\Application Data\pscgcim_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\Documents and Settings\abdoulaye\Local Settings\Application Data\pscgcim_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe (Trojan.Agent) -> Quarantined and deleted successfully. Et enfin celui de RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by khadim at 2009-09-03 22:53:29 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 35 GB (35%) free of 100 GB Total RAM: 446 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:53:34, on 03/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe C:\Program Files\Iminent\IMBooster\imbooster.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Documents and Settings\khadim\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\khadim.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=58a6abff-...mp;ref=homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\RunOnce: [iminentRegUpdate] reg add HKCU\Software\Iminent /t REG_DWORD /v InstallationOwner /d 1 /f O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1582D73-24D6-4E92-8FDF-343C1EEC7495}: NameServer = 213.154.95.126,213.154.64.13 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11398 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{2F8A33DB-075A-4C6E-8932-5579E67EC174}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-04 669168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-29 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-19 196608] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2005-09-25 155648] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "FixCamera"=C:\WINDOWS\FixCamera.exe [] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-02-07 262144] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] "Iminent.Notifier"=C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe [2009-04-09 496640] "IMBooster"=C:\Program Files\Iminent\IMBooster\imbooster.exe [2009-04-08 365568] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-22 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-10 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-25 94208] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IminentRegUpdate"=reg add HKCU\Software\Iminent /t REG_DWORD /v InstallationOwner /d 1 /f [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo" "C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe"="C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe:*:Disabled:Halo" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo" "C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom" "C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe"="C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-03 22:09:07 ----D---- C:\Program Files\CCleaner 2009-09-03 12:58:04 ----D---- C:\_OTM 2009-09-02 21:02:47 ----D---- C:\rsit 2009-09-02 20:51:50 ----A---- C:\TB.txt 2009-09-02 20:49:04 ----D---- C:\ToolBar SD 2009-09-02 20:02:00 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2009-09-02 16:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-09-02 16:29:11 ----D---- C:\WINDOWS\ie8updates 2009-09-02 16:21:20 ----HDC---- C:\WINDOWS\ie8 2009-09-02 15:36:48 ----D---- C:\WINDOWS\Prefetch 2009-09-02 15:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-09-02 15:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-09-02 15:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-09-02 15:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-09-02 15:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-09-02 15:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-09-02 15:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-09-02 15:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-09-02 15:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-09-02 15:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-02 15:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-09-02 15:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-09-02 15:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-09-02 15:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-09-02 15:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-09-02 15:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-09-02 15:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-09-02 15:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-09-02 15:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-09-02 15:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-09-02 15:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-09-02 15:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-09-02 15:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-09-02 15:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-09-02 15:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-09-02 15:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-09-02 15:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-09-02 15:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-09-02 15:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-09-02 15:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-09-02 15:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-09-02 15:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-09-02 15:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-09-02 15:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-09-02 15:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-09-02 15:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-09-02 15:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-09-02 15:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-09-02 15:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2009-09-02 15:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-09-02 15:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-09-02 15:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-09-02 15:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-09-02 15:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-09-02 15:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-09-02 15:11:08 ----D---- C:\WINDOWS\l2schemas 2009-09-02 15:11:07 ----D---- C:\WINDOWS\system32\fr 2009-09-02 15:11:06 ----D---- C:\WINDOWS\system32\bits 2009-09-02 14:56:48 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-02 14:51:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-08-30 19:02:12 ----D---- C:\Program Files\Dofus 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\khadim\Application Data\Yahoo! 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2009-08-29 18:50:00 ----D---- C:\Program Files\Yahoo! 2009-08-29 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-29 00:12:10 ----D---- C:\Program Files\Kaspersky Lab 2009-08-29 00:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-08-28 23:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-08-24 17:29:29 ----D---- C:\Program Files\Trend Micro 2009-08-24 12:34:51 ----D---- C:\Documents and Settings\khadim\Application Data\Malwarebytes 2009-08-24 12:34:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-24 12:34:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-22 14:59:11 ----D---- C:\WINDOWS\system32\NtmsData 2009-08-17 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$ 2009-08-14 17:24:44 ----D---- C:\Program Files\Avira 2009-08-14 10:04:50 ----D---- C:\Documents and Settings\khadim\Application Data\F-Secure 2009-08-14 00:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$ 2009-08-14 00:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$ 2009-08-14 00:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$ 2009-08-14 00:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$ 2009-08-14 00:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-14 00:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$ 2009-08-14 00:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$ 2009-08-14 00:52:05 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-14 00:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-14 00:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$ 2009-08-14 00:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-12 23:22:24 ----D---- C:\Documents and Settings\khadim\Application Data\Help 2009-08-11 13:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$ 2009-08-11 13:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$ 2009-08-09 16:59:47 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-09 16:59:43 ----D---- C:\Program Files\MSBuild 2009-08-09 16:59:41 ----D---- C:\WINDOWS\system32\en-US 2009-08-09 16:59:34 ----D---- C:\Program Files\Reference Assemblies 2009-08-09 16:58:53 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-09 16:50:02 ----D---- C:\Program Files\MSXML 6.0 2009-08-04 22:25:20 ----N---- C:\WINDOWS\winspad.ini 2009-08-04 22:25:11 ----A---- C:\WINDOWS\system32\Sp32w.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gswdll32.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gswag32.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gsw32.exe 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\GSPNG32.DLL 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\GSJPG32.DLL 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\SpadClientAction.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\ParserSpadMSGClient.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\CreatorSpadMSG.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\ClientProfile.dll 2009-08-04 22:24:56 ----A---- C:\WINDOWS\system32\TRIEDIT.DLL 2009-08-04 22:24:52 ----A---- C:\WINDOWS\system32\MSJET35.DLL 2009-08-04 22:24:51 ----A---- C:\WINDOWS\system32\Vb5db.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\Qpro32.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\PEGRP32a.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\PEGRC32A.dll 2009-08-04 22:24:49 ----A---- C:\WINDOWS\system32\MSREPL35.DLL 2009-08-04 22:24:49 ----A---- C:\WINDOWS\system32\MSJTER35.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\MSJT4JLT.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\MSJINT35.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\Mhmu32.dll 2009-08-04 22:24:46 ----A---- C:\WINDOWS\system32\OrganonLib.dll 2009-08-04 22:24:43 ----A---- C:\WINDOWS\system32\NucleusLib.dll 2009-08-04 22:24:41 ----A---- C:\WINDOWS\system32\STAMIN32.DLL 2009-08-04 22:24:41 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL 2009-08-04 22:24:40 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2009-08-04 22:24:39 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL 2009-08-04 22:24:23 ----D---- C:\Program Files\DECISIA ======List of files/folders modified in the last 1 months====== 2009-09-03 22:51:19 ----D---- C:\WINDOWS\Temp 2009-09-03 22:39:31 ----A---- C:\WINDOWS\NeroDigital.ini 2009-09-03 22:38:40 ----D---- C:\WINDOWS\Debug 2009-09-03 22:38:40 ----D---- C:\WINDOWS 2009-09-03 22:30:40 ----D---- C:\WINDOWS\system32 2009-09-03 22:30:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-03 22:29:06 ----D---- C:\WINDOWS\system32\drivers 2009-09-03 22:28:21 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-09-03 22:26:27 ----RD---- C:\Program Files 2009-09-03 21:58:19 ----HD---- C:\WINDOWS\inf 2009-09-03 21:57:12 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-03 21:57:04 ----D---- C:\Program Files\Fichiers communs 2009-09-03 21:56:44 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-03 12:59:07 ----SD---- C:\WINDOWS\Tasks 2009-09-03 12:56:52 ----D---- C:\Program Files\SpeedNet 5.1 Trial 2009-09-03 12:56:24 ----D---- C:\Program Files\SuperCopier2 2009-09-02 16:49:11 ----D---- C:\WINDOWS\WinSxS 2009-09-02 16:45:09 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-02 16:44:53 ----D---- C:\WINDOWS\network diagnostic 2009-09-02 16:35:20 ----D---- C:\WINDOWS\system32\fr-fr 2009-09-02 16:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Media 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Help 2009-09-02 16:35:19 ----D---- C:\Program Files\Internet Explorer 2009-09-02 16:35:18 ----HD---- C:\Config.Msi 2009-09-02 16:02:14 ----SHD---- C:\WINDOWS\Installer 2009-09-02 15:36:12 ----D---- C:\WINDOWS\system32\Setup 2009-09-02 15:36:12 ----D---- C:\WINDOWS\AppPatch 2009-09-02 15:36:11 ----D---- C:\WINDOWS\system32\wbem 2009-09-02 15:36:10 ----RSD---- C:\WINDOWS\Fonts 2009-09-02 15:32:18 ----D---- C:\Program Files\Outlook Express 2009-09-02 15:27:06 ----D---- C:\WINDOWS\security 2009-09-02 15:22:32 ----D---- C:\Program Files\Messenger 2009-09-02 15:12:03 ----D---- C:\WINDOWS\ehome 2009-09-02 15:11:59 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-02 15:11:57 ----D---- C:\WINDOWS\ime 2009-09-02 15:11:10 ----D---- C:\WINDOWS\system32\usmt 2009-09-02 15:11:06 ----D---- C:\WINDOWS\PeerNet 2009-09-02 15:11:06 ----D---- C:\Program Files\Movie Maker 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\Restore 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\npp 2009-09-02 15:03:51 ----D---- C:\WINDOWS\msagent 2009-09-02 15:03:48 ----D---- C:\WINDOWS\srchasst 2009-09-02 15:03:44 ----D---- C:\Program Files\NetMeeting 2009-09-02 15:03:39 ----D---- C:\WINDOWS\system32\Com 2009-09-02 15:03:30 ----D---- C:\Program Files\Windows Media Player 2009-09-02 15:03:28 ----D---- C:\Program Files\Windows NT 2009-09-02 15:03:18 ----D---- C:\Program Files\Fichiers communs\System 2009-09-02 15:02:19 ----D---- C:\WINDOWS\system32\oobe 2009-09-02 15:02:17 ----D---- C:\WINDOWS\system 2009-09-02 10:34:57 ----D---- C:\WINDOWS\Microsoft.NET 2009-09-01 22:00:35 ----SD---- C:\Documents and Settings\khadim\Application Data\Microsoft 2009-09-01 10:44:08 ----SHD---- C:\System Volume Information 2009-08-29 18:54:14 ----D---- C:\WINDOWS\Minidump 2009-08-23 18:32:46 ----D---- C:\Program Files\Wakfu 2009-08-23 18:30:53 ----D---- C:\Documents and Settings\khadim\Application Data\eMule 2009-08-23 18:30:51 ----D---- C:\Program Files\eMule 2009-08-22 14:59:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-08-14 17:21:32 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-08-09 17:24:17 ----RSD---- C:\WINDOWS\assembly 2009-08-09 16:54:41 ----D---- C:\WINDOWS\system32\mui 2009-08-05 10:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-04 22:24:23 ----HD---- C:\Program Files\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-03 296976] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-19 132608] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S2 Ca533av;USB PC Camera; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-08-22 516021] S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600] S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;DIGITAL CAMERA; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504] R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2007-03-10 949760] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-13 66872] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Ps : Pendant le telechargement de Mbam, Kasperky a détecté un programme du nom de SETUP.Uninstall ( quelque chose du genre ) qui essayait d'installer un programme, suspect, d'après Kasperky. J'ai alors dû désactiver Kasperky pour pouvoir finir l'installation de MBAM, puis l'ai réactivé, mais il ne detectait plus rien ... -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Bonjour . Comme vous me l'avez demandé, voici le rapport de OTM : All processes killed ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D73F49B6-B51B-4d32-A3B7-BD04B8342F53}\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"|'' /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D73F49B6-B51B-4d32-A3B7-BD04B8342F53}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D73F49B6-B51B-4d32-A3B7-BD04B8342F53}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C4E691E-50E0-4163-8E94-37F72E994272}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C4E691E-50E0-4163-8E94-37F72E994272}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a7400d6-6615-4a06-a4d1-48979fa6e868}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a7400d6-6615-4a06-a4d1-48979fa6e868}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DE60714F-AC17-427e-861A-FD60CBDF119A }\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE60714F-AC17-427e-861A-FD60CBDF119A }\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5865965c-c340-11db-b13c-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5865965c-c340-11db-b13c-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1a35ee-5f60-11de-bc55-00161737b54c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e1a35ee-5f60-11de-bc55-00161737b54c}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a293a9e-f7e3-11db-b212-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a293a9e-f7e3-11db-b212-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db56c6a-a9db-11db-b0d9-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db56c6a-a9db-11db-b0d9-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e32970c-3436-11de-bbd5-00161737b54c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e32970c-3436-11de-bbd5-00161737b54c}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6cc45da-660d-11dc-b448-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6cc45da-660d-11dc-b448-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2196bca-aecf-11db-b0ea-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2196bca-aecf-11db-b0ea-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfe72ba6-1cc6-11dc-b28d-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfe72ba6-1cc6-11dc-b28d-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5674fce-edff-11dc-b692-0090d0d28391}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5674fce-edff-11dc-b692-0090d0d28391}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a7400d6-6615-4a06-a4d1-48979fa6e868}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a7400d6-6615-4a06-a4d1-48979fa6e868}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}\ deleted successfully. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{e4000b62-fa5d-4b39-b254-0a4c485aaf11} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6a7400d6-6615-4a06-a4d1-48979fa6e868} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a7400d6-6615-4a06-a4d1-48979fa6e868}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FrameWorkService deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DRIVESYS deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RavAV deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows UDP Control Center deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DRIVESYS1 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download With SpeedNet\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BB4C402F-882A-4526-8C08-51278EA437C1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB4C402F-882A-4526-8C08-51278EA437C1}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Morpheus\Morpheus.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\rlvknlg.exe deleted successfully. ========== FILES ========== File/Folder C:\Windows\System32\bycool1\windo.exe not found. File/Folder C:\Windows\System32\bycool\winacces.exe not found. C:\Windows\System32\bycool moved successfully. C:\WINDOWS\system32\bycool1 moved successfully. File/Folder C:\WINDOWS\AdobeR.exe not found. File/Folder C:\Windows\System32\installer.exe not found. File/Folder C:\Windows\installer.exe not found. File/Folder C:\Program Files\Morpheus not found. C:\Program Files\MorpheusBar\SrchAstt\1.bin moved successfully. C:\Program Files\MorpheusBar\SrchAstt moved successfully. C:\Program Files\MorpheusBar\PopSwatr\History moved successfully. C:\Program Files\MorpheusBar\PopSwatr moved successfully. C:\Program Files\MorpheusBar\bar\Settings moved successfully. C:\Program Files\MorpheusBar\bar\History moved successfully. C:\Program Files\MorpheusBar\bar\Cache moved successfully. C:\Program Files\MorpheusBar\bar\1.bin moved successfully. C:\Program Files\MorpheusBar\bar moved successfully. C:\Program Files\MorpheusBar moved successfully. C:\Program Files\iminent-en moved successfully. C:\Program Files\RegCure\Logs moved successfully. C:\Program Files\RegCure moved successfully. C:\Program Files\Save moved successfully. C:\WINDOWS\tasks\RegCure.job moved successfully. File/Folder C:\DOCUME~1\khadim\LOCALS~1\Temp\herss.exe not found. C:\frg89pi.bat moved successfully. C:\VundoFix Backups moved successfully. C:\VundoFix.txt moved successfully. C:\Program Files\HotTVPlayer\Ogg moved successfully. C:\Program Files\HotTVPlayer moved successfully. C:\Program Files\InternetGameBox\skins moved successfully. C:\Program Files\InternetGameBox\ressources moved successfully. C:\Program Files\InternetGameBox moved successfully. C:\WINDOWS\pack.epk moved successfully. C:\WINDOWS\System32\nvs2.inf moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\XLSTKRNL.DLL C:\WINDOWS\system32\XLSTKRNL.DLL NOT unregistered. C:\WINDOWS\system32\XLSTKRNL.DLL moved successfully. File/Folder C:\WINDOWS\system32\e8main0.dll not found. File/Folder C:\WINDOWS\system32\rlvknlg.exe not found. C:\WINDOWS\AhnRpta.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: abdoulaye ->Temp folder emptied: 159494270 bytes ->Temporary Internet Files folder emptied: 59774566 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: kany ->Temp folder emptied: 1218091506 bytes ->Temporary Internet Files folder emptied: 572010743 bytes ->Java cache emptied: 174707 bytes User: khadim ->Temp folder emptied: 1914739864 bytes File delete failed. C:\Documents and Settings\khadim\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 96929796 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 10540332 bytes User: magatte ->Temp folder emptied: 761030838 bytes ->Temporary Internet Files folder emptied: 389716403 bytes User: maoumy ->Temp folder emptied: 1339868494 bytes ->Temporary Internet Files folder emptied: -741405468 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3177929 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134506 bytes %systemroot%\System32 .tmp files removed: 4231168 bytes Windows Temp folder emptied: 181534 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1426,47 mb OTM by OldTimer - Version 3.0.0.6 log created on 09032009_125804 Files moved on Reboot... Registry entries deleted on Reboot... Et celui de RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by khadim at 2009-09-03 13:37:01 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 35 GB (35%) free of 100 GB Total RAM: 446 MB (39% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:37:17, on 03/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe C:\Program Files\Iminent\IMBooster\imbooster.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Documents and Settings\khadim\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\khadim.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=58a6abff-...mp;ref=homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1582D73-24D6-4E92-8FDF-343C1EEC7495}: NameServer = 213.154.95.126,213.154.64.13 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 11990 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{2F8A33DB-075A-4C6E-8932-5579E67EC174}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}] Iminent.BHO.NavigationError - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll [2009-04-08 102912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-04 669168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-29 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-19 196608] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2005-09-25 155648] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "FixCamera"=C:\WINDOWS\FixCamera.exe [] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-02-07 262144] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392] "StormCodec_Helper"=C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2005-03-24 94770] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] "Iminent.Notifier"=C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe [2009-04-09 496640] "IMBooster"=C:\Program Files\Iminent\IMBooster\imbooster.exe [2009-04-08 365568] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-22 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-10 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-25 94208] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo" "C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe"="C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe:*:Disabled:Halo" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo" "C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom" "C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe"="C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-03 12:58:04 ----D---- C:\_OTM 2009-09-02 21:02:47 ----D---- C:\rsit 2009-09-02 20:51:50 ----A---- C:\TB.txt 2009-09-02 20:49:04 ----D---- C:\ToolBar SD 2009-09-02 20:02:00 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2009-09-02 16:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-09-02 16:29:11 ----D---- C:\WINDOWS\ie8updates 2009-09-02 16:21:20 ----HDC---- C:\WINDOWS\ie8 2009-09-02 15:39:01 ----A---- C:\WINDOWS\OEWABLog.txt 2009-09-02 15:36:48 ----D---- C:\WINDOWS\Prefetch 2009-09-02 15:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-09-02 15:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-09-02 15:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-09-02 15:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-09-02 15:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-09-02 15:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-09-02 15:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-09-02 15:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-09-02 15:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-09-02 15:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-02 15:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-09-02 15:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-09-02 15:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-09-02 15:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-09-02 15:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-09-02 15:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-09-02 15:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-09-02 15:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-09-02 15:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-09-02 15:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-09-02 15:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-09-02 15:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-09-02 15:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-09-02 15:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-09-02 15:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-09-02 15:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-09-02 15:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-09-02 15:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-09-02 15:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-09-02 15:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-09-02 15:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-09-02 15:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-09-02 15:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-09-02 15:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-09-02 15:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-09-02 15:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-09-02 15:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-09-02 15:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-09-02 15:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2009-09-02 15:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-09-02 15:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-09-02 15:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-09-02 15:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-09-02 15:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-09-02 15:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-09-02 15:14:23 ----A---- C:\WINDOWS\setuplog.txt 2009-09-02 15:11:08 ----D---- C:\WINDOWS\l2schemas 2009-09-02 15:11:07 ----D---- C:\WINDOWS\system32\fr 2009-09-02 15:11:06 ----D---- C:\WINDOWS\system32\bits 2009-09-02 14:56:52 ----A---- C:\WINDOWS\imsins.BAK 2009-09-02 14:56:48 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-02 14:51:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-08-30 19:02:12 ----D---- C:\Program Files\Dofus 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\khadim\Application Data\Yahoo! 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2009-08-29 18:50:00 ----D---- C:\Program Files\Yahoo! 2009-08-29 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-29 00:12:10 ----D---- C:\Program Files\Kaspersky Lab 2009-08-29 00:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-08-28 23:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-08-24 17:29:29 ----D---- C:\Program Files\Trend Micro 2009-08-24 12:34:51 ----D---- C:\Documents and Settings\khadim\Application Data\Malwarebytes 2009-08-24 12:34:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-24 12:34:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-22 14:59:11 ----D---- C:\WINDOWS\system32\NtmsData 2009-08-17 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$ 2009-08-14 17:24:44 ----D---- C:\Program Files\Avira 2009-08-14 10:04:50 ----D---- C:\Documents and Settings\khadim\Application Data\F-Secure 2009-08-14 09:53:51 ----D---- C:\Program Files\F-Secure Internet Security 2009-08-14 09:48:02 ----D---- C:\Documents and Settings\All Users\Application Data\fssg 2009-08-14 09:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure 2009-08-14 00:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$ 2009-08-14 00:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$ 2009-08-14 00:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$ 2009-08-14 00:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$ 2009-08-14 00:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-14 00:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$ 2009-08-14 00:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$ 2009-08-14 00:52:05 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-14 00:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-14 00:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$ 2009-08-14 00:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-12 23:22:24 ----D---- C:\Documents and Settings\khadim\Application Data\Help 2009-08-11 13:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$ 2009-08-11 13:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$ 2009-08-09 16:59:47 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-09 16:59:43 ----D---- C:\Program Files\MSBuild 2009-08-09 16:59:41 ----D---- C:\WINDOWS\system32\en-US 2009-08-09 16:59:34 ----D---- C:\Program Files\Reference Assemblies 2009-08-09 16:58:53 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-09 16:50:02 ----D---- C:\Program Files\MSXML 6.0 2009-08-04 22:25:20 ----N---- C:\WINDOWS\winspad.ini 2009-08-04 22:25:11 ----A---- C:\WINDOWS\system32\Sp32w.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gswdll32.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gswag32.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gsw32.exe 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\GSPNG32.DLL 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\GSJPG32.DLL 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\SpadClientAction.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\ParserSpadMSGClient.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\CreatorSpadMSG.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\ClientProfile.dll 2009-08-04 22:24:56 ----A---- C:\WINDOWS\system32\TRIEDIT.DLL 2009-08-04 22:24:52 ----A---- C:\WINDOWS\system32\MSJET35.DLL 2009-08-04 22:24:51 ----A---- C:\WINDOWS\system32\Vb5db.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\Qpro32.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\PEGRP32a.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\PEGRC32A.dll 2009-08-04 22:24:49 ----A---- C:\WINDOWS\system32\MSREPL35.DLL 2009-08-04 22:24:49 ----A---- C:\WINDOWS\system32\MSJTER35.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\MSJT4JLT.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\MSJINT35.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\Mhmu32.dll 2009-08-04 22:24:46 ----A---- C:\WINDOWS\system32\OrganonLib.dll 2009-08-04 22:24:43 ----A---- C:\WINDOWS\system32\NucleusLib.dll 2009-08-04 22:24:41 ----A---- C:\WINDOWS\system32\STAMIN32.DLL 2009-08-04 22:24:41 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL 2009-08-04 22:24:40 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2009-08-04 22:24:39 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL 2009-08-04 22:24:23 ----D---- C:\Program Files\DECISIA ======List of files/folders modified in the last 1 months====== 2009-09-03 13:36:15 ----A---- C:\WINDOWS\NeroDigital.ini 2009-09-03 13:34:27 ----D---- C:\WINDOWS\Temp 2009-09-03 13:27:54 ----D---- C:\WINDOWS\system32 2009-09-03 13:27:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-03 13:25:34 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-03 13:24:57 ----D---- C:\WINDOWS 2009-09-03 12:59:08 ----RD---- C:\Program Files 2009-09-03 12:59:07 ----SD---- C:\WINDOWS\Tasks 2009-09-03 12:56:52 ----D---- C:\Program Files\SpeedNet 5.1 Trial 2009-09-03 12:56:24 ----D---- C:\Program Files\SuperCopier2 2009-09-02 20:51:13 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-02 20:12:28 ----D---- C:\Program Files\Fichiers communs 2009-09-02 20:02:03 ----D---- C:\WINDOWS\system32\drivers 2009-09-02 19:42:36 ----HD---- C:\WINDOWS\inf 2009-09-02 16:49:11 ----D---- C:\WINDOWS\WinSxS 2009-09-02 16:45:09 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-02 16:44:53 ----D---- C:\WINDOWS\network diagnostic 2009-09-02 16:35:20 ----D---- C:\WINDOWS\system32\fr-fr 2009-09-02 16:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Media 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Help 2009-09-02 16:35:19 ----D---- C:\Program Files\Internet Explorer 2009-09-02 16:35:18 ----HD---- C:\Config.Msi 2009-09-02 16:30:36 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-02 16:18:04 ----D---- C:\WINDOWS\Debug 2009-09-02 16:02:14 ----SHD---- C:\WINDOWS\Installer 2009-09-02 15:36:12 ----D---- C:\WINDOWS\system32\Setup 2009-09-02 15:36:12 ----D---- C:\WINDOWS\AppPatch 2009-09-02 15:36:11 ----D---- C:\WINDOWS\system32\wbem 2009-09-02 15:36:10 ----RSD---- C:\WINDOWS\Fonts 2009-09-02 15:32:18 ----D---- C:\Program Files\Outlook Express 2009-09-02 15:27:06 ----D---- C:\WINDOWS\security 2009-09-02 15:22:32 ----D---- C:\Program Files\Messenger 2009-09-02 15:12:03 ----D---- C:\WINDOWS\ehome 2009-09-02 15:11:59 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-02 15:11:57 ----D---- C:\WINDOWS\ime 2009-09-02 15:11:10 ----D---- C:\WINDOWS\system32\usmt 2009-09-02 15:11:06 ----D---- C:\WINDOWS\PeerNet 2009-09-02 15:11:06 ----D---- C:\Program Files\Movie Maker 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\Restore 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\npp 2009-09-02 15:03:51 ----D---- C:\WINDOWS\msagent 2009-09-02 15:03:48 ----D---- C:\WINDOWS\srchasst 2009-09-02 15:03:44 ----D---- C:\Program Files\NetMeeting 2009-09-02 15:03:39 ----D---- C:\WINDOWS\system32\Com 2009-09-02 15:03:30 ----D---- C:\Program Files\Windows Media Player 2009-09-02 15:03:28 ----D---- C:\Program Files\Windows NT 2009-09-02 15:03:18 ----D---- C:\Program Files\Fichiers communs\System 2009-09-02 15:02:19 ----D---- C:\WINDOWS\system32\oobe 2009-09-02 15:02:17 ----D---- C:\WINDOWS\system 2009-09-02 10:34:57 ----D---- C:\WINDOWS\Microsoft.NET 2009-09-01 22:00:35 ----SD---- C:\Documents and Settings\khadim\Application Data\Microsoft 2009-09-01 10:44:08 ----SHD---- C:\System Volume Information 2009-08-29 18:54:14 ----D---- C:\WINDOWS\Minidump 2009-08-23 18:32:46 ----D---- C:\Program Files\Wakfu 2009-08-23 18:30:53 ----D---- C:\Documents and Settings\khadim\Application Data\eMule 2009-08-23 18:30:51 ----D---- C:\Program Files\eMule 2009-08-22 14:59:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-08-14 17:21:32 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-08-09 17:24:17 ----RSD---- C:\WINDOWS\assembly 2009-08-09 16:54:41 ----D---- C:\WINDOWS\system32\mui 2009-08-05 10:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-04 22:24:23 ----HD---- C:\Program Files\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-03 296976] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-19 132608] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S2 Ca533av;USB PC Camera; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-08-22 516021] S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600] S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;DIGITAL CAMERA; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504] R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] R2 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-11-11 69120] R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2007-03-10 949760] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-13 66872] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Bonjour. J'ai du passé directement à l'étape 2. J'ai réussi à désinstaller Norton. Voici Les rapports de RSIT : Le log : Logfile of random's system information tool 1.06 (written by random/random) Run by khadim at 2009-09-02 21:02:47 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 25 GB (25%) free of 100 GB Total RAM: 446 MB (20% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:02:58, on 02/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Iminent\IMBooster\imbooster.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Documents and Settings\khadim\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\khadim.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=58a6abff-...mp;ref=homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file) O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: IMBooster4web-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimi1.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: IMBooster4web-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimi1.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe O4 - HKLM\..\Run: [DRIVESYS] C:\Windows\System32\bycool\winacces.exe O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] installer.exe O4 - HKLM\..\Run: [DRIVESYS1] C:\Windows\System32\bycool1\windo.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\khadim\LOCALS~1\Temp\herss.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: Download With SpeedNet - C:\PROGRA~1\SPEEDN~1.1TR\download.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1582D73-24D6-4E92-8FDF-343C1EEC7495}: NameServer = 213.154.95.126,213.154.64.13 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 13628 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\RegCure.job C:\WINDOWS\tasks\User_Feed_Synchronization-{2F8A33DB-075A-4C6E-8932-5579E67EC174}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C4E691E-50E0-4163-8E94-37F72E994272}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-07-03 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a7400d6-6615-4a06-a4d1-48979fa6e868}] IMBooster4web-en Toolbar - C:\Program Files\iminent-en\tbimi1.dll [2009-07-23 2215960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-22 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}] Iminent.BHO.NavigationError - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll [2009-04-08 102912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}] LinkToContent Class - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll [2009-02-23 117248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-04 669168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}] C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-22 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-29 264720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}] P2P Torrent Toolbar - C:\Program Files\download-boosters\tbdow0.dll [2008-03-25 1470488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - P2P Torrent Toolbar - C:\Program Files\download-boosters\tbdow0.dll [2008-03-25 1470488] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] {6a7400d6-6615-4a06-a4d1-48979fa6e868} - IMBooster4web-en Toolbar - C:\Program Files\iminent-en\tbimi1.dll [2009-07-23 2215960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-19 196608] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2005-09-25 155648] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528] "FixCamera"=C:\WINDOWS\FixCamera.exe [] "tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2007-02-07 262144] "snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-19 827392] "StormCodec_Helper"=C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2005-03-24 94770] "FrameWorkService"= [] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] "Iminent.Notifier"=C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe [2009-04-09 496640] "DRIVESYS"=C:\Windows\System32\bycool\winacces.exe [] "IMBooster"=C:\Program Files\Iminent\IMBooster\imbooster.exe [2009-04-08 365568] "RavAV"=C:\WINDOWS\AdobeR.exe [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-22 136600] "Windows UDP Control Center"=installer.exe [] "DRIVESYS1"=C:\Windows\System32\bycool1\windo.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-10 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "ares"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-25 94208] "cdoosoft"=C:\DOCUME~1\khadim\LOCALS~1\Temp\herss.exe [] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-01-10 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2009-07-03 219664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"=C:\WINDOWS\system32\e8main0.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus" "C:\WINDOWS\system32\rlvknlg.exe"="C:\WINDOWS\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe" "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo" "C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe"="C:\Program Files\Microsoft Games\Halo Custom Edition\haloCE_nocd.exe:*:Disabled:Halo" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo" "C:\Program Files\VoipCheapCom\VoipCheapCom.exe"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom" "C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference" "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe"="C:\Documents and Settings\khadim\Local Settings\Temp\7zSD25.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5865965c-c340-11db-b13c-0090d0d28391}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e1a35ee-5f60-11de-bc55-00161737b54c}] shell\AutoRun\command - F:\lcw.exe shell\open\command - F:\lcw.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a293a9e-f7e3-11db-b212-0090d0d28391}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db56c6a-a9db-11db-b0d9-0090d0d28391}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e32970c-3436-11de-bbd5-00161737b54c}] shell\AutoRun\command - cv22.cmd shell\open\command - cv22.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6cc45da-660d-11dc-b448-0090d0d28391}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2196bca-aecf-11db-b0ea-0090d0d28391}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfe72ba6-1cc6-11dc-b28d-0090d0d28391}] shell\Auto\command - G:\AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5674fce-edff-11dc-b692-0090d0d28391}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs ======List of files/folders created in the last 1 months====== 2009-09-02 21:02:47 ----D---- C:\rsit 2009-09-02 20:51:50 ----A---- C:\TB.txt 2009-09-02 20:49:04 ----D---- C:\ToolBar SD 2009-09-02 20:02:00 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2009-09-02 16:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-09-02 16:29:11 ----D---- C:\WINDOWS\ie8updates 2009-09-02 16:21:20 ----HDC---- C:\WINDOWS\ie8 2009-09-02 15:39:01 ----A---- C:\WINDOWS\OEWABLog.txt 2009-09-02 15:36:48 ----D---- C:\WINDOWS\Prefetch 2009-09-02 15:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-09-02 15:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-09-02 15:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-09-02 15:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-09-02 15:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-09-02 15:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-09-02 15:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-09-02 15:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-09-02 15:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-09-02 15:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-02 15:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-09-02 15:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-09-02 15:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-09-02 15:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-09-02 15:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-09-02 15:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-09-02 15:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-09-02 15:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-09-02 15:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-09-02 15:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-09-02 15:28:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-09-02 15:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-09-02 15:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-09-02 15:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-09-02 15:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-09-02 15:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-09-02 15:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-09-02 15:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-09-02 15:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-09-02 15:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-09-02 15:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-09-02 15:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-09-02 15:24:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-09-02 15:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-09-02 15:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-09-02 15:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-09-02 15:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-09-02 15:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-09-02 15:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2009-09-02 15:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-09-02 15:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-09-02 15:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-09-02 15:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-09-02 15:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-09-02 15:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-09-02 15:14:23 ----A---- C:\WINDOWS\setuplog.txt 2009-09-02 15:11:08 ----D---- C:\WINDOWS\l2schemas 2009-09-02 15:11:07 ----D---- C:\WINDOWS\system32\fr 2009-09-02 15:11:06 ----D---- C:\WINDOWS\system32\bits 2009-09-02 14:56:52 ----A---- C:\WINDOWS\imsins.BAK 2009-09-02 14:56:48 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-02 14:51:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-08-31 17:06:01 ----RSH---- C:\frg89pi.bat 2009-08-30 19:02:12 ----D---- C:\Program Files\Dofus 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\khadim\Application Data\Yahoo! 2009-08-29 18:50:11 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2009-08-29 18:50:00 ----D---- C:\Program Files\Yahoo! 2009-08-29 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-29 00:12:10 ----D---- C:\Program Files\Kaspersky Lab 2009-08-29 00:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-08-28 23:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-08-24 17:54:23 ----D---- C:\VundoFix Backups 2009-08-24 17:54:23 ----A---- C:\VundoFix.txt 2009-08-24 17:29:29 ----D---- C:\Program Files\Trend Micro 2009-08-24 12:34:51 ----D---- C:\Documents and Settings\khadim\Application Data\Malwarebytes 2009-08-24 12:34:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-24 12:34:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-22 14:59:11 ----D---- C:\WINDOWS\system32\NtmsData 2009-08-17 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$ 2009-08-14 17:24:44 ----D---- C:\Program Files\Avira 2009-08-14 10:04:50 ----D---- C:\Documents and Settings\khadim\Application Data\F-Secure 2009-08-14 09:53:51 ----D---- C:\Program Files\F-Secure Internet Security 2009-08-14 09:48:02 ----D---- C:\Documents and Settings\All Users\Application Data\fssg 2009-08-14 09:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure 2009-08-14 00:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$ 2009-08-14 00:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$ 2009-08-14 00:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$ 2009-08-14 00:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$ 2009-08-14 00:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-14 00:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$ 2009-08-14 00:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$ 2009-08-14 00:52:05 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-14 00:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-14 00:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$ 2009-08-14 00:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-12 23:22:24 ----D---- C:\Documents and Settings\khadim\Application Data\Help 2009-08-11 13:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$ 2009-08-11 13:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$ 2009-08-10 22:21:58 ----A---- C:\WINDOWS\AhnRpta.exe 2009-08-09 16:59:47 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-09 16:59:43 ----D---- C:\Program Files\MSBuild 2009-08-09 16:59:41 ----D---- C:\WINDOWS\system32\en-US 2009-08-09 16:59:34 ----D---- C:\Program Files\Reference Assemblies 2009-08-09 16:58:53 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-09 16:58:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-09 16:50:02 ----D---- C:\Program Files\MSXML 6.0 2009-08-04 22:25:20 ----N---- C:\WINDOWS\winspad.ini 2009-08-04 22:25:11 ----A---- C:\WINDOWS\system32\Sp32w.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gswdll32.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gswag32.dll 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\Gsw32.exe 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\GSPNG32.DLL 2009-08-04 22:25:01 ----A---- C:\WINDOWS\system32\GSJPG32.DLL 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\SpadClientAction.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\ParserSpadMSGClient.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\CreatorSpadMSG.dll 2009-08-04 22:24:57 ----A---- C:\WINDOWS\system32\ClientProfile.dll 2009-08-04 22:24:56 ----A---- C:\WINDOWS\system32\TRIEDIT.DLL 2009-08-04 22:24:52 ----A---- C:\WINDOWS\system32\MSJET35.DLL 2009-08-04 22:24:51 ----A---- C:\WINDOWS\system32\Vb5db.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\Qpro32.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\PEGRP32a.dll 2009-08-04 22:24:50 ----A---- C:\WINDOWS\system32\PEGRC32A.dll 2009-08-04 22:24:49 ----A---- C:\WINDOWS\system32\MSREPL35.DLL 2009-08-04 22:24:49 ----A---- C:\WINDOWS\system32\MSJTER35.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\MSJT4JLT.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\MSJINT35.DLL 2009-08-04 22:24:48 ----A---- C:\WINDOWS\system32\Mhmu32.dll 2009-08-04 22:24:46 ----A---- C:\WINDOWS\system32\OrganonLib.dll 2009-08-04 22:24:43 ----A---- C:\WINDOWS\system32\NucleusLib.dll 2009-08-04 22:24:41 ----A---- C:\WINDOWS\system32\STAMIN32.DLL 2009-08-04 22:24:41 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL 2009-08-04 22:24:40 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2009-08-04 22:24:39 ----A---- C:\WINDOWS\system32\XLSTKRNL.DLL 2009-08-04 22:24:39 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL 2009-08-04 22:24:23 ----D---- C:\Program Files\DECISIA ======List of files/folders modified in the last 1 months====== 2009-09-02 21:02:16 ----D---- C:\WINDOWS\Temp 2009-09-02 20:53:41 ----RD---- C:\Program Files 2009-09-02 20:51:13 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-02 20:28:58 ----A---- C:\WINDOWS\NeroDigital.ini 2009-09-02 20:21:44 ----D---- C:\WINDOWS\system32 2009-09-02 20:21:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-02 20:19:32 ----D---- C:\WINDOWS 2009-09-02 20:17:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-02 20:12:28 ----D---- C:\Program Files\Fichiers communs 2009-09-02 20:02:03 ----D---- C:\WINDOWS\system32\drivers 2009-09-02 19:42:36 ----HD---- C:\WINDOWS\inf 2009-09-02 16:49:11 ----D---- C:\WINDOWS\WinSxS 2009-09-02 16:45:09 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-02 16:44:53 ----D---- C:\WINDOWS\network diagnostic 2009-09-02 16:41:47 ----SD---- C:\WINDOWS\Tasks 2009-09-02 16:35:20 ----D---- C:\WINDOWS\system32\fr-fr 2009-09-02 16:35:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Media 2009-09-02 16:35:19 ----D---- C:\WINDOWS\Help 2009-09-02 16:35:19 ----D---- C:\Program Files\Internet Explorer 2009-09-02 16:35:18 ----HD---- C:\Config.Msi 2009-09-02 16:30:36 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-02 16:18:04 ----D---- C:\WINDOWS\Debug 2009-09-02 16:02:14 ----SHD---- C:\WINDOWS\Installer 2009-09-02 15:36:12 ----D---- C:\WINDOWS\system32\Setup 2009-09-02 15:36:12 ----D---- C:\WINDOWS\AppPatch 2009-09-02 15:36:11 ----D---- C:\WINDOWS\system32\wbem 2009-09-02 15:36:10 ----RSD---- C:\WINDOWS\Fonts 2009-09-02 15:32:18 ----D---- C:\Program Files\Outlook Express 2009-09-02 15:27:06 ----D---- C:\WINDOWS\security 2009-09-02 15:22:32 ----D---- C:\Program Files\Messenger 2009-09-02 15:12:03 ----D---- C:\WINDOWS\ehome 2009-09-02 15:11:59 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-02 15:11:57 ----D---- C:\WINDOWS\ime 2009-09-02 15:11:10 ----D---- C:\WINDOWS\system32\usmt 2009-09-02 15:11:06 ----D---- C:\WINDOWS\PeerNet 2009-09-02 15:11:06 ----D---- C:\Program Files\Movie Maker 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\Restore 2009-09-02 15:03:52 ----D---- C:\WINDOWS\system32\npp 2009-09-02 15:03:51 ----D---- C:\WINDOWS\msagent 2009-09-02 15:03:48 ----D---- C:\WINDOWS\srchasst 2009-09-02 15:03:44 ----D---- C:\Program Files\NetMeeting 2009-09-02 15:03:39 ----D---- C:\WINDOWS\system32\Com 2009-09-02 15:03:30 ----D---- C:\Program Files\Windows Media Player 2009-09-02 15:03:28 ----D---- C:\Program Files\Windows NT 2009-09-02 15:03:18 ----D---- C:\Program Files\Fichiers communs\System 2009-09-02 15:02:19 ----D---- C:\WINDOWS\system32\oobe 2009-09-02 15:02:17 ----D---- C:\WINDOWS\system 2009-09-02 10:34:57 ----D---- C:\WINDOWS\Microsoft.NET 2009-09-01 22:13:19 ----D---- C:\Program Files\iminent-en 2009-09-01 22:00:35 ----SD---- C:\Documents and Settings\khadim\Application Data\Microsoft 2009-09-01 10:44:08 ----SHD---- C:\System Volume Information 2009-08-29 18:54:14 ----D---- C:\WINDOWS\Minidump 2009-08-29 06:46:21 ----SHD---- C:\WINDOWS\system32\bycool1 2009-08-29 06:46:17 ----SHD---- C:\WINDOWS\system32\bycool 2009-08-23 18:32:46 ----D---- C:\Program Files\Wakfu 2009-08-23 18:30:53 ----D---- C:\Documents and Settings\khadim\Application Data\eMule 2009-08-23 18:30:51 ----D---- C:\Program Files\eMule 2009-08-22 14:59:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-08-14 17:21:32 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-08-09 17:24:17 ----RSD---- C:\WINDOWS\assembly 2009-08-09 16:54:41 ----D---- C:\WINDOWS\system32\mui 2009-08-05 10:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-04 22:24:23 ----HD---- C:\Program Files\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-03 296976] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-10 1421312] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-19 132608] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288] R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S2 Ca533av;USB PC Camera; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-08-22 516021] S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600] S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688] S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;DIGITAL CAMERA; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-10 405504] R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-07-03 303376] R2 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-11-11 69120] R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2007-03-10 949760] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-13 66872] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Ensuite Info : info.txt logfile of random's system information tool 1.06 2009-09-02 21:03:05 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe After Effects 6.5-->MsiExec.exe /I{61CEB2D7-8D3B-4247-B75E-A95F6699B90A} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Agere Systems PCI Soft Modem-->agrsmdel Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB} Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F7BB0F7-E782-4086-BD9E-762204239605}\setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Client Windows Rights Management avec Service Pack 2-->MsiExec.exe /X{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Comptabilité-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9308A8EB-1C1B-11D4-BFC8-00C04F6180C7}\setup.exe" UNINSTALL Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Digimax Master-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x40c -removeonly DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Dofus 1.28.0-->C:\Program Files\Dofus\uninstall.exe download-boosters Toolbar-->C:\PROGRA~1\DOWNLO~1\UNWISE.EXE C:\PROGRA~1\DOWNLO~1\INSTALL.LOG Encyclopédie Hachette Multimédia-->C:\WINDOWS\unvise32.exe C:\program files\EHMINSTALL\uninstal.log Family Restaurant-->"C:\Program Files\Gamenext\Family Restaurant\Uninstall.exe" "C:\Program Files\Gamenext\Family Restaurant\install.log" ffdshow (remove only)-->"C:\Program Files\Ringz Studio\Storm Codec\Codecs\uninstall.exe" Flary Address-->MsiExec.exe /X{F618BFCB-BCD8-4698-BEE8-B0C5FD75DA23} FUJIFILM CAMERA DIGITAL Q1 Driver-->C:\PROGRA~1\FUJIFI~1\UNWISE.EXE C:\PROGRA~1\FUJIFI~1\INSTALL.LOG FUJIFILM CAMERA DIGITAL Q1 User's Manual-->C:\PROGRA~1\FUJIFI~2\UNWISE.EXE C:\PROGRA~1\FUJIFI~2\INSTALL.LOG Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Gizmo Plugin-->C:\Program Files\GizmoPlugin\uninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HotTVPlayer-->rundll32.exe "C:\WINDOWS\system32\HotTVPlayer.dll",Uninstall HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat hp deskjet 940c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 940c series HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat IMBooster-->"C:\Documents and Settings\All Users\Application Data\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe" REMOVE=TRUE MODIFY=FALSE IMBooster-->C:\Documents and Settings\All Users\Application Data\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe iminent-en Toolbar-->C:\PROGRA~1\IMINEN~1\UNWISE.EXE C:\PROGRA~1\IMINEN~1\INSTALL.LOG Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} InternetGameBox -->C:\Program Files\InternetGameBox\uninst.exe iPod for Windows 2006-03-23-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1036 iTunes-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1036 Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu" Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16} Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe" LRC Editor 4.0 (remove only)-->"C:\Program Files\LRC Editor 4\uninst-gsle4.exe" Manuels électroniques-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FADD7B80-56C9-11D2-A387-00C04FC6ACC9}\setup.exe" UNINSTALL Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Halo Custom Edition-->"C:\Program Files\Microsoft Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Morpheus 5.4 (remove only)-->"C:\Program Files\Morpheus\UninstMorpheus.exe" Morpheus Toolbar-->rundll32 C:\PROGRA~1\MORPHE~1\bar\1.bin\MorphBar.dll,O MP3 Player Utilities 3.74-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031} Officiel des diplômes désinstallation-->C:\Program Files\Officiel des Diplômes 2007\uninstall.exe Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe" PhotoSuite 4 (suppression seulement)-->"C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu" -c"C:\Program Files\Roxio\PhotoSuite 4\System\CustomUninstall.dll" Photovista Panorama 2.02-->"C:\Program Files\iSee Media\Photovista 2.02\UninstallerData\Uninstall Photovista Panorama 2.02.exe" QuickTime Alternative 1.44-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Real Alternative 1.35-->"C:\Program Files\Real Alternative\unins000.exe" RegCure 1.0.0.43-->C:\Program Files\RegCure\uninst.exe Samsung USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything SearchTheWeb-->MsiExec.exe /X{7B0A5C9F-9671-4C94-8F7C-22AC94B3416C} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SP2 de compatibilité descendante du client Windows Rights Management-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Spadv55-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{404B0D68-29C5-4253-8624-028EA28CBFEC}\Setup.exe" -l0x40c -uninst SpeedNet 5.1 Trial-->C:\PROGRA~1\SPEEDN~1.1TR\UNWISE.EXE C:\PROGRA~1\SPEEDN~1.1TR\INSTALL.LOG Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst.exe StylORImage-->MsiExec.exe /I{E96D5415-7D76-4115-A7F4-3C0108BF0D09} SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe" Sybase PowerAMC 9.5 Evaluation-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Sybase\PowerAMC Evaluation 9\AMC90trl.isu" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Updating eToro-->C:\PROGRA~1\eToro\UNWISE.EXE C:\PROGRA~1\eToro\INSTALL.LOG USB PC Camera-168-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x040c -removeonly VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe VoipCheapCom-->"C:\Program Files\VoipCheapCom\unins000.exe" WhenU SaveNow-->"C:\Program Files\Save\SaveUninst.exe" /rWUSV /kSaveNow /d"WhenU SaveNow" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe" Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======Security center information====== AV: Kaspersky Anti-Virus ======System event log====== Computer Name: KANY-2B3C4119A6 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI. Record Number: 52417 Source Name: Service Control Manager Time Written: 20090823172256.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: KANY-2B3C4119A6 Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 52416 Source Name: Service Control Manager Time Written: 20090823172248.000000+060 Event Type: Informations User: Computer Name: KANY-2B3C4119A6 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP. Record Number: 52415 Source Name: Service Control Manager Time Written: 20090823172246.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: KANY-2B3C4119A6 Event Code: 7000 Message: Le service AVPsys n'a pas pu démarrer en raison de l'erreur : Un périphérique attaché au système ne fonctionne pas correctement. Record Number: 52414 Source Name: Service Control Manager Time Written: 20090823172245.000000+060 Event Type: erreur User: Computer Name: KANY-2B3C4119A6 Event Code: 7036 Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution. Record Number: 52413 Source Name: Service Control Manager Time Written: 20090823172245.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: KANY-2B3C4119A6 Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 7834 Source Name: LoadPerf Time Written: 20090816220406.000000+060 Event Type: Informations User: Computer Name: KANY-2B3C4119A6 Event Code: 3011 Message: Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section Data. Record Number: 7833 Source Name: LoadPerf Time Written: 20090816220357.000000+060 Event Type: erreur User: Computer Name: KANY-2B3C4119A6 Event Code: 3012 Message: Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. Record Number: 7832 Source Name: LoadPerf Time Written: 20090816220357.000000+060 Event Type: erreur User: Computer Name: KANY-2B3C4119A6 Event Code: 3012 Message: Les chaînes de performance dans la valeur de Registre Performance sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance. La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans la section Données, la valeur LastCounter est le deuxième DWORD dans la section Données, et la valeur LastHelp est le troisième DWORD dans la section Données. Record Number: 7831 Source Name: LoadPerf Time Written: 20090816220355.000000+060 Event Type: erreur User: Computer Name: KANY-2B3C4119A6 Event Code: 4113 Message: Record Number: 7830 Source Name: Avira AntiVir Time Written: 20090816220317.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\WINDOWS\system32\QTJava.zip "QTJAVA"=C:\WINDOWS\system32\QTJava.zip -----------------EOF----------------- Puis le rapport de ToolsBar : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ ) BIOS : )Phoenix - Award WorkstationBIOS v6.00PG USER : khadim ( Administrator ) BOOT : Normal boot Antivirus : Kaspersky Anti-Virus 9.0.0.463 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:97 Go (Free:24 Go) D:\ (Local Disk) - NTFS - Total:51 Go (Free:51 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 02/09/2009|20:51 ) C:\DOCUME~1\khadim\LOCALS~1\Temp\nsa6BB.tmp C:\DOCUME~1\khadim\LOCALS~1\Temp\nsc5.tmp C:\DOCUME~1\khadim\LOCALS~1\Temp\nse11C9.tmp C:\DOCUME~1\khadim\LOCALS~1\Temp\nsg5A9.tmp C:\DOCUME~1\khadim\LOCALS~1\Temp\nsl73E.tmp C:\DOCUME~1\khadim\LOCALS~1\Temp\nso707.tmp C:\DOCUME~1\khadim\LOCALS~1\Temp\nsvA2E.tmp -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-15-12-28-07 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-15-12-28-07.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-15-12-35-11 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-15-12-35-11.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-15-14-07-06 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-15-14-07-06.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-26-20-29-57 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-26-20-29-57.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-23-19-08-53 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-23-19-08-53.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-26-22-59-15 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-26-22-59-15.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-31-14-23-11 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-31-14-23-11.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-01-13-28-28 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-08-01-13-28-28.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-09-11-18-25-59 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-09-11-18-25-59.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-12-13-05-12 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-12-13-05-12.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-12-13-05-14 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-12-13-05-14.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-15-12-09-16 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-15-12-09-16.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-18-20-31-23 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-18-20-31-23.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-25-00-13-34 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-10-25-00-13-34.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-03-20-29-31 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-11-03-20-29-31.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-20-46-23 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-12-11-20-46-23.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\09-03-14-07-49-41 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\09-03-14-07-49-41.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\09-03-26-10-13-04 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\09-03-26-10-13-04.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\4_elements16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\adventures_of_robinson_crusoe16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Atlantis_Quest16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_chronicles16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\magic_ball_416x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mortimer_beckett_spooky_manor16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_ Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_yahoo.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sherlock_holmes16x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\strike_ball_316x16.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif Supprime! - C:\Program Files\GamesBar\Localization-French.ini Supprime! - C:\Program Files\GamesBar\oberontb.dll Supprime! - C:\Program Files\GamesBar\OBGet.exe Supprime! - C:\Program Files\GamesBar\uninst.exe Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nsa6BB.tmp Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nsc5.tmp Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nse11C9.tmp Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nsg5A9.tmp Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nsl73E.tmp Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nso707.tmp Supprime! - C:\DOCUME~1\khadim\LOCALS~1\Temp\nsvA2E.tmp Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar Supprime! - C:\Program Files\GamesBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://search.iminent.com/?appId=58a6abff-b714-47bf-8df3-2175d6228ddd&lcid=1036&ref=homepage" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections C:\Program Files\HotTVPlayer C:\Program Files\HotTVPlayer\hottv.ico C:\Program Files\HotTVPlayer\Ogg C:\Program Files\InternetGameBox C:\Program Files\InternetGameBox\Conditions g‚n‚rales.url C:\Program Files\InternetGameBox\Confidentialit‚.url C:\Program Files\InternetGameBox\language C:\Program Files\InternetGameBox\ressources C:\Program Files\InternetGameBox\skins C:\Program Files\InternetGameBox\Website.url C:\WINDOWS\Pack.epk C:\WINDOWS\System32\nvs2.inf ==> EGDACCESS <== 1 - "C:\ToolBar SD\TB_1.txt" - 02/09/2009|20:57 - Option : [2] -----------\\ Fin du rapport a 20:57:39,01 PS : Kasperky a détecté un programme malveillant appelé SUPERCOPIER2: est-ce un virus dangereux ? -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Rebonjour. Malheureusement pour moi le lien d'UsbFix ne mrche pas :'( ( Oups ! Petit Problème... Ce lien semble corrompu. ) . J'ai recherché sur google mais rien :'(. PS : J'ai désactivé le Live Update De Symantec, mais je n'ai pas réussi à désinstaller Norton ( je ne le vois nul part ). -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a répondu à un(e) sujet de Pirchet dans Analyses et éradication malwares
Salut ! Merci pour ta réponse. Je suis entrain de suivre tes conseils je te tiens au courant. PS : Pour la doublure j'ai essayé de la supprimer mais je suis nouveau ^^'. -
Pc infecté à l'aide s'il vous plait !
Pirchet a posté un sujet dans Analyses et éradication malwares
Mon ordinateur est infecté par ce fameux trojan depuis des jours. J'arrive pas à supprimer ce cheval de troie en plus j'ai l'impression qu'il se multiplie :'( . Comme Antivirus j'ai : Anti-Virus Kasperky Lab 9.0.0.463; Aidez moi s'il vous plait. Voici ci-dessous mon Log Hijackthis. Merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:22:59, on 01/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=58a6abff-...mp;ref=homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file) O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: IMBooster4web-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimi1.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: IMBooster4web-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimi1.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe O4 - HKLM\..\Run: [DRIVESYS] C:\Windows\System32\bycool\winacces.exe O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] installer.exe O4 - HKLM\..\Run: [DRIVESYS1] C:\Windows\System32\bycool1\windo.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\khadim\LOCALS~1\Temp\herss.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\RunOnce: [iminentRegUpdate] reg add HKCU\Software\Iminent /t REG_DWORD /v InstallationOwner /d 1 /f O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: Download With SpeedNet - C:\PROGRA~1\SPEEDN~1.1TR\download.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1582D73-24D6-4E92-8FDF-343C1EEC7495}: NameServer = 213.154.95.126,213.154.64.13 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 14147 bytes -
Aidez moi S'il vous plait ! PC Infecté que faire [Résolu]
Pirchet a posté un sujet dans Analyses et éradication malwares
Mon ordinateur est infecté par ce fameux trojan depuis des jours. J'arrive pas à supprimer ce cheval de troie en plus j'ai l'impression qu'il se multiplie :'( . Comme Antivirus j'ai : Anti-Virus Kasperky Lab 9.0.0.463; Aidez moi s'il vous plait. Voici ci-dessous mon Log Hijackthis. Merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:22:59, on 01/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=58a6abff-...mp;ref=homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file) O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: IMBooster4web-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimi1.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: P2P Torrent Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdow0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: IMBooster4web-en Toolbar - {6a7400d6-6615-4a06-a4d1-48979fa6e868} - C:\Program Files\iminent-en\tbimi1.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe O4 - HKLM\..\Run: [DRIVESYS] C:\Windows\System32\bycool\winacces.exe O4 - HKLM\..\Run: [iMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] installer.exe O4 - HKLM\..\Run: [DRIVESYS1] C:\Windows\System32\bycool1\windo.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\khadim\LOCALS~1\Temp\herss.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\RunOnce: [iminentRegUpdate] reg add HKCU\Software\Iminent /t REG_DWORD /v InstallationOwner /d 1 /f O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.74\AMVConverter\grab.html O8 - Extra context menu item: Download With SpeedNet - C:\PROGRA~1\SPEEDN~1.1TR\download.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.74\MediaManager\grab.html O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1582D73-24D6-4E92-8FDF-343C1EEC7495}: NameServer = 213.154.95.126,213.154.64.13 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 14147 bytes