[Résolu] PC à nouveau infecté

[Alex36]

Bonjour !

je me suis fait avoir par un zip infecté (pas de scan a-v ) Pas de P2P !! (enfin je sais pas la provenance c'est un pote qui ma passé sa clé usb ! )

le truc c'est "winfilse.exe"

comment l'enlever svp ? sa désactive tout je crains que ça ne soit un baggle ! (j'ai réeussi a le bloquer dans démarrage car sa désactive tout cette m***e )

 

Raport Hijack this :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:17:13, on 26/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DynDNS Updater\DynUpSvc.exe

I:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

C:\Program Files\Mozilla Firefox\firefox.exe

I:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Alexandre\Bureau\Alexandre.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [\\ORDI_BAS\EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P37 "\\ORDI_BAS\EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DNS7reminder] "I:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"

O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dragon NaturallySpeaking.lnk = I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{746EA4C9-49E6-4241-8DDD-B0D05C379589}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - I:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 9148 bytes

 

 

J'ai aussi fait un scan Avec anti malware mais j'ai corrigé les probs

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1188

Windows 5.1.2600 Service Pack 2

 

25/10/2008 10:52:21

mbam-log-2008-10-25 (10-52-21).txt

 

Type de recherche: Examen rapide

Eléments examinés: 55731

Temps écoulé: 15 minute(s), 17 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\drivers\downld\1828218.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1831187.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\downld\1880750.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

LOG RSIT

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Alexandre at 2008-10-26 09:21:45

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 6 GB (33%) free of 19 GB

Total RAM: 1023 MB (45% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:22:02, on 26/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DynDNS Updater\DynUpSvc.exe

I:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

C:\Program Files\Mozilla Firefox\firefox.exe

I:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Alexandre\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\trend micro\Alexandre.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [\\ORDI_BAS\EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P37 "\\ORDI_BAS\EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DNS7reminder] "I:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"

O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dragon NaturallySpeaking.lnk = I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{746EA4C9-49E6-4241-8DDD-B0D05C379589}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - I:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 9307 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\shutdown.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-12 1372160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}]

Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Kwyshell MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"\\ORDI_BAS\EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]

"DNS7reminder"=I:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2007-03-19 259624]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"MacDrive application"=C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe [2008-07-09 201304]

"Getting started with MacDrive"=C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe [2008-05-01 141312]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2007-12-14 482760]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-03-25 218496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\$C.exe -h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

C:\WINDOWS\system32\drivers\winfilse.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]

I:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2007-12-25 937984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2007-12-12 21686568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

C:\PROGRA~1\WinZip\WZQKPICK.EXE [2007-06-06 394856]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe

Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

 

C:\Documents and Settings\Alexandre\Menu Démarrer\Programmes\Démarrage

Dragon NaturallySpeaking.lnk - I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"AllowLegacyWebView"=

"AllowUnhashedWebView"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"I:\Program Files\Maxis\SimCity 3000 World Edition\Apps\Updater\UPDATER.EXE"="I:\Program Files\Maxis\SimCity 3000 World Edition\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"

"C:\Program Files\Namo\WebEditor 5 Trial\bin\WebEditor.exe"="C:\Program Files\Namo\WebEditor 5 Trial\bin\WebEditor.exe:*:Enabled:Namo WebEditor 5"

"I:\Program Files\FileZilla\FileZilla.exe"="I:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"

"I:\Program Files\VirtualDJ\virtualdj.exe"="I:\Program Files\VirtualDJ\virtualdj.exe:*:Enabled:VirtualDJ"

"I:\Program Files\TmNationsForever\TmForever.exe"="I:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"I:\Program Files\TrackMania Sunrise\tmsunrise.exe"="I:\Program Files\TrackMania Sunrise\tmsunrise.exe:*:Enabled:tmsunrise"

"C:\Program Files\webcamXP\webcamXP.exe"="C:\Program Files\webcamXP\webcamXP.exe:*:Enabled:webcamXP 2008"

"I:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="I:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"

"I:\Program Files\SpacialAudio\SAMB_4\SAMBC.exe"="I:\Program Files\SpacialAudio\SAMB_4\SAMBC.exe:*:Enabled:SAMBC"

"C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe:*:Enabled:Firebird SQL Server"

"I:\Program Files\uTorrent\uTorrent.exe"="I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

"I:\Program Files\SpacialAudio\SAMBC\SAMReporter\SAMReporter.exe"="I:\Program Files\SpacialAudio\SAMBC\SAMReporter\SAMReporter.exe:*:Enabled:SAMReporter"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2008-10-26 09:21:45 ----D---- C:\Program Files\trend micro

2008-10-26 08:37:53 ----D---- C:\rsit

2008-10-25 09:14:31 ----D---- C:\Program Files\UpdateIcons

2008-10-22 17:05:26 ----D---- C:\Program Files\Smart Projects

2008-10-22 16:48:57 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-10-22 11:09:54 ----D---- C:\Program Files\Unlocker

2008-10-21 21:14:20 ----D---- C:\Program Files\Runtime Software

2008-10-20 15:44:10 ----A---- C:\WINDOWS\system32\GDS32.DLL

2008-10-20 15:44:04 ----A---- C:\WINDOWS\system32\msvcr80.dll

2008-10-20 15:44:04 ----A---- C:\WINDOWS\system32\msvcp80.dll

2008-10-20 15:44:02 ----D---- C:\Program Files\Firebird

2008-10-20 15:30:36 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2008-10-19 20:44:31 ----D---- C:\pilotes casio

2008-10-19 16:31:41 ----D---- C:\Program Files\JLIP VideoProducer2.0

2008-10-19 16:27:19 ----D---- C:\Program Files\JLIP VideoCapture3.1

2008-10-19 15:19:33 ----D---- C:\Program Files\Fichiers communs\EZB Systems

2008-10-19 15:19:32 ----D---- C:\Program Files\UltraISO

2008-10-19 07:38:18 ----D---- C:\Program Files\NeoSmart Technologies

2008-10-18 19:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-18 19:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-18 19:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-18 19:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-18 19:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-18 19:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

2008-10-18 17:40:32 ----D---- C:\Program Files\Fichiers communs\Mediafour

2008-10-18 17:40:30 ----D---- C:\Documents and Settings\All Users\Application Data\Mediafour

2008-10-18 17:39:49 ----D---- C:\Program Files\Mediafour

2008-10-17 17:12:15 ----A---- C:\WINDOWS\system32\wmpns.dll

2008-10-13 13:03:58 ----D---- C:\Program Files\Free Create-Burn ISO Image

2008-10-13 13:03:58 ----A---- C:\WINDOWS\system32\WNASPI32.DLL

2008-10-10 21:25:10 ----D---- C:\Program Files\Microsoft Virtual PC

2008-10-09 18:53:01 ----D---- C:\Documents and Settings\Alexandre\Application Data\dvdcss

2008-10-09 17:44:01 ----D---- C:\Documents and Settings\Alexandre\Application Data\Publish Providers

2008-10-09 17:44:01 ----D---- C:\Documents and Settings\Alexandre\Application Data\Google

2008-10-09 17:44:01 ----D---- C:\Documents and Settings\Alexandre\Application Data\Download Manager

2008-10-08 18:27:41 ----D---- C:\Program Files\NokiaFREE Unlock Codes Calculator

2008-10-08 18:25:18 ----D---- C:\Program Files\SmartDCT4Calc v1.1.7

2008-10-08 13:44:10 ----D---- C:\Program Files\VMware

2008-10-07 23:06:09 ----D---- C:\Program Files\Notepad++

2008-10-07 23:06:09 ----D---- C:\Documents and Settings\Alexandre\Application Data\Notepad++

2008-10-07 20:37:34 ----D---- C:\Program Files\SHOUTcast

2008-10-07 12:28:00 ----D---- C:\Program Files\Home Plan Software

2008-10-07 09:44:50 ----A---- C:\WINDOWS\PADzenogais[DX9].INI

2008-10-06 19:33:39 ----D---- C:\Program Files\Avira

2008-10-06 19:33:39 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2008-10-06 17:47:34 ----D---- C:\Program Files\edcast

2008-10-06 12:52:15 ----D---- C:\Documents and Settings\Alexandre\Application Data\teamspeak2

2008-10-05 22:25:58 ----D---- C:\Documents and Settings\Alexandre\Application Data\Power Mixer

2008-10-05 20:59:21 ----A---- C:\WINDOWS\icecast2.ini

2008-10-05 18:09:16 ----D---- C:\Program Files\SafeSoft

2008-10-05 08:48:31 ----D---- C:\Program Files\ThiWeb Live 2

2008-10-05 01:44:17 ----D---- C:\Program Files\Fichiers communs\Apple

2008-10-05 01:42:14 ----D---- C:\Program Files\Apple Software Update

2008-10-05 01:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2008-10-04 22:45:53 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL

2008-10-04 22:45:53 ----A---- C:\WINDOWS\system32\VB6FR.DLL

2008-10-04 22:45:52 ----A---- C:\WINDOWS\system32\TABCTFR.DLL

2008-10-04 22:45:51 ----A---- C:\WINDOWS\system32\RCHTXFR.DLL

2008-10-04 22:45:48 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL

2008-10-04 22:45:48 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL

2008-10-04 22:45:48 ----A---- C:\WINDOWS\system32\INETFR.DLL

2008-10-04 22:45:48 ----A---- C:\WINDOWS\system32\GkSui18.EXE

2008-10-04 22:45:47 ----A---- C:\WINDOWS\system32\FLXGDFR.DLL

2008-10-04 22:45:45 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL

2008-10-04 09:43:36 ----A---- C:\WINDOWS\unin040c.exe

2008-10-04 09:43:20 ----A---- C:\WINDOWS\uninst.exe

2008-09-30 16:03:28 ----D---- C:\Program Files\SMS Sender

2008-09-30 15:23:30 ----D---- C:\Documents and Settings\Alexandre\Application Data\AccurateRip

2008-09-28 21:42:24 ----D---- C:\Program Files\Fichiers communs\TI Shared

2008-09-28 21:42:23 ----D---- C:\Program Files\TI Education

2008-09-28 21:09:36 ----D---- C:\Documents and Settings\Alexandre\Application Data\Media Player Classic

 

======List of files/folders modified in the last 1 months======

 

2008-10-26 09:21:52 ----D---- C:\Documents and Settings\Alexandre\Application Data\uTorrent

2008-10-26 09:21:45 ----RD---- C:\Program Files

2008-10-26 08:46:51 ----D---- C:\WINDOWS\Prefetch

2008-10-26 08:46:39 ----D---- C:\WINDOWS\temp

2008-10-26 08:35:02 ----D---- C:\WINDOWS\system32

2008-10-26 08:35:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-26 08:33:13 ----D---- C:\Program Files\Mozilla Firefox

2008-10-25 21:45:07 ----SHD---- C:\System Volume Information

2008-10-25 19:55:03 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-10-25 19:52:42 ----D---- C:\Documents and Settings\Alexandre\Application Data\Skype

2008-10-25 18:27:16 ----D---- C:\Program Files\eMule

2008-10-25 18:19:09 ----D---- C:\Documents and Settings\Alexandre\Application Data\skypePM

2008-10-25 17:22:46 ----ASH---- C:\boot.ini

2008-10-25 17:04:21 ----D---- C:\WINDOWS\system32\CatRoot2

2008-10-25 13:27:39 ----A---- C:\WINDOWS\NeroDigital.ini

2008-10-25 09:52:21 ----HD---- C:\WINDOWS\system32\drivers

2008-10-25 08:08:18 ----A---- C:\WINDOWS\win.ini

2008-10-25 08:08:18 ----A---- C:\WINDOWS\system.ini

2008-10-22 20:48:30 ----SD---- C:\WINDOWS\Tasks

2008-10-22 17:15:10 ----D---- C:\Program Files\Bonjour

2008-10-21 12:42:50 ----D---- C:\WINDOWS\SoftwareDistribution

2008-10-20 20:10:04 ----D---- C:\WINDOWS

2008-10-20 15:36:57 ----SHD---- C:\WINDOWS\Installer

2008-10-19 22:36:50 ----D---- C:\WINDOWS\Minidump

2008-10-19 20:45:56 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-10-19 20:21:45 ----D---- C:\Documents and Settings\Alexandre\Application Data\Juce VST Host

2008-10-19 16:21:43 ----HD---- C:\Program Files\InstallShield Installation Information

2008-10-19 16:13:58 ----D---- C:\WINDOWS\system32\CatRoot_bak

2008-10-19 16:13:58 ----D---- C:\WINDOWS\system32\CatRoot

2008-10-19 16:13:31 ----HD---- C:\WINDOWS\inf

2008-10-19 15:19:33 ----D---- C:\Program Files\Fichiers communs

2008-10-19 07:47:08 ----D---- C:\Program Files\Movie Maker

2008-10-19 07:38:39 ----RSD---- C:\WINDOWS\assembly

2008-10-18 19:44:05 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-18 19:43:53 ----A---- C:\WINDOWS\imsins.BAK

2008-10-18 19:41:41 ----D---- C:\Program Files\Internet Explorer

2008-10-17 17:12:16 ----A---- C:\WINDOWS\OEWABLog.txt

2008-10-17 17:12:06 ----D---- C:\Documents and Settings

2008-10-13 13:00:08 ----A---- C:\Documents and Settings\Alexandre\Application Data\burnaware.ini

2008-10-12 08:59:18 ----A---- C:\WINDOWS\ntbtlog.txt

2008-10-10 21:45:43 ----D---- C:\WINDOWS\system32\NtmsData

2008-10-10 21:36:21 ----SD---- C:\Documents and Settings\Alexandre\Application Data\Microsoft

2008-10-10 18:20:11 ----D---- C:\Program Files\Messenger Plus! Live

2008-10-09 17:45:57 ----D---- C:\WINDOWS\system32\config

2008-10-09 17:45:10 ----D---- C:\WINDOWS\system32\wbem

2008-10-09 17:45:10 ----D---- C:\WINDOWS\Registration

2008-10-09 17:43:19 ----D---- C:\WINDOWS\system32\Restore

2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-07 10:21:10 ----A---- C:\WINDOWS\GSdx9 sse2.INI

2008-10-07 10:14:05 ----A---- C:\WINDOWS\GSdx9_1.INI

2008-10-05 14:19:24 ----D---- C:\Documents and Settings\Alexandre\Application Data\Adobe

2008-10-05 08:23:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2008-10-05 01:45:03 ----D---- C:\Program Files\QuickTime

2008-10-05 01:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-10-04 23:38:52 ----D---- C:\Program Files\SlySoft

2008-10-01 20:03:44 ----D---- C:\Program Files\BitBank

2008-10-01 16:16:21 ----D---- C:\Documents and Settings\Alexandre\Application Data\Ahead

2008-09-28 21:42:38 ----RSD---- C:\WINDOWS\Fonts

2008-09-28 21:42:36 ----D---- C:\WINDOWS\twain_32

2008-09-28 21:42:31 ----D---- C:\WINDOWS\system

2008-09-28 21:37:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]

R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-07-22 15781]

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-05-01 19200]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 cm102u32;C-Media CM6501 Like Sound Interface; C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 1419968]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]

R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

R3 es1969;Pilote audio ESS Solo (WDM); C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]

R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]

R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-08-13 379456]

S1 hidfltr;HID Filter Driver; C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 13332]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

S1 srosa;Megadrv3; \??\C:\WINDOWS\system32\drivers\srosa.sys []

S3 a1awtqhk;a1awtqhk; C:\WINDOWS\system32\drivers\a1awtqhk.sys []

S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]

S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-09-07 9600]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-07 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]

S3 PL-40R;CASIO USB MIDI; C:\WINDOWS\System32\Drivers\pl40rwdm.sys [2004-10-01 18048]

S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\mc21.tmp []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-25 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-25 151297]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 DynDNS Updater;DynDNS Updater; C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-04-23 61440]

R2 FileZilla Server;FileZilla Server FTP server; I:\Program Files\FileZilla Server\FileZilla Server.exe [2007-12-25 586240]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

R2 MacDriveService;MacDrive service; C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [2008-05-02 150528]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-06 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-06 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]

S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]

 

-----------------EOF-----------------

 

Log Rsit (Info.txt)

 

info.txt logfile of random's system information tool 1.04 2008-10-26 08:38:17

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->Dummy

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ACID Music Studio 7.0 de Sony-->MsiExec.exe /X{A6CE9D67-88BF-4AC1-A391-D3F79651DDD3}

Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}

Adobe After Effects CS3 Third Party Content-->C:\Program Files\Fichiers communs\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe

Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}

Adobe After Effects CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\5d83aea83f5009a0d267d337e3f55fe\Setup.exe

Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}

Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}

Adobe Setup-->MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}

Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}

Adobe Setup-->MsiExec.exe /I{F1C9C7F7-0D56-40B2-A276-152762D39BCA}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Apycom Java Menus and Buttons-->I:\Program Files\Apycom Java Menus and Buttons\uninstall.exe

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ArcSoft Panorama Maker 4 Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FE635A-BE8C-4208-91A9-FB6E641A4F52}\Setup.exe" -l0x9

Ashampoo MP3 AudioCenter-->C:\PROGRA~1\Ashampoo\ASHAMP~1\UNWISE.EXE C:\PROGRA~1\Ashampoo\ASHAMP~1\INSTALL.LOG

ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

aTube Catcher 1.0-->MsiExec.exe /I{5A45B24A-C582-45B8-81CD-1A2119524206}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

AV Voice Changer Software DIAMOND 6.0-->I:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE I:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Bink and Smacker-->I:\PROGRA~1\RADVideo\UNWISE.EXE I:\PROGRA~1\RADVideo\INSTALL.LOG

Blender (remove only)-->"I:\Program Files\Blender Foundation\Blender2.47\uninstall.exe"

Boris FX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED27288-EA1A-44E9-913C-648FFC9ADDF0}\Setup.exe" -l0x9

BurnAware Free Edition 1.3-->"C:\Program Files\BurnAware Free Edition\unins000.exe"

Camtasia Studio 5-->MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"

C-Media 6501 Sound-->C:\WINDOWS\Cmi6501Uninstall.exe C:\Program Files\C-Media 6501 Sound#C-Media 6501 Sound#C-Media 6501 Sound#

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"

Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}

DVD Decrypter (Remove Only)-->"I:\Program Files\DVD Decrypter\uninstall.exe"

DVD Shrink 3.2-->"I:\Program Files\DVD Shrink\unins000.exe"

DX-Ball 2 ModPack-->I:\PROGRA~1\DXBall2\UNWISE.EXE I:\PROGRA~1\DXBall2\INSTALL.LOG

DX-Ball 2 v1.2 Patch-->I:\PROGRA~1\DXBall2\UNWISE.EXE I:\PROGRA~1\DXBall2\INSTALL.LOG

DX-Ball 2-->I:\PROGRA~1\DXBall2\UNWISE.EXE I:\PROGRA~1\DXBall2\INSTALL.LOG

DynDNS Updater-->C:\Program Files\DynDNS Updater\Uninstall.exe {B3418CB7-C33A-43FA-BB9B-FDB8C31DFC77}

Easy Image Converter 1.3.2.1-->"C:\Program Files\Home Plan Software\Easy Image Converter\unins000.exe"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Exact Audio Copy 0.99pb3-->I:\Program Files\Exact Audio Copy\uninst.exe

ffdshow [rev 1703] [2007-12-15]-->"C:\Program Files\ffdshow\unins000.exe"

FileZilla Server (remove only)-->"I:\Program Files\FileZilla Server\uninstall.exe"

Firebird 2.1.0.16780 (Win32)-->"C:\Program Files\Firebird\Firebird_2_1\unins000.exe"

FL Studio 8-->I:\Program Files\Image-Line\FL Studio 8\uninstall.exe

FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe"

Flash Effect Maker Pro v3.2560 Free (560 Templates)-->"I:\Program Files\Flash Effect Maker\unins000.exe"

Free Create-Burn ISO Image v2.0-->"C:\Program Files\Free Create-Burn ISO Image\unins000.exe"

GetDataBack for FAT and GetDataBack for NTFS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}\setup.exe" -l0x9 -removeonly

Guitar Pro 5.0-->"I:\Program Files\Guitar Pro 5\unins000.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Alexandre\Bureau\HijackThis.exe" /uninstall

HP Appareils photos Photosmart 9.0-->C:\Program Files\HP\Digital Imaging\{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}\setup\hpzscr01.exe -datfile hpiscr06.dat

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

Icecast v2.3.0-->"I:\Program Files\Icecast2 Win32\unins000.exe"

IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe

Image Line Morphine v1.1 VSTi-->I:\PROGRA~1\Morphine\UNWISE.EXE I:\PROGRA~1\Morphine\INSTALL.LOG

Image-Line PoiZone v2.1-->C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\INSTALL.LOG

Install Creator Pro-->I:\Program Files\Install Creator Pro\Uninstal.exe

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

JLIP VideoCapture3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JLIP VideoCapture3.1\Uninst.isu"

JLIP VideoProducer2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JLIP VideoProducer2.0\Uninst.isu"

KRyLack Password Recovery-->MsiExec.exe /I{FD391DC6-0714-4DE3-8661-199BD4A4703F}

Kwyshell MidpX Emulator Package 1.3.1-->C:\Program Files\Kwyshell\MidpX\uninst.exe

Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LiveBox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c

Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c

M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1-->"C:\Program Files\Tag Support Plugin for Media Player\unins000.exe"

MacDrive 7-->MsiExec.exe /X{33F09ED5-3355-470A-AD79-6DFA8FC553E3}

Magic Bullet Editors Vegas-->C:\WINDOWS\unvise32.exe C:\Program Files\Magic Bullet Editors Vegas\Magic Bullet Editors Vegas\mbeditorsvegas.log

Magic ISO Maker v5.3 (build 0221)-->I:\PROGRA~1\MagicISO\UNWISE.EXE I:\PROGRA~1\MagicISO\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MegaStore-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{78FAAF25-07DA-11D9-B095-009027EC0701}

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}

Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe

MSN BackUp 1.3.3-->C:\Program Files\MSN BackUp\uninst.exe

MSN Polygamy 8.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952DEE45-7C0B-4CDF-80B3-D14BE6B02678}\Setup.exe"

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Namo WebEditor 5.5 Evaluation-->C:\Program Files\InstallShield Installation Information\{D73B1505-58C4-4CEA-BD95-A6A768D69A0D}\setup.exe -UninstallAll

Need for Speed Underground 2-->I:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe

Nero 7 Demo-->MsiExec.exe /I{E45963E6-5458-F673-699D-8E70ACBE1036}

NFO Creator-->C:\WINDOWS\system32\GKSUI18.EXE I:\Program Files\CyberLeadingCorp\NFO Creator\UNINSTAL.DAT

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.7.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL

Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_4C9003F79A472E408F11C51BDF222156676824AF\amdk8.inf

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PodProducer Beta v0.26-->C:\WINDOWS\iun6002.exe "C:\Program Files\PodProducer\irunin.ini"

PoiZone-->C:\PROGRA~1\IMAGE-~1\PoiZone\uninstall.exe

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Ri4m v5.0.1d-->I:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe

Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E691604-B328-4B4A-8F17-C9D6395075C5}\Setup.exe" -l0x40c

SAM Broadcaster (remove only)-->"I:\Program Files\SpacialAudio\SAMB_4\uninstall.exe"

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SimCity 3000 World Edition-->C:\WINDOWS\IsUn040c.exe -f"I:\Program Files\Maxis\SimCity 3000 World Edition\DeIsL1.isu" -c"I:\Program Files\Maxis\SimCity 3000 World Edition\_UnInstall.dll"

Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SonicStage 4.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x40c UNINSTALL -removeonly

Sony Media Manager 2.2-->MsiExec.exe /X{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF}

Sony Vegas 7.0-->MsiExec.exe /X{8411FA28-D32D-4518-92F0-3FBD80A702BC}

Super DX-Ball v1.00-->"C:\Program Files\Super DX-Ball\unins000.exe"

SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"

SWiSHvideo2-->C:\WINDOWS\unvise32.exe I:\Program Files\SWiSHvideo2\uninstal.log

Terragen-->MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}

Texture Processor v1.3-->"I:\Program Files\Texture Processor\unins000.exe"

ThiWeb Live 2.2-->C:\Program Files\ThiWeb Live 2\uninst.exe

TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}

Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe

TrackMania Sunrise Extreme 1.5.0-->"I:\Program Files\TrackMania Sunrise\unins000.exe"

UltraISO Premium V9.31-->"C:\Program Files\UltraISO\unins000.exe"

Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

UpdateIcons-->"C:\Program Files\UpdateIcons\unins000.exe"

VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Vilma Registry Explorer-->"H:\Program Files\Vilma\RegExp\Uninstall.exe" "H:\Program Files\Vilma\RegExp\install.log"

Virtual DJ - Atomix Productions-->I:\PROGRA~1\VIRTUA~1\UNWISE.EXE I:\PROGRA~1\VIRTUA~1\INSTALL.LOG

webcamXP 2008-->"C:\Program Files\webcamXP\wxp-uninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}

Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

Zenoté Glow for Vegas-->MsiExec.exe /X{F3A15FE0-A67B-4E05-853A-46851EAEFBF0}

Zenoté Grain for Vegas-->MsiExec.exe /X{D428F260-DF6E-4D5A-9C8D-5C45CC209FAD}

Zenoté Letterbox for Vegas-->MsiExec.exe /X{8C40E19E-176A-4B42-AD7B-C472AEC6704F}

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 3, AuthenticAMD

"PROCESSOR_REVISION"=5f03

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Modifié le 27 octobre 2008 par Alex36

[Falkra]

Bonjour, tu as choppé le dernier Bagle, probablement par un crack (même sans p2p) ou autre joyeuseté.

Il y a une partie du boulot de faite (bien pour MBAM). On continue, cari l faut faire des réparations.

 

Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

Attention à bien suivre ces instructions en détail, ne pas oublier de renommer combofix.exe AVANT qu'il ne soit téléchargé, quand on peut encore changer le nom du fichier et dire au navigateur où le télécharger.

 

Télécharge combofix.exe de sUBs et renomme-le combo-fix.exe avant de le sauvegarder sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combo-fix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[Alex36]

Voilà le rapport chef ! ^^

 

ComboFix 08-10-24.02 - Alexandre 2008-10-26 10:09:16.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.614 [GMT 1:00]

Lancé depuis: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe

* Un nouveau point de restauration a été créé

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_srosa

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))

.

 

2008-10-26 09:21 . 2008-10-26 09:22 <REP> d-------- C:\Program Files\trend micro

2008-10-26 08:37 . 2008-10-26 08:38 <REP> d-------- C:\rsit

2008-10-25 09:14 . 2008-10-25 09:14 <REP> d-------- C:\Program Files\UpdateIcons

2008-10-22 17:05 . 2008-10-22 18:14 <REP> d-------- C:\Program Files\Smart Projects

2008-10-22 16:48 . 2008-10-22 16:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-10-22 11:09 . 2008-10-22 17:14 <REP> d-------- C:\Program Files\Unlocker

2008-10-22 11:03 . 2008-10-22 11:03 17,675,104 --a------ C:\recovery tree rayan 49gb.st3

2008-10-21 22:32 . 2008-10-21 22:32 12,075,836 --a------ C:\Rayan recovery.st2

2008-10-21 21:14 . 2008-10-21 21:14 <REP> d-------- C:\Program Files\Runtime Software

2008-10-20 15:44 . 2008-10-20 15:44 <REP> d-------- C:\Program Files\Firebird

2008-10-20 15:44 . 2005-09-22 23:05 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-10-20 15:44 . 2005-09-22 23:05 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll

2008-10-20 15:44 . 2007-10-16 09:08 458,752 --a------ C:\WINDOWS\system32\Firebird2Control.cpl

2008-10-20 15:44 . 2007-10-16 09:07 442,368 --a------ C:\WINDOWS\system32\GDS32.DLL

2008-10-19 20:44 . 2008-10-19 20:44 <REP> d-------- C:\pilotes casio

2008-10-19 16:31 . 2008-10-19 16:31 <REP> d-------- C:\Program Files\JLIP VideoProducer2.0

2008-10-19 16:27 . 2008-10-19 16:27 <REP> d-------- C:\Program Files\JLIP VideoCapture3.1

2008-10-19 15:19 . 2008-10-19 15:19 <REP> d-------- C:\Program Files\UltraISO

2008-10-19 15:19 . 2008-10-19 15:19 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems

2008-10-19 07:38 . 2008-10-19 07:43 <REP> d-------- C:\Program Files\NeoSmart Technologies

2008-10-18 17:40 . 2008-10-18 17:40 <REP> d-------- C:\Program Files\Fichiers communs\Mediafour

2008-10-18 17:40 . 2008-10-18 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mediafour

2008-10-18 17:39 . 2008-10-18 17:39 <REP> d-------- C:\Program Files\Mediafour

2008-10-17 17:43 . 2008-10-17 17:43 <REP> d-------- C:\Documents and Settings\Mac OS x86\Application Data\Apple Computer

2008-10-17 17:34 . 2008-10-20 20:01 156 --a------ C:\WINDOWS\Twunk001.MTX

2008-10-17 17:34 . 2008-10-20 20:01 3 --a------ C:\WINDOWS\Twain001.Mtx

2008-10-17 17:34 . 2008-10-17 17:34 0 --a------ C:\WINDOWS\Twunk002.MTX

2008-10-17 17:12 . 2008-06-19 13:13 <REP> d--h----- C:\Documents and Settings\Mac OS x86\Voisinage réseau

2008-10-17 17:12 . 2008-06-19 13:13 <REP> d--h----- C:\Documents and Settings\Mac OS x86\Voisinage d'impression

2008-10-17 17:12 . 2008-06-19 11:25 <REP> d--h----- C:\Documents and Settings\Mac OS x86\Modèles

2008-10-17 17:12 . 2008-10-17 17:13 <REP> dr------- C:\Documents and Settings\Mac OS x86\Mes documents

2008-10-17 17:12 . 2008-06-19 13:13 <REP> dr------- C:\Documents and Settings\Mac OS x86\Menu Démarrer

2008-10-17 17:12 . 2008-10-17 17:12 <REP> dr------- C:\Documents and Settings\Mac OS x86\Favoris

2008-10-17 17:12 . 2008-10-17 17:16 <REP> d-------- C:\Documents and Settings\Mac OS x86\Bureau

2008-10-17 17:12 . 2008-10-17 17:12 <REP> d-------- C:\Documents and Settings\Mac OS x86

2008-10-17 17:12 . 2004-08-03 23:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-10-17 17:08 . 2008-06-19 13:13 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau

2008-10-17 17:08 . 2008-06-19 13:13 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau

2008-10-17 17:08 . 2008-06-19 13:13 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression

2008-10-17 17:08 . 2008-06-19 13:13 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression

2008-10-17 17:08 . 2008-06-19 11:25 <REP> d--h----- C:\Documents and Settings\Invité\Modèles

2008-10-17 17:08 . 2008-06-19 11:25 <REP> d--h----- C:\Documents and Settings\Invité\Modèles

2008-10-17 17:08 . 2008-10-17 17:08 <REP> dr------- C:\Documents and Settings\Invité\Mes documents

2008-10-17 17:08 . 2008-10-17 17:08 <REP> dr------- C:\Documents and Settings\Invité\Mes documents

2008-10-17 17:08 . 2008-06-19 13:13 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer

2008-10-17 17:08 . 2008-06-19 13:13 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer

2008-10-17 17:08 . 2008-10-17 17:08 <REP> dr------- C:\Documents and Settings\Invité\Favoris

2008-10-17 17:08 . 2008-10-17 17:08 <REP> dr------- C:\Documents and Settings\Invité\Favoris

2008-10-17 17:08 . 2008-10-17 17:09 <REP> d-------- C:\Documents and Settings\Invité\Bureau

2008-10-17 17:08 . 2008-10-17 17:09 <REP> d-------- C:\Documents and Settings\Invité\Bureau

2008-10-17 17:08 . 2008-10-17 17:08 <REP> d-------- C:\Documents and Settings\Invité

2008-10-13 13:03 . 2008-10-13 13:03 <REP> d-------- C:\Program Files\Free Create-Burn ISO Image

2008-10-13 13:03 . 2002-07-17 09:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-10-13 13:03 . 2002-07-17 07:53 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-10-10 21:25 . 2008-10-10 21:25 <REP> d-------- C:\Program Files\Microsoft Virtual PC

2008-10-09 18:53 . 2008-10-19 12:17 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\dvdcss

2008-10-09 17:44 . 2008-10-09 17:44 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Publish Providers

2008-10-09 17:44 . 2008-10-17 21:46 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Download Manager

2008-10-08 18:27 . 2008-10-09 17:44 <REP> d-------- C:\Program Files\NokiaFREE Unlock Codes Calculator

2008-10-08 18:25 . 2008-10-09 17:44 <REP> d-------- C:\Program Files\SmartDCT4Calc v1.1.7

2008-10-08 13:44 . 2008-10-08 13:44 <REP> d-------- C:\Program Files\VMware

2008-10-07 23:06 . 2008-10-12 18:44 <REP> d-------- C:\Program Files\Notepad++

2008-10-07 23:06 . 2008-10-12 18:44 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Notepad++

2008-10-07 20:37 . 2008-10-09 17:44 <REP> d-------- C:\Program Files\SHOUTcast

2008-10-07 18:09 . 2008-10-07 18:11 1,102 -rah----- C:\WINDOWS\EPMBatch.ept

2008-10-07 18:00 . 2008-10-09 17:55 11 --a------ C:\WINDOWS\epmbcd

2008-10-07 12:28 . 2008-10-07 12:28 <REP> d-------- C:\Program Files\Home Plan Software

2008-10-07 09:44 . 2008-10-07 09:45 72 --a------ C:\WINDOWS\PADzenogais[DX9].INI

2008-10-06 19:33 . 2008-10-06 19:33 <REP> d-------- C:\Program Files\Avira

2008-10-06 19:33 . 2008-10-06 19:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-10-06 17:47 . 2008-10-06 17:48 <REP> d-------- C:\Program Files\edcast

2008-10-06 12:52 . 2008-10-06 12:52 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\teamspeak2

2008-10-06 12:52 . 2008-10-06 12:52 34,064 --a------ C:\WINDOWS\system32\lhacm.acm

2008-10-05 22:25 . 2008-10-05 22:25 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Power Mixer

2008-10-05 20:59 . 2008-10-25 10:28 171 --a------ C:\WINDOWS\icecast2.ini

2008-10-05 18:09 . 2008-10-05 18:09 <REP> d-------- C:\Program Files\SafeSoft

2008-10-05 09:25 . 2008-10-05 09:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2008-10-05 08:48 . 2008-10-05 08:48 <REP> d-------- C:\Program Files\ThiWeb Live 2

2008-10-05 01:44 . 2008-10-05 01:44 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-10-05 01:44 . 2008-10-05 01:44 5,376,438 --a------ C:\RADIORIP_2008_5_oct.mp3

2008-10-05 01:42 . 2008-10-05 01:42 <REP> d-------- C:\Program Files\Apple Software Update

2008-10-05 01:42 . 2008-10-05 01:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-10-04 09:43 . 1996-11-06 11:04 302,592 --a------ C:\WINDOWS\unin040c.exe

2008-10-04 09:43 . 1996-11-05 15:13 299,008 --a------ C:\WINDOWS\uninst.exe

2008-09-30 16:03 . 2008-10-01 15:17 <REP> d-------- C:\Program Files\SMS Sender

2008-09-30 15:23 . 2008-09-30 15:23 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\AccurateRip

2008-09-28 21:43 . 2004-02-04 09:27 49,536 --a------ C:\WINDOWS\system32\drivers\tiehdusb.sys

2008-09-28 21:43 . 2004-01-28 14:03 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys

2008-09-28 21:42 . 2008-09-28 21:43 <REP> d-------- C:\Program Files\TI Education

2008-09-28 21:42 . 2008-09-28 21:42 <REP> d-------- C:\Program Files\Fichiers communs\TI Shared

2008-09-28 21:09 . 2008-09-28 21:09 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Media Player Classic

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-26 09:17 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\uTorrent

2008-10-25 18:52 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Skype

2008-10-25 17:27 --------- d-----w C:\Program Files\eMule

2008-10-25 17:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\skypePM

2008-10-22 16:15 --------- d-----w C:\Program Files\Bonjour

2008-10-19 19:21 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Juce VST Host

2008-10-19 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-14 17:53 2,594 ----a-w C:\Documents and Settings\Alexandre\Application Data\SAS7_000.DAT

2008-10-10 17:20 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-10-05 00:45 --------- d-----w C:\Program Files\QuickTime

2008-10-05 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-10-04 22:38 --------- d-----w C:\Program Files\SlySoft

2008-10-01 19:03 --------- d-----w C:\Program Files\BitBank

2008-10-01 15:16 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ahead

2008-09-28 20:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-09-25 21:26 --------- d-----w C:\Program Files\Vstplugins

2008-09-25 21:24 --------- d-----w C:\Program Files\Outsim

2008-09-25 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2008-09-25 17:57 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Nuance

2008-09-25 17:53 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared

2008-09-25 17:53 --------- d-----w C:\Program Files\Fichiers communs\Nuance

2008-09-25 17:53 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-09-25 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft

2008-09-25 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nuance

2008-09-24 18:12 --------- d-----w C:\Program Files\Image-Line

2008-09-22 17:44 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Elaborate Bytes

2008-09-22 17:37 --------- d-----w C:\Program Files\Elaborate Bytes

2008-09-21 20:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-21 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-21 20:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Malwarebytes

2008-09-21 10:01 --------- d-----w C:\Program Files\Fichiers communs\DirectX

2008-09-20 21:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\PngOptimizer

2008-09-20 20:24 --------- d-----w C:\Program Files\AviSynth 2.5

2008-09-20 12:15 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\SWiSHvideo

2008-09-18 17:17 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\HP

2008-09-18 17:15 --------- d-----w C:\Program Files\Fichiers communs\HP

2008-09-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP

2008-09-18 17:12 --------- d-----w C:\Program Files\HP

2008-09-18 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2008-09-18 17:07 --------- d---a-w C:\Program Files\HP PSE 9.0 SW

2008-09-17 18:23 --------- d-----w C:\Program Files\SuperCopier2

2008-09-17 18:23 --------- d-----w C:\Program Files\SuperCopier

2008-09-17 16:04 --------- d-----w C:\Program Files\Kwyshell

2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-12 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-09-11 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Antares

2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-09-09 11:48 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Sony

2008-09-09 11:47 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\NetMedia Providers

2008-09-09 11:27 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia

2008-09-09 11:27 --------- d-----w C:\Program Files\AVS4YOU

2008-09-09 10:33 --------- d-----w C:\Program Files\Zenote

2008-09-09 10:19 --------- d-----w C:\Program Files\Super DX-Ball

2008-09-08 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania

2008-09-06 21:30 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-09-06 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-09-06 14:41 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-09-06 14:41 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-09-06 13:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-09-06 13:08 --------- d-----w C:\Program Files\OpenAL

2008-09-06 12:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared

2008-09-06 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-09-06 12:47 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared

2008-09-05 22:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2008-09-05 22:06 --------- d-----w C:\Program Files\Logitech

2008-09-05 17:22 --------- d-----w C:\Program Files\MSN Messenger

2008-09-05 15:47 --------- d-----w C:\Program Files\webcamXP

2008-09-03 19:29 --------- d-----w C:\Program Files\Xvid

2008-09-03 12:10 --------- d-----w C:\Program Files\Sonic Foundry Setup

2008-09-02 16:49 --------- d-----w C:\Program Files\Magic Bullet Editors Vegas

2008-09-02 09:03 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\vlc

2008-09-02 07:46 --------- d-----w C:\Program Files\VideoLAN

2008-08-30 21:38 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM

2008-08-30 16:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools

2008-08-30 09:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM

2008-08-29 10:41 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\SlySoft

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-27 21:49 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-08-27 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony

2008-08-27 21:44 --------- d-----w C:\Program Files\Sony

2008-08-27 21:42 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Sony Corporation

2008-08-27 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-08-27 21:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AVS4YOU

2008-08-27 20:54 --------- d-----w C:\Program Files\Sony Setup

2008-08-27 12:46 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\uk.co.planetside

2008-08-27 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\SimCity Societies

2008-08-27 11:06 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-08-27 10:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire

2008-08-27 09:50 --------- d-----w C:\Program Files\Java

2008-08-27 09:48 --------- d-----w C:\Program Files\Fichiers communs\Java

2008-08-27 08:52 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-08-27 07:55 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe

2008-08-27 07:46 --------- d-----w C:\Program Files\illiminable

2008-08-27 07:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-26 20:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-08-26 15:27 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\ArcSoft

2008-08-26 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-08-26 15:21 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared

2008-08-20 05:37 663,552 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"\\ORDI_BAS\EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"DNS7reminder"="I:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"MacDrive application"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [2008-07-09 201304]

"Getting started with MacDrive"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-05-01 141312]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

 

C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\

Dragon NaturallySpeaking.lnk - I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2007-05-14 2524776]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-20 110592]

DynDNS Updater Tray Icon.lnk - C:\Program Files\DynDNS Updater\DynTray.exe [2008-04-23 65536]

Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2008-06-19 667648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

--a------ 2005-05-19 14:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]

--a------ 2007-12-25 22:25 937984 I:\Program Files\FileZilla Server\FileZilla Server Interface.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 20:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 15:15 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 15:15 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a------ 2005-06-08 13:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2005-06-08 14:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-06-08 14:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

--a------ 2005-07-19 16:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 14:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-12 14:23 21686568 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-10-25 08:03 210472 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\MSN BackUp\\MSNBackup.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"I:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=

"C:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=

"I:\\Program Files\\FileZilla\\FileZilla.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"I:\\Program Files\\VirtualDJ\\virtualdj.exe"=

"I:\\Program Files\\TmNationsForever\\TmForever.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"I:\\Program Files\\TrackMania Sunrise\\tmsunrise.exe"=

"C:\\Program Files\\webcamXP\\webcamXP.exe"=

"I:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"I:\\Program Files\\SpacialAudio\\SAMB_4\\SAMBC.exe"=

"C:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"=

"I:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"I:\\Program Files\\SpacialAudio\\SAMBC\\SAMReporter\\SAMReporter.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8000:TCP"= 8000:TCP:RADIO

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"47897:TCP"= 47897:TCP:utorent

 

R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2008-07-22 288768]

R0 MDPMGRNT;MacDrive partition driver;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]

R2 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-04-23 61440]

R2 MacDriveService;MacDrive service;C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [2008-05-02 150528]

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 1419968]

R3 es1969;Pilote audio ESS Solo (WDM);C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]

S1 hidfltr;HID Filter Driver;C:\WINDOWS\system32\drivers\MWhid.sys [2004-11-03 13332]

S3 PL-40R;CASIO USB MIDI;C:\WINDOWS\system32\Drivers\pl40rwdm.sys [2004-10-01 18048]

S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-08-13 379456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

*Newly Created Service* - PCANDIS5

.

Contenu du dossier 'Tâches planifiées'

 

2008-10-22 C:\WINDOWS\Tasks\shutdown.job

- C:\WINDOWS\system32\shutdown.exe [2004-08-03 23:55]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)

MSConfigStartUp-ares - C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\$C.exe

MSConfigStartUp-drvsyskit - C:\WINDOWS\system32\drivers\winfilse.exe

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\7umtsxnw.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-26 10:17:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\mc22.tmp"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

PROCESSUS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

I:\Program Files\FileZilla Server\FileZilla server.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wdfmgr.exe

.

**************************************************************************

.

Heure de fin: 2008-10-26 10:38:23 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-10-26 09:38:16

 

Avant-CF: 6 675 808 256 octets libres

Après-CF: 6,746,025,984 octets libres

 

365 --- E O F --- 2008-10-19 15:10:23

 

tout a l'aire de fonctionner je testerais le Mse plus tard poru voir si puis voila ^^ merci je fais comme dab "windows+R" > del cob fix (je me rapelle plus la commande :s )

Modifié le 26 octobre 2008 par Alex36

[Falkra]

Vérifie la présence de ce fichier stp :

C:\WINDOWS\system32\drivers\winfilse.exe

 

Tu auras sans doute besoin d'afficher les fichiers cachés et ceux du système :

http://www.libellules.ch/afficher_fichiers.php

 

Il ne doit plus être là, mais il faut vérifier.

 

Utilise MSConfig Cleanup Utility pour nettoyer les entrées désactivées de MSConfig.

 

Mets à jour MBAM et fais une recherche rapide stp, poste le rapport obtenu.

Ca doit être ok pour le mode sans échec.

[Alex36]

pas besoin de Ms config clean-up utility ! je 'ai plus dans la liste

 

le fichier n'est plus là

 

Windows 5.1.2600 Service Pack 2

 

27/10/2008 08:11:49

mbam-log-2008-10-27 (08-11-49).txt

 

Type de recherche: Examen rapide

Eléments examinés: 56054

Temps écoulé: 12 minute(s), 7 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Modifié le 27 octobre 2008 par Alex36

[Falkra]

Parfait.

 

Tu peux désinstaller combofix : entre combo-fix /u dans la boite exécuter du menu démarrer.

Après cela, efface ce dossier s'il existe encore.

C:\QooBox

 

Poste un nouveau rapport HijackThis stp (il faudra peut-être retélécharger HijackThis).

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

[Alex36]

Voilou !

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:42:07, on 27/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DynDNS Updater\DynUpSvc.exe

I:\Program Files\FileZilla Server\FileZilla Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\eMule\emule.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Alexandre\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [\\ORDI_BAS\EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P37 "\\ORDI_BAS\EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DNS7reminder] "I:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"

O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dragon NaturallySpeaking.lnk = I:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe

O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{746EA4C9-49E6-4241-8DDD-B0D05C379589}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - I:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 9021 bytes

[Falkra]

Le rapport est ok.

 

Est-ce qu'antivir fonctionne encore ? Bagle aime bien faire la peau aux antivirus.

 

Il y a plein de choses à faire pour sécuriser ta machine. On va s'occuper de ça.

[Alex36]

hum , je ne sais pas trop hier apres moultes redemarrages antivir demarrait , mais là ce matin g pas eu la petite icone du paraplui mais le "antivr guard" étéait actif et il a fait les MàJ

[Falkra]

Je te recommande un scan complet avec Antivir. Mets-le à jour d'abord (clic droit, start update sur l'icône près de l'horloge).

Une fois à jour, double-clique sur son icône près de l'horloge, cela ouvre l'interface principale, puis clique sur "Scan system now" à droite de "Last complete system scan".

 

/!\ Cela peut être long.

Tu peux sauvegarder le rapport en fin de parcours (bouton "Report").

 

Si Antivir détecte des fichiers infectés, mets en quarantaine (choisis "Move to quarantine" dans la liste des actions. Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

Cela permet de ne pas rester à la surveiller.