infecté par malwarecore

[flowstylz]

bonsoir je vous explique la situation j'ai fait pas mal d'analyses et seul spybot m'a découvert malwarecore j'ai aussi antimalwarebytes qui ne l'a pas trouvé, ainsi que mon antivirus et un antivirus en ligne kapersky en l'occurrence rien n'a pu me détecter quoi que ce soit!

 

voici mon hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54:17, on 22/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe

E:\Program Files\COMODO\Firewall\cmdagent.exe

E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Program Files\CyberLink\Shared files\RichVideo.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

E:\WINDOWS\system32\rundll32.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

E:\Program Files\Orange HSS\Systray\SystrayApp.exe

E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

E:\Program Files\COMODO\Firewall\cfp.exe

E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Free Download Manager\fdm.exe

E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

E:\Program Files\Windows Live\Messenger\msnmsgr.exe

E:\Program Files\TomTom HOME 2\HOMERunner.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe

E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Windows Live\Messenger\usnsvc.exe

E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\Documents and Settings\florent\Bureau\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [systrayORAHSS] "E:\Program Files\Orange HSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] E:\Program Files\Orange HSS\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.orange.fr

O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129

O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 11605 bytes

[Thanos]

salut

 

Veux tu poster le rapport de Spybot stp ? Tu le trouveras ici >> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs .Le rapport à poster se nomme "Fixes 060411(date du jour) ...txt"

Il s'agit peut être simplement d'une trace dans le registre

Modifié le 22 septembre 2008 par Thanos

[flowstylz]

le probléme c'est que je trouve aucun log de cette date là!

et ce qui est pire c'est que l'analyse que j'ai effectué avc spybot hier je ne trouve plus le log non plus!

j'ai bien fait ce que tu m'a dis y'a des logs à l'intérieur mais pas ceux là!

 

mon pc est super lent donc je pense qu'il est infecté!

 

merci!

[flowstylz]

j'ai un petit problème au niveau de mes périphériques maintenant lecteur cd-rom inaccessible selon windows ainsi que mon imprimante qui ne fonctionne pas quand je veux imprimer!

merci de ton aide!

[Thanos]

salut

 

le probléme c'est que je trouve aucun log de cette date là!

et ce qui est pire c'est que l'analyse que j'ai effectué avc spybot hier je ne trouve plus le log non plus!

j'ai bien fait ce que tu m'a dis y'a des logs à l'intérieur mais pas ceux là!

La date que j'ai mise est indicative en fait essaie de me poster le rapport le plus récent.

 

On va faire une recherche supplémentaire >

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

[flowstylz]

voici le log spybot:

 

--- Report generated: 2008-08-21 16:47 ---

 

Zlob.Downloader.rid: [sBI $A215F79F] Dossier Programme (Répertoire, fixed)

E:\Program Files\RichVideoCodec\

 

 

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

 

2008-01-28 blindman.exe (1.0.0.7)

2008-01-28 SDDelFile.exe (1.0.2.4)

2008-01-28 SDMain.exe (1.0.0.5)

2007-10-07 SDShred.exe (1.0.1.2)

2008-01-28 SDUpdate.exe (1.0.8.

2008-01-28 SDWinSec.exe (1.0.0.11)

2008-01-28 SpybotSD.exe (1.5.2.20)

2008-01-28 TeaTimer.exe (1.5.2.16)

2008-05-31 unins000.exe (51.49.0.0)

2008-01-28 Update.exe (1.4.0.6)

2008-01-28 advcheck.dll (1.5.4.5)

2007-04-02 aports.dll (2.1.0.0)

2007-11-17 DelZip179.dll (1.79.7.4)

2008-01-28 SDFiles.dll (1.5.1.19)

2008-01-28 SDHelper.dll (1.5.0.11)

2008-01-28 Tools.dll (2.1.3.3)

2008-08-05 Includes\Adware.sbi (*)

2008-08-12 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-06-03 Includes\Dialer.sbi (*)

2008-08-05 Includes\DialerC.sbi (*)

2008-07-23 Includes\HeavyDuty.sbi (*)

2008-07-30 Includes\Hijackers.sbi (*)

2008-08-12 Includes\HijackersC.sbi (*)

2008-08-05 Includes\Keyloggers.sbi (*)

2008-08-12 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-08-05 Includes\Malware.sbi (*)

2008-08-12 Includes\MalwareC.sbi (*)

2008-08-05 Includes\PUPS.sbi (*)

2008-08-12 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-08-12 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-08-12 Includes\Spyware.sbi (*)

2008-08-12 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-08-05 Includes\Trojans.sbi (*)

2008-08-12 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

 

antivir m'a également trouvé une petite surprise!

 

Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'

detected in file 'E:\Documents and Settings\florent\Local Settings\Temp\V21OFHf02400.

Action performed: Delete file

[flowstylz]

voilà le premier rapport

 

Logfile of random's system information tool 1.02 (written by random/random)

Run by florent at 2008-09-25 14:04:15

Microsoft Windows XP Professionnel Service Pack 3

System drive E: has 6 GB (11%) free of 53 GB

Total RAM: 447 MB (29% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:05:22, on 25/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe

E:\Program Files\COMODO\Firewall\cmdagent.exe

E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\Program Files\CyberLink\Shared files\RichVideo.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

E:\Program Files\COMODO\Firewall\cfp.exe

E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

E:\WINDOWS\system32\rundll32.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Free Download Manager\fdm.exe

E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

E:\Program Files\TomTom HOME 2\HOMERunner.exe

E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe

E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

E:\Documents and Settings\florent\Bureau\NisScript\mirc.exe

E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\florent\Bureau\RSIT.exe

E:\Program Files\trend micro\florent.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll (file missing)

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.orange.fr

O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129

O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129

O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 10035 bytes

 

======Scheduled tasks folder======

 

E:\WINDOWS\tasks\AppleSoftwareUpdate.job

E:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - E:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

SweetIM Toolbar Helper - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - E:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2005-10-10 7286784]

"nwiz"=nwiz.exe /install []

"avgnt"=E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-09-05 266497]

"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]

"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2005-10-10 86016]

"SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"VirtualCloneDrive"=E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]

"COMODO Firewall Pro"=E:\Program Files\COMODO\Firewall\cfp.exe [2008-08-27 1655552]

"RemoteControl"=E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]

"LanguageShortcut"=E:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]

"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Free Download Manager"=E:\Program Files\Free Download Manager\fdm.exe [2006-04-29 1990703]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

"msnmsgr"=E:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"TomTomHOME.exe"=E:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Nero BackItUp Scheduler 3"=2

"iPod Service"=3

 

E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

BTTray.lnk - E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe

HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"=" E:\WINDOWS\system32\guard32.dll "

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"legalnoticecaption"=

"legalnoticetext"=

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"E:\Program Files\eMule\eMule.exe"="E:\Program Files\eMule\eMule.exe:*:Enabled:eMule"

"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======File associations======

 

.scr - config - "%1" /S

 

======List of files/folders created in the last 1 months======

 

2008-09-25 14:04:17 ----D---- E:\Program Files\trend micro

2008-09-25 14:04:15 ----D---- E:\rsit

2008-09-25 10:37:14 ----A---- E:\WINDOWS\system32\tmp.txt

2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swxcacls.exe

2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swsc.exe

2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swreg.exe

2008-09-25 10:16:42 ----A---- E:\WINDOWS\ntbtlog.txt

2008-09-24 09:48:34 ----A---- E:\WINDOWS\presf.txt

2008-09-24 09:38:20 ----D---- E:\Program Files\MSNFix

2008-09-23 15:42:32 ----D---- E:\Program Files\mIRC

2008-09-23 15:42:32 ----D---- E:\Documents and Settings\florent\Application Data\mIRC

2008-09-22 18:19:05 ----HDC---- E:\WINDOWS\ie8

2008-09-21 16:20:21 ----SHD---- E:\RECYCLER

2008-09-21 16:17:50 ----D---- E:\WINDOWS\temp

2008-09-21 16:17:27 ----A---- E:\ComboFix.txt

2008-09-21 15:54:48 ----D---- E:\Fixcombo

2008-09-21 15:10:39 ----A---- E:\rapport.txt

2008-09-21 15:09:58 ----A---- E:\WINDOWS\system32\o4Patch.exe

2008-09-20 11:30:12 ----D---- E:\Program Files\Steam

2008-09-11 20:05:44 ----HD---- E:\Program Files\Zero G Registry

2008-09-08 18:36:15 ----D---- E:\Program Files\Pcsx2_0.9.4

2008-09-07 13:55:26 ----A---- E:\WINDOWS\system32\hidserv.dll

2008-09-02 00:13:09 ----D---- E:\QooBox

2008-09-02 00:12:46 ----A---- E:\WINDOWS\zip.exe

2008-09-02 00:12:46 ----A---- E:\WINDOWS\VFind.exe

2008-09-02 00:12:46 ----A---- E:\WINDOWS\swsc.exe

2008-09-02 00:12:46 ----A---- E:\WINDOWS\swreg.exe

2008-09-02 00:12:46 ----A---- E:\WINDOWS\sed.exe

2008-09-02 00:12:46 ----A---- E:\WINDOWS\grep.exe

2008-09-02 00:12:46 ----A---- E:\WINDOWS\fdsv.exe

2008-09-02 00:12:45 ----A---- E:\WINDOWS\swxcacls.exe

2008-09-01 23:47:22 ----A---- E:\WINDOWS\msnfix.txt

2008-09-01 23:30:11 ----SHD---- E:\WINDOWS\CSC

2008-09-01 20:33:52 ----A---- E:\lopR.txt

2008-08-31 18:15:05 ----D---- E:\Program Files\Notepad++

2008-08-31 18:15:05 ----D---- E:\Documents and Settings\florent\Application Data\Notepad++

2008-08-27 18:03:39 ----A---- E:\WINDOWS\system32\cssdll32.dll

2008-08-27 17:56:17 ----D---- E:\Documents and Settings\florent\Application Data\Comodo

2008-08-27 17:56:13 ----D---- E:\Documents and Settings\All Users\Application Data\comodo

2008-08-27 17:56:13 ----A---- E:\WINDOWS\system32\guard32.dll

2008-08-27 17:56:09 ----D---- E:\Program Files\COMODO

2008-08-26 21:29:26 ----D---- E:\WINDOWS\Prefetch

2008-08-26 21:21:13 ----N---- E:\WINDOWS\system32\smtpapi.dll

2008-08-26 21:21:13 ----N---- E:\WINDOWS\system32\rwnh.dll

2008-08-26 21:21:13 ----N---- E:\WINDOWS\system32\comsdupd.exe

2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati3duag.dll

2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati3d1ag.dll

2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati2dvag.dll

2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati2dvaa.dll

2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati2cqag.dll

2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\bitsprx4.dll

2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\azroles.dll

2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\ativvaxx.dll

2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\ativtmxx.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3svc.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3msm.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3gpclnt.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3dlg.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3cfg.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3api.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dimsroam.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dimsntfy.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dhcpqec.dll

2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\credssp.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eappprxy.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eapphost.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eappgnui.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eappcfg.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eapp3hst.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eapolqec.dll

2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\dot3ui.dll

2008-08-26 21:21:04 ----N---- E:\WINDOWS\system32\eapsvc.dll

2008-08-26 21:21:04 ----N---- E:\WINDOWS\system32\eapqec.dll

2008-08-26 21:21:03 ----N---- E:\WINDOWS\system32\hsfcisp2.dll

2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdpash.dll

2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdnepr.dll

2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdiultn.dll

2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdbhc.dll

2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\mmcfxcommon.dll

2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\mmcex.dll

2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\microsoft.managementconsole.dll

2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\mdmxsdk.dll

2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\l2gpstore.dll

2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\kmsvc.dll

2008-08-26 21:20:59 ----N---- E:\WINDOWS\system32\mmcperf.exe

2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\napstat.exe

2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\napmontr.dll

2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\napipsec.dll

2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\mtxparhd.dll

2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\msshavmsg.dll

2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\mssha.dll

2008-08-26 21:20:57 ----N---- E:\WINDOWS\system32\onex.dll

2008-08-26 21:20:56 ----N---- E:\WINDOWS\system32\qcliprov.dll

2008-08-26 21:20:56 ----N---- E:\WINDOWS\system32\qagentrt.dll

2008-08-26 21:20:56 ----N---- E:\WINDOWS\system32\qagent.dll

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slserv.exe

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slrundll.exe

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slgen.dll

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slextspk.dll

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slcoinst.dll

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\setupn.exe

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\s3gnb.dll

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\rasqec.dll

2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\qutil.dll

2008-08-26 21:20:53 ----N---- E:\WINDOWS\system32\tspkg.dll

2008-08-26 21:20:52 ----N---- E:\WINDOWS\system32\wlanapi.dll

2008-08-26 21:20:50 ----N---- E:\WINDOWS\slrundll.exe

2008-08-26 21:20:46 ----D---- E:\Program Files\msn

2008-08-26 21:20:45 ----D---- E:\WINDOWS\system32\fr

2008-08-26 21:20:45 ----D---- E:\WINDOWS\l2schemas

2008-08-26 21:20:44 ----D---- E:\WINDOWS\system32\bits

2008-08-26 21:15:58 ----D---- E:\WINDOWS\ServicePackFiles

2008-08-26 21:05:37 ----HDC---- E:\WINDOWS\$NtServicePackUninstall$

 

======List of files/folders modified in the last 1 months======

 

2008-09-25 14:04:17 ----RD---- E:\Program Files

2008-09-25 14:04:08 ----D---- E:\Documents and Settings\florent\Application Data\Free Download Manager

2008-09-25 13:49:40 ----D---- E:\Program Files\Mozilla Firefox

2008-09-25 10:53:39 ----D---- E:\Program Files\Orange HSS

2008-09-25 10:53:22 ----D---- E:\Program Files\Fichiers communs

2008-09-25 10:50:17 ----D---- E:\WINDOWS\system32

2008-09-25 10:38:56 ----D---- E:\WINDOWS

2008-09-25 10:34:13 ----A---- E:\WINDOWS\SchedLgU.Txt

2008-09-25 02:56:25 ----D---- E:\WINDOWS\system32\CatRoot2

2008-09-25 02:51:21 ----D---- E:\WINDOWS\system32\LogFiles

2008-09-25 02:51:19 ----D---- E:\WINDOWS\Debug

2008-09-25 00:27:13 ----D---- E:\Program Files\Windows Live Safety Center

2008-09-25 00:27:12 ----HD---- E:\WINDOWS\inf

2008-09-25 00:05:51 ----D---- E:\Program Files\eMule

2008-09-24 18:27:31 ----AC---- E:\WINDOWS\NeroDigital.ini

2008-09-24 13:34:39 ----D---- E:\WINDOWS\system32\drivers

2008-09-23 11:17:42 ----SHD---- E:\WINDOWS\Installer

2008-09-23 11:17:16 ----HD---- E:\Config.Msi

2008-09-23 11:17:14 ----D---- E:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-09-22 18:27:56 ----D---- E:\WINDOWS\system32\fr-fr

2008-09-22 18:27:55 ----RSHDC---- E:\WINDOWS\system32\dllcache

2008-09-22 18:27:55 ----D---- E:\WINDOWS\Media

2008-09-22 18:27:55 ----D---- E:\WINDOWS\Help

2008-09-22 18:27:55 ----D---- E:\Program Files\Internet Explorer

2008-09-21 16:32:04 ----N---- E:\WINDOWS\system.ini

2008-09-21 16:32:04 ----AC---- E:\WINDOWS\win.ini

2008-09-21 16:16:34 ----D---- E:\WINDOWS\repair

2008-09-21 16:07:01 ----D---- E:\WINDOWS\AppPatch

2008-09-21 00:31:54 ----SD---- E:\WINDOWS\Downloaded Program Files

2008-09-18 17:23:27 ----D---- E:\Program Files\Malwarebytes' Anti-Malware

2008-09-11 12:19:50 ----D---- E:\Documents and Settings\florent\Application Data\Image Zone Express

2008-09-10 19:16:00 ----D---- E:\WINDOWS\WinSxS

2008-09-09 00:22:42 ----A---- E:\WINDOWS\system32\ieframe.dll.mui

2008-09-09 00:21:12 ----A---- E:\WINDOWS\system32\advpack.dll.mui

2008-09-08 18:51:23 ----D---- E:\Program Files\Yahoo!

2008-09-02 00:13:49 ----D---- E:\WINDOWS\ERDNT

2008-09-01 18:13:17 ----D---- E:\Documents and Settings

2008-08-31 23:21:12 ----D---- E:\Program Files\Messenger Plus! Live

2008-08-30 16:14:15 ----D---- E:\WINDOWS\security

2008-08-27 17:36:47 ----D---- E:\WINDOWS\system32\CatRoot

2008-08-27 11:24:28 ----HD---- E:\WINDOWS\$hf_mig$

2008-08-26 22:28:12 ----AC---- E:\WINDOWS\system32\MRT.exe

2008-08-26 21:31:33 ----AC---- E:\WINDOWS\system32\PerfStringBackup.INI

2008-08-26 21:28:47 ----D---- E:\WINDOWS\system32\Setup

2008-08-26 21:28:47 ----D---- E:\Program Files\Messenger

2008-08-26 21:28:46 ----D---- E:\WINDOWS\system32\wbem

2008-08-26 21:28:45 ----RSD---- E:\WINDOWS\Fonts

2008-08-26 21:21:15 ----D---- E:\WINDOWS\ehome

2008-08-26 21:21:12 ----D---- E:\WINDOWS\system32\inetsrv

2008-08-26 21:21:12 ----D---- E:\WINDOWS\network diagnostic

2008-08-26 21:21:11 ----D---- E:\WINDOWS\ime

2008-08-26 21:20:49 ----D---- E:\WINDOWS\system32\usmt

2008-08-26 21:20:44 ----D---- E:\WINDOWS\PeerNet

2008-08-26 21:20:44 ----D---- E:\Program Files\Movie Maker

2008-08-26 21:15:39 ----D---- E:\WINDOWS\system32\Restore

2008-08-26 21:15:39 ----D---- E:\WINDOWS\system32\npp

2008-08-26 21:15:37 ----D---- E:\WINDOWS\msagent

2008-08-26 21:15:35 ----D---- E:\WINDOWS\srchasst

2008-08-26 21:15:34 ----D---- E:\Program Files\NetMeeting

2008-08-26 21:15:32 ----D---- E:\WINDOWS\system32\Com

2008-08-26 21:15:28 ----D---- E:\Program Files\Windows Media Player

2008-08-26 21:15:27 ----D---- E:\Program Files\Windows NT

2008-08-26 21:15:27 ----D---- E:\Program Files\Outlook Express

2008-08-26 21:15:23 ----D---- E:\Program Files\Fichiers communs\System

2008-08-26 21:14:55 ----D---- E:\WINDOWS\system32\oobe

2008-08-26 21:14:51 ----D---- E:\WINDOWS\system

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;Pilote de processeur AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 avgio;avgio; \??\E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; E:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-09-05 75072]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; E:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-08-27 87056]

R1 cmdHlp;COMODO Firewall Pro Helper Driver; E:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-08-27 24208]

R1 ElbyCDIO;ElbyCDIO Driver; E:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 kbdhid;Pilote HID de clavier; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 ssmdrv;ssmdrv; E:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 VClone;VClone; E:\WINDOWS\system32\DRIVERS\VClone.sys [2008-05-30 25344]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\E:\Program Files\CyberLink\PowerDVD\000.fcl []

R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys []

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]

R3 avgntflt;avgntflt; \??\E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 BTKRNL;Enumérateur de bus Bluetooth; E:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-24 1341466]

R3 ElbyDelay;ElbyDelay; E:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]

R3 HidUsb;Pilote de classe HID Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]

R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-10-10 3530432]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]

R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]

R3 usbaudio;Pilote USB audio (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; E:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 32128]

S3 btaudio;Périphérique audio Bluetooth; E:\WINDOWS\system32\drivers\btaudio.sys [2005-08-24 401152]

S3 BTDriver;Pilote de communications virtuelles Bluetooth; E:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-24 30363]

S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; E:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-24 148040]

S3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-24 56648]

S3 catchme;catchme; \??\E:\DOCUME~1\florent\LOCALS~1\Temp\catchme.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 nm;Pilote du Moniteur réseau; E:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; E:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCANDIS5.SYS []

S3 usbprint;Classe d'imprimantes USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-09-05 68865]

R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-09-05 149761]

R2 btwdins;Bluetooth Service; E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe [2005-08-24 258103]

R2 cmdAgent;COMODO Firewall Pro Helper Service; E:\Program Files\COMODO\Firewall\cmdagent.exe [2008-08-27 519936]

R2 MDM;Machine Debug Manager; E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2005-10-10 131139]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); E:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]

R3 NMIndexingService;NMIndexingService; E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]

S2 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 aspnet_state;Service d'état ASP.NET; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 Boonty Games;Boonty Games; E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]

S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); E:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; E:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; E:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

 

-----------------EOF-----------------

 

voilà le deuxième rapport

 

info.txt logfile of random's system information tool 1.02 2008-09-25 14:05:28

 

======Uninstall list======

 

-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->E:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->E:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->E:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->E:\WINDOWS\UNRecode.exe /UNINSTALL

-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {957E4620-59C2-4D3E-9B6D-5F024803E7D8}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Adobe Shockwave Player-->E:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Athlon 64 Processor Driver-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c

Avira AntiVir Personal - Free Antivirus-->E:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}

Belkin Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}

Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}

CCleaner (remove only)-->"E:\Program Files\CCleaner\uninst.exe"

COMODO Firewall Pro-->E:\Program Files\COMODO\Firewall\cfpconfg.exe -u

Correctif pour Windows Internet Explorer 7 (KB947864)-->"E:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Counter-Strike: Source-->"E:\Program Files\Steam\steam.exe" steam://uninstall/240

Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}

DivX Codec-->E:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

EasyCleaner-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly

eMule-->"E:\Program Files\eMule\Uninstall.exe"

Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}

Free Download Manager 2.0-->"E:\Program Files\Free Download Manager\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}

GIMP 2.4.6-->"E:\Program Files\GIMP-2.0\setup\unins000.exe"

HijackThis 2.0.2-->"E:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->E:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}

HP Customer Participation Program 7.0-->E:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 7.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Photosmart, Officejet and Deskjet 7.0.A-->E:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat

HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0-->E:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

IMG-TXT 5-->"E:\Program Files\IMG-TXT 5\uninstall.exe"

Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Lecteur Windows Media 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

livebox-->E:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly

Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}

Messenger Plus! Live & Sponsor (CiD)-->"E:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}

Microsoft .NET Framework 3.0-->e:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Compression Client Pack 1.0 for Windows XP-->"E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

mIRC-->E:\Program Files\mIRC\uninstall.exe _?=E:\Program Files\mIRC

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"E:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"E:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"E:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923789)-->E:\WINDOWS\system32\MacroMed\Flash\genuinst.exe E:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->e:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe

Mozilla Firefox (3.0.2)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}

Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E74559C2-BB47-45AD-83DD-0D66B67E7811}

Nero 7 Premium-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Notepad++-->E:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->E:\WINDOWS\system32\nvudisp.exe UninstallGUI

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}

PhotoFiltre-->"E:\Program Files\PhotoFiltre\Uninst.exe"

PowerDVD-->"E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x00040c /z-uninstall

Realtek AC'97 Audio-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Spybot - Search & Destroy-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

SweetIM for Messenger 2.5-->MsiExec.exe /X{C3576005-01B0-4C25-AA5F-40134CC78C42}

SweetIM Toolbar for Internet Explorer 3.1-->MsiExec.exe /X{59971D79-8111-42C2-9E40-883A0C277E78}

TomTom HOME-->E:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VideoLAN VLC media player 0.8.6f-->E:\Program Files\VideoLAN\VLC\uninstall.exe

VirtualCloneDrive-->"E:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="E:\Program Files\Elaborate Bytes\VirtualCloneDrive"

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Internet Explorer 8 Beta 2-->"E:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live OneCare safety scanner-->RunDll32.exe "E:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Toolbar-->"E:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinPcap 4.0.2-->E:\Program Files\WinPcap\uninstall.exe

WinRAR archiver-->E:\Program Files\WinRar\uninstall.exe

XML Paper Specification Shared Components Language Pack 1.0-->"E:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Xvid 1.1.3 final uninstall-->"E:\Program Files\Xvid\unins000.exe"

YAMAHA SoftSynthesizer S-YXG70-->E:\WINDOWS\unin040c.exe -fE:\WINDOWS\DeIsL1.isu -c"E:\WINDOWS\system32\sxgunins.dll

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition

FW: COMODO Firewall Pro

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2c02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[Thanos]

salut

 

Rien d'inquiêtant sur ces rapports: je vois que tu as utilisé ComboFix, peux tu me poster le rapport E:\ComboFix.txt ?

 

Petite mention pour la toolbar SweetIM Toolbar qui a une réputation douteuse (agirait comme un adware).

Je te conseille de la désinstaller si elle ne te sert pas.

[flowstylz]

voici le rapport combofix

 

ComboFix 08-09-20.05 - florent 2008-09-21 16:01:40.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.143 [GMT 2:00]

Lancé depuis: E:\Documents and Settings\florent\Bureau\Fixcombo.exe

* Un nouveau point de restauration a été créé

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-21 15:09 . 2008-09-19 12:26 82,944 --a------ E:\WINDOWS\system32\o4Patch.exe

2008-09-20 11:30 . 2008-09-21 14:59 <REP> d-------- E:\Program Files\Steam

2008-09-11 20:09 . 2008-09-11 20:09 <REP> d-------- E:\Documents and Settings\florent\dMSN

2008-09-11 20:05 . 2008-09-11 20:12 <REP> d--h----- E:\Program Files\Zero G Registry

2008-09-11 20:05 . 2008-09-11 20:05 <REP> d--h----- E:\Documents and Settings\florent\InstallAnywhere

2008-09-08 18:36 . 2008-09-08 18:39 <REP> d-------- E:\Program Files\Pcsx2_0.9.4

2008-09-07 13:55 . 2008-04-13 19:33 21,504 --a------ E:\WINDOWS\system32\hidserv.dll

2008-09-07 13:55 . 2008-04-13 19:05 14,720 --a------ E:\WINDOWS\system32\drivers\kbdhid.sys

2008-08-31 18:15 . 2008-08-31 18:18 <REP> d-------- E:\Program Files\Notepad++

2008-08-31 18:15 . 2008-08-31 18:33 <REP> d-------- E:\Documents and Settings\florent\Application Data\Notepad++

2008-08-29 13:27 . 2008-08-29 13:27 268 --ah----- E:\sqmdata09.sqm

2008-08-29 13:27 . 2008-08-29 13:27 244 --ah----- E:\sqmnoopt09.sqm

2008-08-29 11:49 . 2008-08-29 11:49 268 --ah----- E:\sqmdata08.sqm

2008-08-29 11:49 . 2008-08-29 11:49 244 --ah----- E:\sqmnoopt08.sqm

2008-08-28 11:58 . 2008-08-28 11:58 <REP> d-------- E:\Documents and Settings\Kevin\Application Data\Comodo

2008-08-27 18:03 . 2008-08-27 18:03 249,592 --a------ E:\WINDOWS\system32\cssdll32.dll

2008-08-27 17:56 . 2008-08-27 18:03 <REP> d-------- E:\Program Files\COMODO

2008-08-27 17:56 . 2008-08-27 17:56 <REP> d-------- E:\Documents and Settings\florent\Application Data\Comodo

2008-08-27 17:56 . 2008-08-27 18:40 <REP> d-------- E:\Documents and Settings\All Users\Application Data\comodo

2008-08-27 17:56 . 2008-08-27 17:56 143,104 --a------ E:\WINDOWS\system32\guard32.dll

2008-08-27 17:56 . 2008-08-27 17:56 87,056 --a------ E:\WINDOWS\system32\drivers\cmdguard.sys

2008-08-27 17:56 . 2008-08-27 17:56 24,208 --a------ E:\WINDOWS\system32\drivers\cmdhlp.sys

2008-08-27 11:24 . 2008-04-11 21:05 691,712 -----c--- E:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-27 11:24 . 2008-06-14 19:33 272,768 -----c--- E:\WINDOWS\system32\dllcache\bthport.sys

2008-08-27 11:24 . 2008-05-08 16:02 203,136 -----c--- E:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-26 21:20 . 2008-08-26 21:20 <REP> d-------- E:\WINDOWS\system32\fr

2008-08-26 21:15 . 2008-08-26 21:21 <REP> d-------- E:\WINDOWS\ServicePackFiles

2008-08-25 17:15 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-24 17:25 . 2008-09-21 15:34 2,758 --a------ E:\WINDOWS\system32\tmp.reg

2008-08-24 17:25 . 2008-08-24 17:56 0 --a------ E:\WINDOWS\system32\tmp.MSNFix

2008-08-24 17:24 . 2007-09-06 00:22 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe

2008-08-24 17:24 . 2006-04-27 17:49 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe

2008-08-24 17:24 . 2008-08-23 19:06 89,600 --a------ E:\WINDOWS\system32\AntiXPVSTFix.exe

2008-08-24 17:24 . 2008-05-29 09:35 86,528 --a------ E:\WINDOWS\system32\VACFix.exe

2008-08-24 17:24 . 2008-05-18 21:40 82,944 --a------ E:\WINDOWS\system32\IEDFix.exe

2008-08-24 17:24 . 2008-08-14 21:52 82,432 --a------ E:\WINDOWS\system32\IEDFix.C.exe

2008-08-24 17:24 . 2008-08-18 12:19 82,432 --a------ E:\WINDOWS\system32\404Fix.exe

2008-08-24 17:24 . 2003-06-05 21:13 53,248 --a------ E:\WINDOWS\system32\Process.exe

2008-08-24 17:24 . 2004-07-31 18:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe

2008-08-24 17:24 . 2007-10-04 00:36 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-21 14:11 --------- d-----w E:\Documents and Settings\florent\Application Data\Free Download Manager

2008-09-21 12:59 --------- d-----w E:\Documents and Settings\Kevin\Application Data\Free Download Manager

2008-09-21 11:28 --------- d-----w E:\Program Files\eMule

2008-09-18 15:23 --------- d-----w E:\Program Files\Malwarebytes' Anti-Malware

2008-09-17 19:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-09-15 18:01 --------- d-----w E:\Program Files\Windows Live Safety Center

2008-09-11 10:19 --------- d-----w E:\Documents and Settings\florent\Application Data\Image Zone Express

2008-09-09 22:03 17,200 ----a-w E:\WINDOWS\system32\drivers\mbam.sys

2008-09-08 16:51 --------- d-----w E:\Program Files\Yahoo!

2008-08-31 21:21 --------- d-----w E:\Program Files\Messenger Plus! Live

2008-08-22 12:12 --------- d-----w E:\Program Files\Spybot - Search & Destroy

2008-08-13 19:35 --------- d-----w E:\Program Files\GIMP-2.0

2008-08-11 23:33 53,248 -c--a-w E:\WINDOWS\fados.exe

2008-08-06 11:04 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microgaming

2008-08-06 11:04 --------- d-----w E:\Documents and Settings\All Users\Application Data\MGS

2008-08-05 17:24 --------- d-----w E:\Documents and Settings\florent\Application Data\eBookPro6

2008-07-31 17:34 --------- d-----w E:\Program Files\IMG-TXT 5

2008-07-31 11:14 --------- d-----w E:\Program Files\Fichiers communs\Atlence

2008-07-31 11:05 --------- d-----w E:\Program Files\fond-ecran-wallpaper

2008-07-31 11:04 --------- d-----w E:\Program Files\Mon Logiciel Gratuit

2008-07-24 15:23 --------- d-----w E:\Program Files\Java

2008-07-24 01:02 --------- d-----w E:\Program Files\Windows Live

2008-07-18 20:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 -c--a-w E:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w E:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w E:\WINDOWS\system32\muweb.dll

2008-07-18 18:39 587,264 ----a-w E:\WINDOWS\WLXPGSS.SCR

2008-07-17 17:54 236,544 -c--a-w E:\WINDOWS\system32\msn hackerz 2008.exe

2008-07-07 20:28 253,952 ----a-w E:\WINDOWS\system32\es.dll

2008-06-24 16:44 74,240 ----a-w E:\WINDOWS\system32\mscms.dll

2008-06-24 16:12 295,936 -c--a-w E:\WINDOWS\system32\wmpeffects.dll

2008-06-23 16:28 826,368 ----a-w E:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2008-03-27 14:12 1164600 --a--c--- E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"Free Download Manager"="E:\Program Files\Free Download Manager\fdm.exe" [2006-04-29 1990703]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"msnmsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"TomTomHOME.exe"="E:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-10-10 7286784]

"avgnt"="E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-09-05 266497]

"HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 86016]

"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SystrayORAHSS"="E:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]

"ORAHSSSessionManager"="E:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]

"VirtualCloneDrive"="E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]

"COMODO Firewall Pro"="E:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-27 1655552]

"nwiz"="nwiz.exe" [2005-10-10 E:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 E:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

"Free Download Manager"="E:\Program Files\Free Download Manager\fdm.exe" [2006-04-29 1990703]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="E:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"tscuninstall"="E:\WINDOWS\system32\tscupgrd.exe" [2004-12-07 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= E:\WINDOWS\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a--c--- 2008-01-11 22:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-13 19:34 15360 E:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

--a------ 2006-04-29 10:22 1990703 E:\Program Files\Free Download Manager\fdm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

E:\Program Files\iTunes\iTunesHelper.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a--c--- 2007-02-07 16:21 54832 E:\Program Files\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

E:\Program Files\MSN Messenger\MsnMsgr.Exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a--c--- 2005-10-10 15:49 7286784 E:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a--c--- 2005-10-10 15:49 86016 E:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a--c--- 2007-02-07 16:24 71216 E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a--c--- 2005-10-10 15:49 1519616 E:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-09-22 10:42 90112 E:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]

--a------ 2008-04-13 19:33 67584 E:\WINDOWS\system32\srclient.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MDM"=2 (0x2)

"odserv"=3 (0x3)

"ose"=3 (0x3)

"idsvc"=3 (0x3)

"NMIndexingService"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"RichVideo"=2 (0x2)

"NVSvc"=2 (0x2)

"iPod Service"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"E:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"E:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"E:\\WINDOWS\\system32\\dpvsetup.exe"=

"E:\\Program Files\\eMule\\eMule.exe"=

"E:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=

"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;E:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-27 87056]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;E:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-27 24208]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560]

S3 Boonty Games;Boonty Games;E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [ ]

S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1C4982F0-D45C-0ECB-0106-050807080003}]

E:\WINDOWS\system32\windnll.exe

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

O8 -: &Windows Live Search - E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 -: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm

O8 -: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm

O8 -: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm

O8 -: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm

O8 -: E&xporter vers Microsoft Excel - E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-21 16:11:47

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\E:\Program Files\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

PROCESSUS: E:\WINDOWS\explorer.exe

-> E:\WINDOWS\system32\nview.dll

.

Heure de fin: 2008-09-21 16:17:21

ComboFix-quarantined-files.txt 2008-09-21 14:16:58

 

Avant-CF: 9ÿ745ÿ526ÿ784 octets libres

Après-CF: 9,644,056,576 octets libres

 

242 --- E O F --- 2008-09-10 17:25:10

[flowstylz]

ce fameux malwarecore se trouverait apparament dans démarrer et tous les programmes de toutes les sessions de l'ordinateur alors que tout au début il se trouvait sur une seule et même session!

 

on peut le voir sous la forme de cette icône que j'ai entouré en rouge

 

 

après le passage de spybot elle n'y est plus mais quand je redémarre l'ordi ça revient!

 

voilà si ça peut te donner des indices ou t'aider!

 

merci au fait pour ton aide!