Anarchy on my computer

Bonjour sioux et merci d'être passé. Voici le rapport du .txt 2010-02-17 06:03:48 . 2010-02-17 06:03:48 632 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PSwitch.reg.dat 2010-02-17 06:03:47 . 2010-02-17 06:03:47 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-lsass.reg.dat 2010-02-17 06:03:41 . 2010-02-17 06:03:41 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-jodouka.reg.dat 2010-02-17 06:03:40 . 2010-02-17 06:03:40 154 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PSwitch.reg.dat 2010-02-10 12:33:40 . 2010-02-10 13:18:29 40,996 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\imPlayok.exe.vir 2010-02-09 11:17:59 . 2010-02-09 11:17:59 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\logfile32.txt.vir 2010-02-09 11:17:56 . 2010-02-09 11:17:56 42,496 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\80.scr.vir 2010-02-08 13:16:48 . 2010-02-17 05:55:49 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYSDRV32.reg.dat 2010-02-08 13:16:48 . 2010-02-17 05:55:49 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ICF.reg.dat 2010-02-03 10:34:04 . 2010-02-03 10:34:04 42,496 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\08.scr.vir 2010-02-02 13:32:22 . 2010-02-02 13:32:22 42,496 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\34.scr.vir 2009-12-30 20:40:01 . 2010-02-10 13:22:00 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir 2009-11-12 22:38:01 . 2009-11-12 22:38:01 148,736 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\hpe4BF.dll.vir 2009-10-10 09:18:14 . 2009-10-10 09:18:14 134 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Microsoft Driver Setup.reg.dat 2009-10-10 09:00:57 . 2009-10-10 09:00:57 838 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-DAEMON Tools Toolbar.reg.dat 2009-10-10 09:00:57 . 2009-10-10 09:00:57 968 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-AMX Mod X Installer.reg.dat 2009-10-10 08:59:02 . 2010-02-17 05:55:27 10,477 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-10-10 08:56:12 . 2010-02-17 05:49:46 408 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-08-14 00:45:23 . 2009-08-14 00:45:23 0 ----a-w- C:\Qoobox\Quarantine\C\logfile32.txt.vir 2007-04-09 15:09:44 . 2007-04-09 15:09:44 77,312 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TWAIN_32.DLL.vir

Bonjour Thanos, Les scan a été fait en mode sans échec malheureusement lorsque l'ordinateur a redémarré j'ai eu une fois encore droit à l'écran bleu ( en laissant combofix finaliser son scan ) j'ai quand même regardé dans C:/ pour voir les rapports présents car j'ai assisté à la suppresion d'executable [...] familiers via combofix. Mais aucun rapport j'en ai peur. Dois-je essayer de refaire un scan avec une nouvelle version de combofix en scanant et redémarrant en mode sans échec ?

On dirait bien que c'est sans retour même RootRepeal m'affiche un écran bleu, et je l'ai fait tourner ce matin, en ce moment même je me bat avec les svchost.exe qui s'incruste dans mes processus et me font lagger. T_T Ps: j'ai également trouvé des executables dans mon C:/ ( ainu.exe ) et dans le repertoire de ma session ( ImPlayOk.exe )

Bonjour Thanos, Après quelques essais consécutifs je tombe toujours sur un écran bleu qui m'inscrit "Bad pool header" suivi du messahe habituel "si vous rencontre cet écran pour la premiere [...]" Et malheureusement il n'y a pas de rapport ComboFix.

Re. Durant l'utilisation de ComboFix ( après le redémarrage ) mon ordinateur à eu un écran bleu ce qui à interrompu son utilisation, j'aimerais ton avis avant de continuer.

Bonjour Thanos, et merci d'avoir patienté jusqu'ici. ( Je n'étais pas disponible Samedi soir et hier ) Vu que l'ordi à continué de tourner en mon absence le rapport de Malwarebyte s'est terminé ( en 13h effectivement... ) je te poste quand même celui-ci ainsi que les rapports RSIT. ______________________________ Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3695 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 08/02/2010 12:29:52 mbam-log-2010-02-08 (12-29-52).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 303680 Temps écoulé: 13 hour(s), 12 minute(s), 56 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 22 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass (Backdoor.IRCBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\msdrv32.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\BEN\Bureau\BattleField2\179.exe (Trojan.Orsam) -> Quarantined and deleted successfully. C:\Documents and Settings\BEN\Bureau\BattleField2\vtl-bf2k.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mégumi\imPlayok.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mégumi\Local Settings\Temporary Internet Files\Content.IE5\7RO7VA6H\loader[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mégumi\Mes documents\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0H6ZWHIV\dams[1] (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5RF6UCDI\dami[1] (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP12\A0054310.exe (Trojan.Buzus) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP13\A0061623.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP13\A0068352.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP14\A0072998.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP14\A0082324.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP14\A0085435.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{D00F8055-B25E-45D8-B6C4-073FE2C01504}\RP14\A0087367.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\67.scr (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\imPlayok.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\71.scr (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\sysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Mégumi\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system\1sass.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. _______________________ Logfile of random's system information tool 1.06 (written by random/random) Run by BEN at 2010-02-08 12:47:29 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 192 GB (63%) free of 305 GB Total RAM: 2047 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:47:37, on 08/02/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\OpenVPN\bin\openvpn-gui.exe C:\Program Files\Razer\Lachesis\razerhid.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\program files\steam\steam.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Razer\Lachesis\OSD.exe C:\Program Files\Razer\Lachesis\razertra.exe C:\Program Files\Razer\Lachesis\razerofa.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\AmplusnetPrivacyTools.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\BEN\Bureau\RSIT.exe C:\Program Files\trend micro\BEN.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.windows.fr/ie8/msn/bienvenue R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 94.23.115.128:9939->France R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [jodouka] C:\WINDOWS\system32\hywoumuc.exe O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\wind7upd.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunServices: [jodouka] C:\WINDOWS\system32\hywoumuc.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_14) - O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AmplusnetPrivacyTools - Unknown owner - C:\WINDOWS\system32\AmplusnetPrivacyTools.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Blue Coat K9 Web Protection (leyicxiya1pe) - Unknown owner - C:\Documents and Settings\Mégumi\Application Data\Microsoft\joufyttafa.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 11949 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-29 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-25 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-25 148888] "openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "Lachesis"=C:\Program Files\Razer\Lachesis\razerhid.exe [2007-09-12 172032] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "jodouka"=C:\WINDOWS\system32\hywoumuc.exe [] "Microsoft Driver Setup"=C:\WINDOWS\wind7upd.exe [] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-19 39408] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "Steam"=c:\program files\steam\steam.exe [2009-12-17 1217808] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "PSwitch"=C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST] m’|Pë [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2008-12-09 18063872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\BEN\Menu Démarrer\Programmes\Démarrage LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\WINDOWS\System32\08.scr"="C:\WINDOWS\system32\08.scr:*:C:\WINDOWS\msdrv32.exe" "C:\WINDOWS\System32\34.scr"="C:\WINDOWS\System32\34.scr:*:C:\WINDOWS\msdrv32.exe" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\System32\14.scr"="C:\WINDOWS\System32\14.scr:*:C:\WINDOWS\wind7upd.exe" "C:\WINDOWS\System32\71.scr"="C:\WINDOWS\System32\71.scr:*:C:\WINDOWS\msdrv32.exe" "C:\WINDOWS\System32\67.scr"="C:\WINDOWS\System32\67.scr:*:C:\WINDOWS\msdrv32.exe" "C:\WINDOWS\system\1sass.exe"="C:\WINDOWS\system\1sass.exe:*:Microsoft Enabled" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f29eed-b711-11de-bc5c-00241d15bac3}] shell\AutoRun\command - F:\ukvr.bat shell\open\command - F:\ukvr.bat ======List of files/folders created in the last 3 months====== 2010-02-08 12:47:30 ----D---- C:\Program Files\trend micro 2010-02-08 12:47:29 ----D---- C:\rsit 2010-02-06 12:51:06 ----A---- C:\mbam-error.txt 2010-01-21 18:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\boost_interprocess 2010-01-08 00:51:09 ----D---- C:\Program Files\Wormux 2010-01-08 00:51:09 ----D---- C:\Documents and Settings\BEN\Application Data\Wormux 2010-01-06 09:51:05 ----D---- C:\Program Files\RPG Maker 2003Projet 1 2009-12-30 21:43:01 ----D---- C:\Documents and Settings\BEN\Application Data\LimeWire 2009-12-30 21:42:43 ----D---- C:\Program Files\LimeWire 2009-12-28 17:28:48 ----A---- C:\WINDOWS\system32\cimmyfer.exe 2009-12-28 09:32:04 ----D---- C:\Documents and Settings\BEN\Application Data\TS3Client 2009-12-26 10:03:07 ----A---- C:\osi.exe 2009-12-26 09:59:13 ----A---- C:\WINDOWS\system32\joonnahou.exe 2009-12-25 08:56:26 ----A---- C:\dayi.exe 2009-12-23 03:58:07 ----D---- C:\Program Files\RocketDock 2009-12-22 16:28:06 ----A---- C:\WINDOWS\system32\CF2064.exe 2009-12-22 16:27:02 ----A---- C:\WINDOWS\system32\CF2294.exe 2009-12-21 22:38:41 ----D---- C:\Documents and Settings\BEN\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 2009-12-21 22:36:57 ----D---- C:\Program Files\Fichiers communs\Adobe AIR 2009-12-20 11:12:09 ----D---- C:\WINDOWS\system32\orphan_site_screensaver1_pc dir 2009-12-19 07:23:54 ----HD---- C:\WINDOWS\msdownld.tmp 2009-12-19 07:23:40 ----D---- C:\WINDOWS\WBEM 2009-12-19 07:23:17 ----HDC---- C:\WINDOWS\ie8 2009-12-19 07:23:17 ----D---- C:\WINDOWS\system32\fr-FR 2009-12-12 20:22:45 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-12-12 20:22:23 ----A---- C:\WINDOWS\system32\FsUsbExService.Exe 2009-12-12 20:22:23 ----A---- C:\WINDOWS\system32\FsUsbExDevice.Dll 2009-12-12 20:22:12 ----D---- C:\Documents and Settings\BEN\Application Data\Samsung 2009-12-12 20:22:01 ----D---- C:\Program Files\MarkAny 2009-12-12 20:09:07 ----D---- C:\Program Files\Samsung 2009-12-11 15:22:50 ----D---- C:\Program Files\Super macro 2009-12-05 19:18:12 ----D---- C:\Documents and Settings\BEN\Application Data\Apowersoft 2009-12-05 19:18:03 ----D---- C:\Program Files\Apowersoft 2009-12-01 11:09:24 ----D---- C:\Program Files\Veoh Networks 2009-12-01 10:54:31 ----D---- C:\Program Files\Fichiers communs\DivX Shared 2009-12-01 10:54:30 ----D---- C:\Program Files\DivX 2009-11-27 19:44:18 ----D---- C:\Ntreev USA 2009-11-20 19:32:31 ----D---- C:\Program Files\LogMeIn Hamachi 2009-11-15 02:29:50 ----A---- C:\WINDOWS\system32\PCProxy.dll 2009-11-15 02:29:50 ----A---- C:\WINDOWS\system32\AmplusnetPrivacyTools.ini 2009-11-15 02:29:50 ----A---- C:\WINDOWS\system32\AmplusnetPrivacyTools.exe 2009-11-15 02:29:49 ----A---- C:\WINDOWS\system32\RegisterLSP.exe 2009-11-15 02:29:48 ----D---- C:\Program Files\IP Hider 2009-11-13 01:39:31 ----D---- C:\Documents and Settings\BEN\Application Data\dvdcss 2009-11-12 23:40:48 ----D---- C:\Documents and Settings\BEN\Application Data\Apple Computer 2009-11-12 23:38:01 ----A---- C:\Documents and Settings\All Users\Application Data\hpe4BF.dll 2009-11-12 23:37:43 ----D---- C:\Program Files\Sony Ericsson 2009-11-12 23:37:43 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2009-11-12 23:37:32 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-11-12 23:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$ 2009-11-12 23:36:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-11-12 23:36:22 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2009-11-09 17:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan ======List of files/folders modified in the last 3 months====== 2010-02-08 12:47:30 ----RD---- C:\Program Files 2010-02-08 12:47:17 ----D---- C:\WINDOWS\Prefetch 2010-02-08 12:41:44 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-08 12:36:57 ----D---- C:\WINDOWS\Temp 2010-02-08 12:35:08 ----D---- C:\Program Files\Mozilla Firefox 2010-02-08 12:34:17 ----D---- C:\Program Files\Steam 2010-02-08 12:32:45 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-08 12:31:54 ----D---- C:\WINDOWS\system32\drivers 2010-02-08 12:31:54 ----D---- C:\WINDOWS\PeerNet 2010-02-08 12:29:52 ----D---- C:\WINDOWS\system32 2010-02-08 12:29:52 ----D---- C:\WINDOWS\system 2010-02-08 12:29:52 ----D---- C:\WINDOWS 2010-02-07 19:41:47 ----D---- C:\Documents and Settings\BEN\Application Data\Hamachi 2010-02-06 14:52:17 ----D---- C:\Program Files\Warcraft III 2010-02-05 22:34:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-05 14:51:44 ----A---- C:\WINDOWS\NeroDigital.ini 2010-02-05 11:17:56 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-05 11:11:54 ----D---- C:\WINDOWS\Minidump 2010-02-02 18:13:03 ----HD---- C:\WINDOWS\inf 2010-02-02 18:13:03 ----D---- C:\Program Files\Windows Live Safety Center 2010-02-02 14:45:34 ----RSD---- C:\WINDOWS\Fonts 2010-02-02 12:16:07 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-29 19:34:57 ----SHD---- C:\WINDOWS\Installer 2010-01-29 19:34:53 ----SD---- C:\WINDOWS\Tasks 2010-01-29 19:34:51 ----D---- C:\Program Files\Google 2010-01-27 20:48:58 ----D---- C:\Documents and Settings\BEN\Application Data\Skype 2010-01-27 20:48:30 ----D---- C:\Documents and Settings\BEN\Application Data\skypePM 2010-01-26 17:25:25 ----D---- C:\Documents and Settings 2010-01-25 21:59:45 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-01-22 07:45:32 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2010-01-08 03:33:36 ----D---- C:\Documents and Settings\BEN\Application Data\Adobe 2010-01-03 17:08:04 ----A---- C:\WINDOWS\ntbtlog.txt 2009-12-30 21:40:01 ----RD---- C:\WINDOWS\Web 2009-12-30 21:39:54 ----D---- C:\WINDOWS\ShellNew 2009-12-30 06:56:59 ----D---- C:\Program Files\Counter-Strike 1.6 2009-12-30 01:48:45 ----D---- C:\Documents and Settings\BEN\Application Data\XnView 2009-12-28 10:10:47 ----D---- C:\Program Files\Hamachi 2009-12-28 10:10:16 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-12-28 09:39:52 ----D---- C:\Program Files\Qtracker 2009-12-28 09:26:17 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND 2009-12-26 16:02:01 ----SD---- C:\Documents and Settings\BEN\Application Data\Microsoft 2009-12-26 11:16:49 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-24 13:18:15 ----A---- C:\WINDOWS\system32\svchost.exe 2009-12-22 16:29:00 ----D---- C:\Qoobox 2009-12-21 22:38:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-12-21 22:36:57 ----D---- C:\Program Files\Fichiers communs 2009-12-21 21:52:54 ----D---- C:\WINDOWS\system32\DirectX 2009-12-19 07:45:34 ----D---- C:\WINDOWS\Help 2009-12-19 07:45:34 ----D---- C:\Program Files\Internet Explorer 2009-12-19 07:23:44 ----D---- C:\WINDOWS\system32\config 2009-12-19 07:23:36 ----D---- C:\WINDOWS\Media 2009-12-13 19:41:20 ----RASH---- C:\boot.ini 2009-12-13 19:41:20 ----A---- C:\WINDOWS\win.ini 2009-12-13 19:41:20 ----A---- C:\WINDOWS\system.ini 2009-12-12 20:22:24 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-12 20:22:04 ----D---- C:\WINDOWS\WinSxS 2009-12-12 20:02:36 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-12-05 19:44:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-03 06:57:02 ----D---- C:\Program Files\Teamspeak2_RC2 2009-11-25 00:54:29 ----A---- C:\WINDOWS\system32\aswBoot.exe 2009-11-21 10:07:39 ----D---- C:\Program Files\Electronic Arts 2009-11-13 21:56:40 ----D---- C:\WINDOWS\AppPatch 2009-11-12 23:39:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-11-12 23:37:34 ----A---- C:\WINDOWS\imsins.BAK 2009-11-12 23:37:09 ----D---- C:\Program Files\Windows Media Player 2009-11-12 23:36:26 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-09 23:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2009-11-09 23:27:44 ----SD---- C:\WINDOWS\Downloaded Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408] R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-07 12032] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160] R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936] R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-28 17480] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-11 4959232] R3 LachesisFltr;Lachesis Mouse Driver; C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 12032] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632] R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 afixbhfr;afixbhfr; C:\WINDOWS\system32\drivers\afixbhfr.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\BEN\LOCALS~1\Temp\catchme.sys [] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2008-12-13 233472] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-25 152984] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716] R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-23 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-25 214504] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-12-24 14336] R3 AmplusnetPrivacyTools;AmplusnetPrivacyTools; C:\WINDOWS\system32\AmplusnetPrivacyTools.exe [2009-06-16 1044480] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2009-12-24 14336] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S2 leyicxiya1pe;Blue Coat K9 Web Protection; C:\Documents and Settings\Mégumi\Application Data\Microsoft\joufyttafa.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-18 654848] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 182768] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-08-26 3297396] S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384] -----------------EOF----------------- ________________ info.txt logfile of random's system information tool 1.06 2010-02-08 12:47:39 ======Uninstall list====== .sol Editor 1.1.0.1-->C:\Program Files\Sol Edit\uninst.exe -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Audiosurf Demo-->"C:\program files\steam\steam.exe" steam://uninstall/12910 AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~1.0D~\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0D~\INSTALL.LOG AV Voice Changer Software DIAMOND 7.0-->C:\PROGRA~1\AVVCS7~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS7~1.0DI\INSTALL.LOG avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Battlefield 2 : Forces Spéciales-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x40c -removeonly Battlefield 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly BitComet 1.13-->C:\Program Files\BitComet\uninst.exe CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10 Decal Converter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}\Setup.exe" DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Doom 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A} EA Download Manager UI-->msiexec /qb /x {C4FFCD8D-3A06-E243-2747-2CE771A8B7D4} EA Download Manager UI-->MsiExec.exe /I{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4} EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUninstall.exe eMule-->"C:\Program Files\eMule\Uninstall.exe" EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Grand Chase-->C:\Ntreev USA\Grand Chase\uninst.exe Hamachi 1.0.1.5-->C:\Program Files\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} IP Hider 4.5-->"C:\Program Files\IP Hider\unins000.exe" Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x040c -removeonly Les Sims™ 3 Destination Aventure-->"C:\Program Files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x040c -removeonly LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe" Lock Folder XP 3.6-->"C:\Program Files\Everstrike Software\Lock Folder XP 3.6\Uninstall.exe" "C:\Program Files\Fichiers communs\Everstrike Software\Lock Folder XP 3.6\install.log" LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL LUNA Online v1.0.0-->C:\gPotato\Luna Online\uninst.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OpenVPN 2.0.9-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe orphan_site_screensaver1_pc-->C:\WINDOWS\system32\orphan_site_screensaver1_pc.scr /u Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Postal Fudge Pack-->C:\WINDOWS\unvise32.exe C:\Program Files\Postal2STP\uninstal.log Qtracker-->C:\PROGRA~1\Qtracker\UNWISE.EXE C:\PROGRA~1\Qtracker\INSTALL.LOG QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Rakion International-->"C:\Program Files\Softnyx\RakionIS\unins000.exe" Razer Lachesis-->C:\Program Files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe -runfromtemp -l0x0c0c -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe" SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0809 -removeonly Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612} Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A} SaTstrat (remove only)-->"C:\Program Files\S2SaTstrat\s2uninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SIW version 2009-07-28-->"C:\Program Files\SIW\unins000.exe" Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sony Ericsson PC Suite 6.009.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Super macro 3.1-->C:\Program Files\Super macro\uninst.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe" Utopia-Serveur Launcher-->MsiExec.exe /I{4FD11A07-60D3-47A2-8124-5E732950F839} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe" VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\usbicp_148F9D51ADD758FCD4B68B61FF903F813AA2083E\usbicp.inf Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\lachesis_5474F75C461E8F731AF2FF7FF70E79E8AC52C56D\lachesis.inf Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Wormux-->C:\Program Files\Wormux\uninstall.exe YouTube Downloader Suite V2.3.3-->"C:\Program Files\Apowersoft\YouTube Downloader Suite\unins000.exe" ======Security center information====== AV: avast! antivirus 4.8.1368 [VPS 100208-0] ======System event log====== Computer Name: BEN-3ECCEFE7717 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service aswRdr. Record Number: 21278 Source Name: Service Control Manager Time Written: 20100127115834.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: BEN-3ECCEFE7717 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service FsUsbExDisk. Record Number: 21277 Source Name: Service Control Manager Time Written: 20100127115833.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: BEN-3ECCEFE7717 Event Code: 7036 Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution. Record Number: 21276 Source Name: Service Control Manager Time Written: 20100127115833.000000+060 Event Type: Informations User: Computer Name: BEN-3ECCEFE7717 Event Code: 7036 Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution. Record Number: 21275 Source Name: Service Control Manager Time Written: 20100127115833.000000+060 Event Type: Informations User: Computer Name: BEN-3ECCEFE7717 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI. Record Number: 21274 Source Name: Service Control Manager Time Written: 20100127115833.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: BEN-3ECCEFE7717 Event Code: 3 Message: Record Number: 10970 Source Name: Adobe Version Cue CS3 Time Written: 20091223050638.000000+060 Event Type: erreur User: Computer Name: BEN-3ECCEFE7717 Event Code: 3 Message: Record Number: 10969 Source Name: Adobe Version Cue CS3 Time Written: 20091223050638.000000+060 Event Type: erreur User: Computer Name: BEN-3ECCEFE7717 Event Code: 3 Message: Record Number: 10968 Source Name: Adobe Version Cue CS3 Time Written: 20091223050638.000000+060 Event Type: erreur User: Computer Name: BEN-3ECCEFE7717 Event Code: 3 Message: Record Number: 10967 Source Name: Adobe Version Cue CS3 Time Written: 20091223050638.000000+060 Event Type: erreur User: Computer Name: BEN-3ECCEFE7717 Event Code: 3 Message: Record Number: 10966 Source Name: Adobe Version Cue CS3 Time Written: 20091223050638.000000+060 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Voila voila, désolé pour tout ce bazar j'avais un site pour héberger les .txt mais je ne le retrouve plus.

Bonjour, Je passe vite fait pour vous donnez des nouvelles et m'excuse pour le temps que le scan prend, en effet celui-ci avait duré plus de 13h00 et j'ai eu le droit à un écran bleu lorsque j'ai fermé la session de ma soeur. Relativement pénible sachant que je dois tout refaire. Je relance desuite le scan et vous donne le rapport de celui-ci dès qu'il est prêt.

Bonsoir, Voila je viens vous soumettre mon problème car il semble qu'Avast soit largué, ( et vous n'imaginez pas ma surprise lorsque j'ai vu le topic épinglé " avast ne vous protège pas "... Depuis quelques temps je remarque des choses étranges sur mon PC notamment Avast qui me déctecte un virus du nom de "Implayok.exe", jusqu'ici je partais dans un état d'esprit plutot serain " je scannerai quand j'aurais le temps et basta " bien entendu le temps je ne l'ai jamais trouvé, même quand je l'ai eu. ( feignant spotted ) Malencontreusement le temps passe et mon ordi se consume avec le virus et aujourd'hui je décidais de visiter mes processus lorsqu'à ma grande surprise je vis une invasion de svchost.exe étant bien au courant que part habitude on se balade avec au moins 3-4 svchost.exe dans les processus j'ai été plutôt choqué d'en voir une quarantaine... Ce sont les seuls symptômes que j'ai détecté jusqu'ici je ne pense que la situation soit particulièrement grave mais malheureusement Avast étant inefficace je ne sais trop quoi faire à part delete les executables manuellement... Qui reviennent sans cesse quand je redémarre. En espérant que vous pourrez m'aider je vous remercie d'avance et vous souhaite une bonne soirée.